Lifeboat News: The Blog – Safeguarding Humanity

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Posted by Saúl Morales Rodriguéz in governance, security | Leave a Comment on New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Mar 28
2025

Whether it’s CRMs, project management tools, payment processors, or lead management tools — your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more.

A new report, Understanding SaaS Security Risks: Why CASB Solutions Fail to Cover ‘Shadow’ SaaS and SaaS Governance, highlighting the pressing security challenges faced by enterprises using SaaS applications. The research underscores the growing inefficacy of traditional CASB solutions and introduces a revolutionary browser-based approach to SaaS security that ensures full visibility and real-time protection against threats.

Below, we bring the main highlights of the report. Read the full report here.

Read more | >

Top 3 MS Office Exploits Hackers Use in 2025 — Stay Alert!

Posted by Saúl Morales Rodriguéz in cybercrime/malcode | Leave a Comment on Top 3 MS Office Exploits Hackers Use in 2025 — Stay Alert!

Mar 28
2025

Phishing Office files and CVE-2017–11882 exploits still active in 2025, exposing unpatched systems to malware.

Read more | >

Hijacked Microsoft Stream classic domain “spams” SharePoint sites

Posted by Saúl Morales Rodriguéz in cybercrime/malcode | Leave a Comment on Hijacked Microsoft Stream classic domain “spams” SharePoint sites

Mar 28
2025

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam.

Microsoft Stream is an enterprise video streaming service that allows organizations to upload and share videos in Microsoft 365 apps, such as Teams and SharePoint.

Video content hosted on Microsoft Stream was accessed or embedded through a portal at microsoftstream.com.

Read more | >

Dozens of solar inverter flaws could be exploited to attack power grids

Posted by Saúl Morales Rodriguéz in security | Leave a Comment on Dozens of solar inverter flaws could be exploited to attack power grids

Mar 28
2025

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor’s cloud platform.

The potential impact of the security problems has been assessed as severe because they could be used in attacks that could at least influence grid stability, and affect user privacy.

In a grimmer scenario, the vulnerabilities could be exploited to disrupt or damage power grids by creating an imbalance between power generation and demand.

Read more | >

Mozilla warns Windows users of critical Firefox sandbox escape flaw

Posted by Saúl Morales Rodriguéz in internet, security | Leave a Comment on Mozilla warns Windows users of critical Firefox sandbox escape flaw

Mar 28
2025

Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser’s sandbox on Windows systems.

Tracked as CVE-2025–2857, this flaw is described as an “incorrect handle could lead to sandbox escapes” and was reported by Mozilla developer Andrew McCreight.

The vulnerability impacts the latest Firefox standard and extended support releases (ESR) designed for organizations that require extended support for mass deployments. Mozilla fixed the security flaw in Firefox 136.0.4 and Firefox ESR versions 115.21.1 and 128.8.1.

Read more | >

Oracle customers confirm data stolen in alleged cloud breach is valid

Posted by Saúl Morales Rodriguéz in encryption, government, security | Leave a Comment on Oracle customers confirm data stolen in alleged cloud breach is valid

Mar 28
2025

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Last week, a person named ‘rose87168’ claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The threat actor released multiple text files consisting of a database, LDAP data, and a list of 140,621 domains for companies and government agencies that were allegedly impacted by the breach. It should be noted that some of the company domains look like tests, and there are multiple domains per company.

Read more | >

A doctor who studies super-agers shares 4 secrets she’s learned about life and longevity

Posted by Paul Battista in life extension | Leave a Comment on A doctor who studies super-agers shares 4 secrets she’s learned about life and longevity

Mar 28
2025

A doctor who studies more than 10,000 centenarians is learning new insights that may help to slow aging in everybody.

Read more | >

A Simple Way to Control Superconductivity

Posted by Paul Battista in futurism | Leave a Comment on A Simple Way to Control Superconductivity

Mar 28
2025

Scientists at RIKEN CEMS have discovered that twisting atomically thin layers in a device can precisely control superconductivity.

Read more | >

Who’s to blame when AI makes a medical error?

Posted by Shubham Ghosh Roy in biotech/medical, business, health, robotics/AI | Leave a Comment on Who’s to blame when AI makes a medical error?

Mar 27
2025

Assistive artificial intelligence technologies hold significant promise for transforming health care by aiding physicians in diagnosing, managing, and treating patients. However, the current trend of assistive AI implementation could actually worsen challenges related to error prevention and physician burnout, according to a new brief published in JAMA Health Forum.

The brief, written by researchers from the Johns Hopkins Carey Business School, Johns Hopkins Medicine, and the University of Texas at Austin McCombs School of Business, explains that there is an increasing expectation of physicians to rely on AI to minimize medical errors. However, proper laws and regulations are not yet in place to support physicians as they make AI-guided decisions, despite the fierce adoption of these technologies among health care organizations.

The researchers predict that medical liability will depend on whom society considers at fault when the technology fails or makes a mistake, subjecting physicians to an unrealistic expectation of knowing when to override or trust AI. The authors warn that such an expectation could increase the risk of burnout and even errors among physicians.

Read more | >

This Hidden Cell Response Could Be the Key to Beating Cancer and Brain Disease

Posted by Dan Kummer in biotech/medical, neuroscience | Leave a Comment on This Hidden Cell Response Could Be the Key to Beating Cancer and Brain Disease

Mar 27
2025

Cells don’t just follow a rigid script when responding to stress – they’re far more adaptable than we thought. A new study reveals that this stress response can be fine-tuned depending on the type and intensity of the threat. This discovery, called the “split-integrated stress response,” could re

Read more | >