CyberSecurity Updates

25 Mar

Cloud workload security: Mind the gaps

Information

Business Security As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning Tomáš Foltýn 24 Mar 2026  •  , 4 min. read Complexity is said to be the enemy of many things, but when it comes to organizations and their IT systems and processes, complexity is arguably the worst enemy of cybersecurity. For many IT and security practitioners, this plays out daily as they scramble to manage what IBM…

Read More
23 Mar

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

Information, Insights

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP. In December 2025, the group began compromising…

Read More
23 Mar

Reflections from the Second NIST Cyber AI Profile Workshop

Insights

Thank you to everyone who participated in the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) Workshop in January! The input we received on the Preliminary Draft during this workshop has been invaluable and is informing the development of the next draft of the NIST Cyber AI Profile. We are working toward publishing a full workshop summary soon that captures themes and highlights from the event. In the interim, we would like to share…

Read More
23 Mar

Move fast and save things: A quick guide to recovering a hacked account

Information

Cybercriminals go after people’s personal information across every kind of online platform, including WhatsApp, Instagram, LinkedIn, Roblox, YouTube and Spotify, not to mention finance apps. No online account is off the table. If one of your own accounts falls victim, the first priority is to avoid losing your cool and act immediately – the faster you move, the more of the attacker’s work you can interrupt. The attacker’s first move after gaining access could be…

Read More
20 Mar

EDR killers explained: Beyond the drivers

Information

In recent years, EDR killers have become one of the most commonly seen tools in modern ransomware intrusions: an attacker acquires high privileges, deploys such a tool to disrupt protection, and only then launches the encryptor. Besides the dominating Bring Your Own Vulnerable Driver (BYOVD) technique, we also see attackers frequently abusing legitimate anti-rootkit utilities or using driverless approaches to block the communication of endpoint detection and response (EDR) software or suspend it in place.…

Read More
20 Mar

All aboard: the NIST Cybersecurity for IoT Program is headed to our next stop! Share your input on where we’re headed during our Future Directions Two-Day Workshop on March 31st.

Insights

Credit: NIST Workshop Details… We’re looking forward to hearing from the community during our “Future Directions” Workshop!  Date: March 31 – April 1, 2026Where: NIST’s Gaithersburg campus! Registration and Details: HERE Can’t make it? We still want to hear from you – email us at IoTSecurity [at] nist.gov (IoTSecurity[at]nist[dot]gov). All Aboard for Product Cybersecurity The NIST Cybersecurity for Internet of Things (IoT) Program was established to help real-world practitioners navigate the gray areas between IT and…

Read More
19 Mar

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

Information, Insights

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named Aisuru, Kimwolf, JackSkid and Mossad — are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline. Image: Shutterstock, @Elzicon. The Justice…

Read More
18 Mar

CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization

Attacks, Insights, Malware

CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.1 To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify…

Read More
15 Mar

Loblaw Data Breach Impacts Customer Information

Data Breaches, Information, News

Canadian retailer Loblaw has disclosed a data breach after threat actors gained access to customer information. Loblaw is one of Canada’s largest food and pharmacy retailers. It operates over 2,400 stores across Canada and owns brands such as Shoppers Drug Mart, No Frills, Real Canadian Superstore, and President’s Choice. In a brief data breach notice the company said it recently discovered that a “criminal third-party” accessed basic customer information such as names, email addresses, and…

Read More
14 Mar

Face value: What it takes to fool facial recognition

Information

ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he’ll demo it all at RSAC 2026 Tomáš Foltýn 13 Mar 2026  •  , 2 min. read Facial recognition is increasingly embedded in everything from airport boarding gates to bank onboarding flows. The widely-held assumption is that a face is hard to fake and that matching a live face to a trusted source is a reliable identity…

Read More