-
LogoFAIL attack can inject malware in the firmware of many computers
Researchers have devised an attack that exploits serious vulnerabilities in UEFI firmware used by many computer manufacturers to deploy stealthy rootkits that execute in the early stages of the boot-up process beyond the visibility of endpoint security products. The attack involves planting maliciously crafted images in a special partition on the drive or in non-protected…
-
Google expands minimum security guidelines for third-party vendors
Google has upgraded its recommended minimum requirements for securing third-party applications, offering more guidance on managing external bug researchers and lowering the costs for accessing basic security features by baking them into applications by design. Google launched its Minimum Viable Secure Product (MVSP) program in 2021 to identify fundamental application security controls that should be…
-
New Microsoft Purview features use AI to help secure and govern all your data
In the past few years, we have witnessed how digital and cloud transformation has accelerated the growth of data. With more and more customers moving to the cloud, and with the rise of hybrid work, data usage has moved beyond the traditional borders of business. Data is now stored in multiple cloud environments, devices, and…
-
Star Blizzard increases sophistication and evasion in ongoing attacks
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard (formerly SEABORGIUM, also known as COLDRIVER and Callisto Group). Star Blizzard has improved their detection evasion capabilities since 2022 while remaining focused on email credential theft against the same targets. Star Blizzard, whose activities…
-
ML Ops Platform at Cloudflare
We’ve been relying on ML and AI for our core services like Web Application Firewall (WAF) since the early days of Cloudflare. Through this journey, we’ve learned many lessons about running AI deployments at scale, and all the tooling and processes necessary. We recently launched Workers AI to help abstract a lot of that away…
-
Microsoft Security Copilot drives new product integrations at Microsoft Ignite to empower security and IT teams
First announced in March 2023, Microsoft Security Copilot—Microsoft’s first generative AI security product—has sparked major interest. The widespread enthusiasm was on full display after announcing our Early Access Program in October 2023 and sharing our incredible Security Copilot innovations at Microsoft Ignite in November 2023. With the rapid innovations of Security Copilot, we have taken…
-
Attackers breach US government agencies through ColdFusion flaw
In a new advisory that shows why it’s critical to keep Adobe ColdFusion deployments up to date, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that two federal agencies were breached by attackers in June through an unpatched vulnerability in the application server software. The attackers used their access to deploy web shells and…
-
BSIMM 14 finds rapid growth in automated security technology
Corporations are rapidly adopting automated security technology, which is further enabling the “shift everywhere” security philosophy, according to the latest Building Security in Maturity Model (BSIMM) report released Tuesday by Synopsis. BSIMM, now in its fourteenth year, is managed by Synopsis and based on interviews during a BSIMM assessment of 130 member companies, including Bank…
-
ICANN Launches Service to Help With WHOIS Lookups
More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars. In May 2018, the Internet Corporation…
-
How we used OpenBMC to support AI inference on GPUs around the world
Cloudflare recently announced Workers AI, giving developers the ability to run serverless GPU-powered AI inference on Cloudflare’s global network. One key area of focus in enabling this across our network was updating our Baseboard Management Controllers (BMCs). The BMC is an embedded microprocessor that sits on most servers and is responsible for remote power management,…
-
Almost 50% organizations plan to reduce cybersecurity headcounts: Survey
Even as the number of security incidents continues to grow in all sectors, 47% of the respondents plan to reduce their security headcounts, a new report by Observe has revealed. Remarkably, 62% of these organizations also reported a higher number of security incidents per month. The organizations planning to reduce cybersecurity headcount are also planning…
-
20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities
For two decades we have been patching our Windows machines every second Tuesday of the month, devoting time and resources to testing and reviewing updates that are not generally rolled out until they have been validated and it is confirmed that they will do no damage. This may be a reasonable approach for key equipment…
Search the website
Popular Categories
- Architect Security (5)
- cloudflare (86)
- CSO Online (348)
- Google (25)
- How to's (1)
- It Security Guru (184)
- jsplaces (12)
- Krebs On Security (31)
- Last Watchdog (5)
- Microsoft (47)
- Security Affairs (76)
Useful Links
Links I found useful and wanted to share.