Amnesty International’s Security Labs reported March 29 that it found a mercenary spyware campaign exploiting a zero-day in Android devices.

In the enterprise security news, early stage startup funding stays constant, but late stage is nowhere to be found. Cisco, XM Cyber, and Mastercard make acquisitions. YouTube channels keep getting hacked. Microsoft fails to use Azure securely. Organizations are making progress on zero trust, but slowly. Finally, more discussion on AI threats, conce...

The FDA intends to start rejecting medical devices for cybersecurity reasons in October, but new submissions must include plans beginning March 29.

At least one entity was compromised through a critical pre-authentication YAML deserialization vulnerability in IBM Aspera Faspex file transfer service; a patch was issued in January.

In the Security News: Turning traffic lights green with the flipperzero (and a bunch of other hardware), suspending AV and EDR, Test signing mode, Linux control freaks, hacking the Apple Studio Disaply, Intel;s attack surface reduction claim, the truth about TikTok that everyone is missing, just stop developing AI, but only for 6 months, anyone can...

WooCommerce Payments runs on more than 220,000 websites, so security teams that use the platform need to patch immediately or risk unauthenticated administrative takeover of their websites.

CISA’s Untitled Goose Tool aims to support network defenders with finding and detecting malicious activity in Microsoft Azure, Active Directory, and Microsoft 365 environments.

New research reveals a potential post-exploitation attack method in Okta that enables adversaries to read users’ passwords in Okta audit logs.

This session will provide an overview of the history of host firmware, or BIOS, focusing on the arc of the Unified Extensible Firmware Interface. It will include the development of defenses like UEFI Secure Boot and the challenges in scaling assurance across a broad ecosystem. It will close on works-in-progress and opportunities to build upon the s...

In the Security News: Windows MSI tomfoolery, curl turns 8...point owe, who doesn't need a 7" laptop, glitching the ESP, your image really isn't redacted or cropped, brute forcing pins, SSRF and Lightsail, reversing D-Link firmware for the win, ICMP RCE OMG (but not really), update your Pixel and Samsung, hacking ATMs in 2023, breaking down Fortine...