Security Bulletin

My tool base64dump.py takes any input and searches for encoded data. By default, it searches for base64 encoding, but I implemented several encodings (like vaious hexadecimal formats):

If we really want to move the dial on security habits, it's time to think beyond phishing tests. Our panel of CISOs and other security heavy-hitters offer expert tips that go beyond the obvious.

Attackers compromised customer support files containing cookies and session tokens, which could result in malicious impersonation of valid Okta users.

Most companies offer some kind of awareness training these days. But how much of those lessons are employees actually retaining?

SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.

A patch for the max severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there's a new unpatched threat.

TechCrunch reports that Telegram has been discovered to continue exposing users' IP addresses to contacts during phone calls despite being touted as a secure and private messaging app.

Major U.S. healthcare solutions provider Henry Schein had its manufacturing and distribution divisions disrupted by a cyberattack on Oct. 14, SecurityWeek reports.

Japanese multinational electronics manufacturing firm Casio had data from its customers around the world compromised following unauthorized access to its ClassPad.net education web app's server, reports SiliconAngle.

KeePass is having its users targeted by a new malvertising campaign leveraging Google Ads to promote a fraudulent site for the open-source password manager, according to SiliconAngle.

Widely known security vulnerabilities have been increasingly targeted by ransomware strains based on the leaked toolkit of the LockBit ransomware operation, reports The Record, a news site by cybersecurity firm Recorded Future.

More stealthy attacks have been launched by the ALPHV/BlackCat ransomware operation with the use of the new Munchkin tool, which facilitates undetected encryptor deployment through virtual machines, BleepingComputer reports.