SEARCH
All Articles
Decipher Podcast: Rebekah Brown and John Scott-Railton on COLDRIVER and Russian Cyberespionage
Rebekah Brown and John Scott-Railton of the Citizen Lab join Dennis Fisher to dive into their group's new report on highly targeted spear phishing campaigns by the Russian threat actor COLDRIVER and then discuss the emergence of a new, possibly related group called COLDWASTREL.
Chainalysis: Ransomware Payment Sizes Spike in 2024
2024 is on track to be a record year for ransomware payment sizes - but the good news is overall, ransomware victims are paying ransoms less often.
APT42 Intensifies Phishing Campaigns Against U.S., Israeli Targets
In the past six months, the U.S. and Israel made up 60 percent of APT42’s known geographic targeting, according to new research.
Microsoft Fixes Six Actively Exploited Bugs
Overall, Microsoft fixed dozens of vulnerabilities in its August patch Tuesday updates.
Exploit Code Available For Critical Ivanti vTM Bug
Ivanti has fixed a critical-severity flaw in its Virtual Traffic Manager (vTM), which if exploited could enable attackers to bypass authentication and create a user with administrator privileges.
Humans Are Bad at Risk Assessment, and Other Stories
Risk management is not one of humanity's strong points, but we can learn some lessons from our own real life experiences to apply to our security careers.
FBI Disrupts Radar/Dispossessor Ransomware Group
The FBI has disrupted a ransomware operation called Radar/Dispossessor, which has targeted at least 43 companies by leveraging weak passwords with a lack of two-factor authentication.
What We Learned at Black Hat 2024
Dennis Fisher and Lindsey O'Donnell-Welch reflect on their week in Las Vegas at Black Hat and discuss the talks they liked, including Moxie Marlinspike's keynote and the Google Project Zero retrospective, and the other topics they found interesting, including vulnerability exploitation versus social engineering and the AI ecosystem.
Project Zero: ‘It Will Take All of Us to End The Era of Zero Days’
At Black Hat USA, Google Project Zero highlighted how far we’ve come in understanding zero days.
Software Has Eaten the World But There’s Still Hope
As software systems have become ever more complex, the opportunity for security researchers to show their value has grown, as well.
Black Hat Podcast: Josh Harguess and Chris Ward
Josh Harguess and Chris Ward, with Cranium AI, talk about the backstory of how MITRE Labs’ AI Red Team came to be.
Researchers Detail ‘Bucket Monopoly’ AWS Flaws
At Black Hat USA this week, researchers detailed now-fixed vulnerabilities across six AWS services.
The Growing Threat of Data Feudalism in AI Models
AI and machine learning security expert Gary McGraw joins Dennis Fisher to discuss the concept of data feudalism in LLM foundation models, what the security implications of it are, and whether narrowly focused models may help address these issues.
Chinese Threat Group Compromised ISP to Deliver Malware
Threat actors compromised an unnamed internet service provider in order to poison DNS responses and target macOS and Windows systems with malware.
Attackers Abuse Cloudflare Tunnels to Deliver Xworm Malware
The attack’s abuse of Cloudflare Tunnels is part of an overall increase in malware delivery via this vector, said researchers.