Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.
| | | LATEST SECURITY NEWS & COMMENTARY | | Exclusive: CISA Sounds the Alarm on UEFI Security Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says. World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns The attack surface of a live event like this summer’s World Cup in Australia and New Zealand rivals that of a large multinational enterprise, or even a small city. Piles of Unpatched IoT, OT Devices Attract ICS Cyberattacks Industrial devices are less likely to be patched due to expensive downtime, and threat actors have taken notice. Cult of the Dead Cow Hacktivists Give Life to 'Privacy-First' App Framework The well-known collective is taking on targeted advertising with the Veilid framework and says it wants to make the Internet accessible to everyone who fears being monetized. Russia's 'Midnight Blizzard' Hackers Launch Flurry of Microsoft Teams Attacks The Nobelium APT is launching highly targeted Teams-based phishing attacks on government and industrial targets using compromised Microsoft 365 tenants, with the aim of data theft and cyber espionage. As Artificial Intelligence Accelerates, Cybercrime Innovates Rare government, industry alignment on AI threats means we have an opportunity to make rapid strides to improve cybersecurity and slip the hold cybercriminals have on us. How to Create an Effective GRC Program: 3 Phases A crawl, walk, run approach allows organizations to establish a governance, risk, and compliance (GRC) program that grows and matures with the business. (Sponsored Article) Insider Risk Management Starts With SaaS Security SaaS security posture management helps mitigate common threats posed by malicious or negligent insiders. MORE NEWS / MORE COMMENTARY | | |
|
| | | FEATURED REPORTS | | How to Use Threat Intelligence to Mitigate Third-Party Risk The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... The Promise and Reality of Cloud Security Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... | | View More Dark Reading Reports >> |
|
|
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
