UEFI Secure Boot: Not so secure
ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon
The evolving landscape of data privacy: Key trends to shape 2025
Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
The story of a signed UEFI application allowing a UEFI Secure Boot bypass
Evasive Panda APT group delivers malware via updates for popular Chinese software
ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity [#item_link]
Did you mistakenly sell your network access? – Week in security with Tony Anscombe
Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks The post Did you mistakenly sell your network access? – Week in security with Tony Anscombe appeared first on WeLiveSecurity [#item_link]
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack The post Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack appeared first on WeLiveSecurity [#item_link]
RSA Conference 2023 – How AI will infiltrate the world
As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications The post RSA Conference 2023 – How AI will infiltrate the world appeared first on WeLiveSecurity [#item_link]
What was hot at RSA Conference 2023? – Week in security with Tony Anscombe
The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated The post What was hot at RSA Conference 2023? – Week in security with Tony Anscombe appeared first on WeLiveSecurity [#item_link]
Mastodon fixes “confusing” sign-up process to attract users fleeing Twitter
Enlarge (credit: Thomas Trutschel / Contributor | Photothek) Since late 2022, Mastodon has increasingly become a popular alternative to Twitter for millions of users. This is partly because its CEO and founder, Eugen Rochko, has emphasized that the decentralized social network—which operates as a non-profit—will never be bought by a chaotic billionaire. However, some would-be