Microsoft issued an optional patch Tuesday as part of its monthly dump of fixes that addresses for the second time a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware. In all, the Redmond giant pushed out 38 security fixes in its May patch cycle, addressing three zero-day flaws – two of which are under…

Attackers on average have been enjoying slightly more than six days to exploit an unmitigated vulnerability before security teams resolve it, despite research continuing to demonstrate how hackers begin exploiting flaws within hours – or even minutes – of a new security alert being disclosed, researchers warned. That time lag between a new vulnerability coming…

Although only seeing tepid adoption to date, adaptive access and authentication is set to gain steam among businesses this year as organizations pursue zero-trust capabilities that grant and restrict access to data and systems based on context. In the latest sign of life in the evolving industry, startup company Oleria announced on March 21 that…

Although the decentralized identity market is still in its infancy, it has been gaining traction in recent years and has the potential to change existing identity, authentication, and access for the better. In 2022, the decentralized identity market was projected to reach $270 million. Through decentralization and blockchain technology, there are an increasing number of…

Headquartered in Monroe, Louisiana, Lumen offers an enterprise technology platform that combines networking, cloud, security, and collaboration services. In a Form 8-K filing with the US Securities and Exchange Commission (SEC) this week, the company revealed that intruders deployed malware on its systems in two separate incidents. The first of them was a ransomware attack…

As the market for cybersecurity insurance evolves and matures, insurance giant Lloyd’s of London is preparing to exclude most nation-state attacks from its coverage policies. In the wake of such changes, organizations are reassessing their cyber insurance strategies. While the Lloyd’s announcement does not explicitly exclude all nation-state or nation-inspired cyberattacks, it does solidify some…

Researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952, in Fortinet’s FortiNAC network access control solution. Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of…

The cybersecurity landscape for financial institutions and finance technology (fintech) has changed dramatically in the past few years, and 2023 will likely be no different. In 2022, for example, distributed denial-of-service (DDoS) attacks targeting financial firms increased by 22% worldwide, compared to the previous year, according to a joint report published by the Financial Services…