The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. … [Read more...] about 2025 State of SaaS Backup and Recovery Report
Security
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
Jan 23, 2025Ravie LakshmananFirmware Security / Vulnerability An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker … [Read more...] about Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
Researchers Explore Contrastive Learning for Malware Detection
CrowdStrike research shows that contrastive learning improves supervised machine learning results for PE (Portable Executable) malwareApplying self-supervised learning to PE files enhances the effectiveness of machine learning in cybersecurity, which is crucial to address the evolving threat landscapeCrowdStrike researchers engineered a novel loss function to optimize … [Read more...] about Researchers Explore Contrastive Learning for Malware Detection
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
Jan 22, 2025Ravie LakshmananCybersecurity / National Security The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS). "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national … [Read more...] about Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
Simplifying Zero Trust Security for the Modern Workplace
Organizations face an evolving array of cyber threats these days. As attackers have become more sophisticated, it is important to adopt a comprehensive security strategy that includes a layered approach and increased protection for the modern workplace. That includes the home office, branch, campus, coffee shop, or anywhere in between. Cisco’s Enhanced User Protection … [Read more...] about Simplifying Zero Trust Security for the Modern Workplace
Leveraging CrowdStrike Falcon Next-Gen SIEM Against Attacks Targeting Okta
Detecting MFA Fatigue The following rule looks for instances where multiple MFA push notifications are sent to a given user and identifies scenarios where multiple failed push notifications are sent and a successful push notification followed. Note that when a push notification is sent, it’s also transmitted to each registered device, which may result in a slightly skewed … [Read more...] about Leveraging CrowdStrike Falcon Next-Gen SIEM Against Attacks Targeting Okta
Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
Jan 21, 2025Ravie LakshmananBotnet / Vulnerability Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and … [Read more...] about Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Jan 20, 2025Ravie LakshmananNetwork Security / Vulnerability New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," … [Read more...] about Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025
Jan 19, 2025Ravie LakshmananSocial Media / Data Privacy Popular video-sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January 19, 2025. "We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the company said in a pop-up … [Read more...] about TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, … [Read more...] about U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon