A newly studied ferroelectric crystal can tune and manipulate ultraviolet and blue light in ways that could transform integrated photonics.
Get the latest international news and world events from around the world.
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
It also means carving out space for this work in how you prioritize. If strategic efforts like attack surface reduction are always competing against urgent patching, they will always lose. That might mean setting aside time each quarter to review and reduce exposure, or assigning clear ownership so someone is accountable for it — not just when a crisis hits, but routinely.
3. Continuous monitoring
Attack surface reduction isn’t a one-time exercise. Exposure changes constantly — a firewall rule gets edited, a new service gets deployed, a subdomain gets forgotten — and your team needs to detect those changes quickly.
New ‘BlackSanta’ EDR killer spotted targeting HR departments
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.
Described as “sophisticated,” the campaign mixes social engineering with advanced evasion techniques to steal sensitive information from compromised systems.
It is unclear how the attack begins, but researchers at Aryaka, a network and security solutions provider, suspect that the malware is distributed via spear-phishing emails.
New BeatBanker Android malware poses as Starlink app to hijack devices
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store.
The malware combines banking trojan functions with Monero mining, and can steal credentials, as well as tamper with cryptocurrency transactions.
Kaspersky researchers discovered BeatBanker in campaigns targeting users in Brazil. They also found that the most recent version of the malware deploys the commodity Android remote access trojan called BTMOB RAT, instead of the banking module.
New ‘Zombie ZIP’ technique lets malware slip past security tools
A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products.
Trying to extract the files with standard utilities like WinRAR or 7-Zip results in errors or corrupted data. The technique works by manipulating ZIP headers to trick parsing engines into treating compressed data as uncompressed.
Instead of flagging the archive as potentially dangerous, security tools trust the header and scan the file as if it were a copy of the original in a ZIP container.