Week in review: LastPass breach, GCP data exfiltration, UEFI bootkit
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Cloud Platform allows data exfiltration without a (forensic) trace …
New infosec products of the week: March 3, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Fastly, Forescout, ManageEngine, and Veeam Software. Forescout XDR enables …
Vulnerabilities of years past haunt organizations, aid attackers
Known vulnerabilities – those for which patches have already been made available – are the primary vehicle for cyberattacks, according to Tenable. The Tenable report …
Attackers are developing and deploying exploits faster than ever
While there was a reduction in the widespread exploitation of new vulnerabilities in 2022, the risk remains significant as broad and opportunistic attacks continue to pose a …
ML practitioners push for mandatory AI Bill of Rights
The AI Bill of Rights, bias, and operational challenges amid tightening budgets are pressing issues affecting the adoption of ML as well as project and initiative success, …
Attackers increasingly using transfer.sh to host malicious code
For many years now, unsecured internet-facing Redis servers have been steadily getting co-opted by criminals to mine cryptocurrency, so the latest cryptojacking campaign …
US government puts cybersecurity at forefront with newly announced National Strategy
The National Cybersecurity Strategy was unveiled today by the Biden-Harris Administration. The Strategy recognizes that government must use all tools of national power in a …
BlackLotus UEFI bootkit disables Windows security mechanisms
ESET researchers have published the first analysis of a UEFI bootkit capable of circumventing UEFI Secure Boot, a critical platform security feature. The functionality of the …
Moving target defense must keep cyber attackers guessing
A cybersecurity technique that shuffles network addresses like a blackjack dealer shuffles playing cards could effectively befuddle hackers gambling for control of a military …
Don’t be fooled by a pretty icon, malicious apps hide in plain sight
Apps, whether for communication, productivity or gaming, are one of the biggest threats to mobile security, according to McAfee. The end of 2022 saw the release of some …
Cyber resilience in focus: EU act to set strict standards
With the EU Cyber Resilience Act (CRA), the industry is dealing with one of the strictest regulatory requirements. Manufacturers, importers and even distributors of products …
Google Cloud Platform allows data exfiltration without a (forensic) trace
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s …
Featured news
Resources
Don't miss
- Black Friday 2025 cybersecurity deals to explore
- Quantum encryption is pushing satellite hardware to its limits
- cnspec: Open-source, cloud-native security and policy project
- The privacy tension driving the medical data shift nobody wants to talk about
- Salesforce Gainsight compromise: Early findings and customer guidance