Security news that informs and inspires

All Articles

2376 articles:

Rather Than Measuring Risk, Fix an Interesting Problem

Measuring risk is a notoriously hard task, so Andy Ellis suggests teams focus on fixing the problems in fornt of them instead of trying to measure what could happen.

Risk Management

RSA Conference 2024: What We Wish People Were Talking About

It's hard to separate the signal from the noise at the RSA Conference, so we asked a group of experts which topics they wish people were discussing more, including security metrics, applying engineering concepts to security, and more.

RSA Conference

F5 Fixes Critical RCE Bugs in BIG-IP Next Central Manager

F5 has patched two vulnerabilities (CVE-2024-26026 and CVE-2024-21793) in its BIG-IP Next Central Manager console that can grant full admin control of the target application.

F5

How CISA is Preparing For the Influx of CIRCIA Reports

CIRCIA will mark a fundamental shift for CISA in the scale and scope of reported incidents that it receives from critical infrastructure entities.

CISA, RSA Conference

‘Zero Day Piled on Zero Day’

Edge devices have become the go-to targets for cybercriminals and state actors, and experts say that will continue for the foreseeable future.

Government, RSA Conference

Krebs: ‘Business Risk and Geopolitical Risk Are Intertwined’

CISA's former and current directors talked at the RSA Conference this week about challenges around inherently insecure technology and an explosion of threat actors.

RSA Conference

To Fix IoT Security, ‘We Need to Aim at the Security Have-Nots’

The IoT security landscape is grim, but private sector and government experts are trying to improve things through advocacy and collaboration.

RSA Conference

Decipher Podcast: Kelly Shortridge at RSA Conference

At RSA Conference 2024, Kelly Shortridge, senior director of portfolio product management at Fastly, talks about the first steps organizations can take toward adopting a Secure by Design mindset and how businesses can approach the challenge of sustaining resilience in complex systems.

Podcast, RSA Conference

Proposed Bill Focuses on Voluntary AI Security Incident Reporting

A newly proposed bill aims to set up databases and processes for voluntary sharing of security incidents related to, and vulnerabilities in, AI systems.

AI

Attacker Accessed Dropbox Sign User Authentication Data in Recent Intrusion

An unknown attacker compromised a customer database for Dropbox Sign and accessed authentication information such as OAuth tokens and MFA data.

Data Breach

RSA Conference 2024 Preview: The Sessions to See This Year

In this special episode, Dennis Fisher and Lindsey O'Donnell-Welch are joined by Brian Donohue of Red Canary to preview the RSA conference talks they're excited about and to try to make sense of some of the session titles that are maybe a little indecipherable.

RSA, Video

Senators Reprimand UnitedHealth CEO in Ransomware Hearing

UnitedHealth CEO Andrew Witty faced criticism over the handling of the Change Healthcare ransomware attack in two different government hearings on Wednesday.

Ransomware

‘Uncharted Territory:’ Companies Devise AI Security Policies

Businesses have been preparing security policies for generative AI in the workplace, but many executives say that they still don’t fully understand the security implications of AI.

AI

Verizon DBIR: Enterprises Know the Pain of Zero Day Exploits All Too Well

The Verizon 2024 Data Breach Investigations Report shows a 180 percent increase in the use of vulnerability exploits in breaches from last year, thanks to MOVEit Transfer and other bugs.

Data Breach

Memory Safe: Dennis Fisher

In a special bonus Memory Safe episode, Dennis Fisher, Decipher’s editor in chief, talks about his decades of experience writing about cybersecurity news, the article he authored that inspired him to get into the industry (hint: it involved phishing) and how the cybersecurity news world has changed over the years.

Memory Safe