Researchers revealed late on Thursday that the mitigations and patches rolled out in 2018 for the Foreshadow vulnerabilities affecting Intel processors can fail to prevent attacks.Foreshadow, also known as L1 Terminal Fault (L1TF), is the name assigned to three speculative execution flaws reported to Intel shortly after the disclosure in January 2018 of the

As employees increasingly work remotely, it is more important than ever to maintain visibility and threat detection in a remote working world. We have seen a significant increase in state-sponsored attacks and malicious phishing campaigns, and this trend is expected to continue. This period of remote work is a good time for enterprise to make sure endpoint

A researcher found a way to deliver malware to macOS systems using a Microsoft Office document containing macro code. The victim simply has to open the document and no alerts are displayed.Macros enable Office users to automate frequent tasks using VBA code. A macro added to an Office document can be triggered when the file is opened, a feature that cybercri

Google Project Zero last week released a report on the vulnerabilities exploited in attacks in 2019, and its researchers have drawn some interesting conclusions regarding the detection of zero-days.Google Project Zero has been tracking vulnerabilities exploited in the wild since 2014 and last year it made available a spreadsheet showing the flaws it has trac

It appears that the patches released for Linux distributions in response to the GRUB2 bootloader vulnerability are causing problems for many users, making their systems unbootable.The flaw, tracked as BootHole and CVE-2020-10713, impacts PCs, servers and other devices running Linux and Windows if they use Secure Boot. An attacker with admin privileges on the

Microsoft on Monday unveiled Project Freta, a free service that allows users to find rootkits and other sophisticated malware in operating system memory snapshots.Freta is the name of the street in Warsaw, Poland, where renowned scientist Marie Curie was born. The project’s name is related to Marie Curie inventing a mobile x-ray device that could be taken to

Driver vulnerabilities can facilitate attacks on ATMs, point-of-sale (PoS) systems and other devices, firmware security company Eclypsium warned on Monday.Eclypsium last year analyzed device drivers from major vendors and found that over 40 drivers made by 20 companies contained serious vulnerabilities that could be exploited to deploy persistent malware.The

Tanium and Salesforce have come together in a strategic relationship to help solve one of today's most compelling and urgent problems: how does security manage a workforce that has migrated from in-house company desktops to remote personal devices. It is a problem that will not go away with the end of the COVID-19 pandemic.The new relationship involves a new

Microsoft this week announced the public preview availability of the Android version of its Defender Advanced Threat Protection (ATP) software and the general availability of the Linux variant.Microsoft introduced Defender ATP in Windows 10 in 2016, but has since expanded its reach to other Windows versions, as well as to macOS and Linux, and now mobile devi

Microsoft this week announced that Safe Documents, a feature meant to boost the protection of Microsoft 365 users when opening unsafe documents, is generally available.Initially introduced in November, Safe Documents brings Office ATP capabilities to the desktop and provides users with increased protection compared to Protected View, which was first announce

Micro-segmentation combined with zero-trust access control between the segments is recommended as one of the best approaches to breach containment. This principle is now extended from the network infrastructure to the endpoint, whether that device is local in the office, portable, or remote at home.Segmentation does not prevent compromise, but it contains it

Microsoft has extended the protection capabilities of Microsoft Defender Advanced Threat Protection (ATP) with the addition of a Unified Extensible Firmware Interface (UEFI) scanner.With hardware and firmware-level attacks increasing in frequency over the past several years, Microsoft has decided to expand its security solution’s capabilities to ensure it ca

Adobe this week announced that it has introduced a protected mode in Adobe Acrobat DC for Windows.The feature is available only in preview at the moment, and only for Windows users running Adobe Acrobat DC 20.009.20063.381938 or higher on their machines.Protected Mode, which was introduced in Acrobat Reader ten years ago, is designed to help keep users safe

BlackBerry announced on Wednesday that the latest release of its Optics endpoint security product now includes a feature designed to protect Intel-based PCs against cryptomining malware.Many cybercriminals try to make a profit by installing cryptocurrency mining malware on compromised systems. These cryptojacking attacks often target enterprise networks as i

Intel on Monday unveiled a new security technology for its processors that will help protect systems against attack methods commonly used by malware.The new Control-Flow Enforcement Technology (CET), which is built into the hardware microarchitecture, will initially be available in the upcoming Tiger Lake mobile processors, but the tech giant plans on includ