Using the James Webb Space Telescope, an international team of researchers has discovered chemical fingerprints from enormous primordial stars that were among the first to form after the Big Bang.
It also means carving out space for this work in how you prioritize. If strategic efforts like attack surface reduction are always competing against urgent patching, they will always lose. That might mean setting aside time each quarter to review and reduce exposure, or assigning clear ownership so someone is accountable for it — not just when a crisis hits, but routinely.
3. Continuous monitoring
Attack surface reduction isn’t a one-time exercise. Exposure changes constantly — a firewall rule gets edited, a new service gets deployed, a subdomain gets forgotten — and your team needs to detect those changes quickly.
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.
Described as “sophisticated,” the campaign mixes social engineering with advanced evasion techniques to steal sensitive information from compromised systems.
It is unclear how the attack begins, but researchers at Aryaka, a network and security solutions provider, suspect that the malware is distributed via spear-phishing emails.