Researchers believe that the new malware, likely created by IcedID developers, will become increasingly used by threat actors across the landscape.
Law enforcement efforts to sow distrust and hit LockBit’s brand have had arguably the biggest impact on undermining the ransomware-as-a-service model behind the group.
The Cyber Safety Review Board cited a string of internal failures in Microsoft's security culture as contributing factors for the 2023 compromise of more than 20 customers' cloud email inboxes by a Chinese threat group.
Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in the future. Then they discuss the problems facing NIST's National Vulnerability Database and the CVE ecosystem.
Rick Gordon of Tidal Cyber joins Dennis Fisher to discuss his path from the US Naval Academy to submarine officer to Wall Street and finally to the cybersecurity industry, where he's worked for the last 25 years. Dennis and Rick also talk about the importance of the community aspect of cybersecurity and why it's vital to the collective defense.
The person or people that implanted malicious code into XZ Utils put time and effort into building trust in the open source software ecosystem.
CISA has laid out the proposed details of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
The malicious code (which is being tracked as CVE-2024-3094) is embedded in XZ Utils versions 5.6.0 and 5.6.1, and may allow unauthorized access to impacted systems.
The U.S. government is looking for more information about the individuals affiliated with the BlackCat ransomware group, which was behind the Change Healthcare attack.
Cisco's 2024 Cybersecurity Readiness Index showed that 36 percent of respondents ranked identity protection as a major challenge.
A new report by the Treasury Department looks at both the challenges and the opportunities when it comes to AI and cybersecurity in the financial sector.
Google reported that 97 flaws were exploited in the wild in 2023, up 50 percent from the number of zero-day attacks recorded in 2022.
Jack Cable, senior technical advisor at the Cybersecurity and Infrastructure Security Agency (CISA), talks about his past experiences with bug bounty programs, CISA’s Secure By Design initiative and its efforts to help secure the open-source software ecosystem.
Fortinet earlier this month disclosed and issued a patch for the flaw (CVE-2023-48788), which exists in FortiClientEMS, its central management solution for endpoints.