Full episode and show notes

UEFI Vulnerabilities Galore – PSW #878

This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn’t make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor naming conventions I have the phone number linked to your Google account Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us) retiring floppy disks fault injection for the masses there is no defender AI blackmails

Full Segment Notes

This week:

  • You got a Bad box, again
  • Cameras are expose to the Internet
  • EU and connected devices
  • Hydrophobia
  • NVRAM variables
  • Have you heard about IGEL Linux?
  • SSH and more NVRAM
  • AI skeptics are nuts, and AI doesn't make you more efficient
  • Trump Cybersecurity orders
  • I think I can root my Pixel 6
  • Decentralized Wordpres plugin manager
  • Threat actor naming conventions
  • I have the phone number linked to your Google account
  • Fortinet flaws exploited in ransomeware attacks (and how lack of information sharing is killing us)
  • retiring floppy disks
  • fault injection for the masses
  • there is no defender
  • AI blackmails
Announcements

  • Cyber threats move fast — are your credentials already out there? Join Channel E2E and Flare for Tales from the Dark Web, a live webcast revealing how infostealer malware and account takeovers happen — and how to stop them. See real-time demos, learn proactive defense strategies, and discover how Flare’s identity intelligence can keep your data safe. June 12 at 2 PM Eastern — register now at https://securityweekly.com/darkweb!

List of Articles

Paul Asadoorian

  1. Undocumented Root Shell Access on SIMCom Modem
  2. Getting started with Wirego – Quarkslab’s blog
  3. New Mirai botnet campaign targets DVR devices
  4. SentinelOne shares new details on China-linked breach attempt
  5. Root Shell on Credit Card Terminal
  6. SonicDoor – Cracking SonicWall’s SMA 500 – SCRT Team Blog
  7. Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities
  8. CVE-2025-23009 & CVE-2025-23010: Elevating Privileges with SonicWall NetExtender
  9. Security Advisory: Remote Command Execution on Netcomm NTC 6200 and NWL 222
  10. Vanta bug exposed customers’ data to other customers
  11. Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598
  12. BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes
    • Yes, we've talked about this before, and yes, malware makes its way into cheap Android devices still to this day.
    • The attackers have been somewhat identified, tracing back to several different groups, making it difficult to take down this botnet.
    • The difficulties include new devices constantly shipping with new malware; it's just a constant onslaught of bad behavior, primarily to make money on ads.
    • I predicted this as far back as 2014: https://www.slideshare.net/slideshow/the-internet-of-insecure-things-10-most-wanted-list-40276892/40276892
  13. 40,000 cameras expose feeds to datacenters, health clinics

    Do you agree with the analysis?

    • US Most Affected: About 14,000 of the exposed cameras are in the US, including critical infrastructure.
    • Espionage and Crime Risks: The Department of Homeland Security has warned these feeds could be exploited for espionage (notably by Chinese actors), mapping security blind spots, stealing trade secrets, or aiding criminals in robberies and stalking.
    • Ease of Access: Many cameras require little to no hacking—sometimes just a web browser and the correct URL.
    • Types of Cameras: Most exposed cameras use HTTP (78.5%), while the rest use RTSP, which is more common in commercial surveillance.
    • Criminal Underground: There is evidence that cybercriminals are actively sharing access to these feeds on forums, sometimes for extortion or stalking.
    • National Security Concern: The DHS is especially worried about Chinese-made cameras in critical sectors like energy and chemicals, as they often lack proper security controls.
  14. New EU cybersecurity requirements for connected devices take effect August 2025

    What's missing? Is this a good list?

    Devices must include: * Secure boot * Encrypted communications * Privacy-by-design * Tamper resistance * Secure update mechanisms * Comprehensive compliance documentation (including threat modeling and risk analysis)

    For me, there is no mention of vulnerabilities or visibilty for detection and prevention. Though the EU CRA may cover this.

  15. Hydroph0bia (CVE-2025-4275) – a trivial SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O, part 1

    Specifically, attackers can create non-volatile variables (SecureFlashSetupMode and SecureFlashCertData) that the firmware mistakenly trusts, enabling it to accept any external application or firmware update capsule signed by an arbitrary certificate.

    • The attack exploits how Insyde H2O firmware handles SecureBoot and firmware updates.
    • The firmware uses NVRAM variables to pass certificates for update verification, but fails to distinguish between volatile and non-volatile variables.
    • By setting these variables directly (using a simple Windows tool), an attacker can trick the firmware into trusting malicious updates or UEFI drivers, thus bypassing both SecureBoot and Insyde’s own signature checks.

    Impact: * An attacker with local privilege escalation (LPE) can gain early code execution during the boot process, undermining system security. * This could lead to persistent malware, rootkits, or full system compromise.

  16. [BRLY-2025-001] UEFI Secure Boot bypass

    A critical vulnerability was found in a UEFI application (Dtbios-efi64-71.22.efi) signed with the widely trusted 'Microsoft Corporation UEFI CA 2011' certificate. This module can be found on many devices, as this certificate is also used for essential UEFI components like the Linux shim.

    Vulnerability Details:

    • The flaw allows an attacker with privileged OS access (such as root) to exploit a function that performs arbitrary memory writes based on attacker-controlled NVRAM variables. By manipulating the "IhisiParamBuffer" NVRAM variable, an attacker can overwrite critical memory addresses.
    • The most impactful exploitation involves zeroing out the gSecurity2 global variable, which disables Secure Boot's enforcement mechanism, allowing untrusted UEFI code to run during the boot process.

    Impact:

    • Attackers can bypass Secure Boot protections, load malicious UEFI bootkits, compromise the operating system before it loads, gain elevated privileges, and evade traditional security mechanisms.
    • No physical access or user interaction is required—only privileged OS access.
  17. Zedeldi/CVE-2025-47827: PoC and vulnerability report for CVE-2025-47827.

    A critical Secure Boot bypass exists in IGEL OS 10 (and earlier versions) due to improper cryptographic signature verification in the igel-flash-driver Linux kernel module. This allows an attacker to boot a malicious or modified root filesystem from an unverified SquashFS image, effectively rendering Secure Boot protections useless.

    How the Exploit Works:

    • The attacker leverages the chain of trust:
    • The system boots a Microsoft-signed Shim (trusted by Secure Boot by default).
    • Shim loads GRUB and a vulnerable IGEL-signed kernel.
    • The vulnerable kernel allows mounting and running an unverified root filesystem.
    • The attacker can use the kexec_load syscall to replace the running kernel with an entirely untrusted one, bypassing all Secure Boot protections.
  18. Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.
    • "Although the module was intended to run on DT Research devices only, most machines running either Windows or Linux will execute it during the boot-up process. That's because the module is authenticated by "Microsoft Corporation UEFI CA 2011," a cryptographic certificate that’s signed by Microsoft and comes preinstalled on affected machines. The purpose of the certificate is to authenticate so-called shims for loading Linux. Manufacturers install it on their devices to ensure they’re compatible with Linux. The patch Microsoft released Tuesday adds cryptographic hashes for 14 separate variants of the DT Research tool to a block list stored in the DBX, a database listing signed modules that have been revoked or are otherwise untrusted."
    • "Attackers with even brief physical access to a device can boot it up in IGEL and then modify the boot loader to install malware. Didcott said he reported the vulnerability to Microsoft and has received no indication the company has plans to revoke the signature. Microsoft didn't respond to emails seeking confirmation and the reason for its decision."
  19. AyySSHush: Tradecraft of an emergent ASUS botnet – GreyNoise Labs
    • Attackers use brute-force attacks and exploit old authentication bypass bugs (e.g., in login.cgi) to gain admin access.
    • With admin access, attackers exploit a command injection vulnerability (CVE-2023-39780) via HTTP POST requests to /startapply.htm, targeting the AiProtectionHomeProtection.asp page.
    • The payload creates an empty file at /tmp/BWSQL_LOG, which enables a TrendMicro logging feature that is itself vulnerable.
    • Attackers use official ASUS router features to enable SSH on a high port (TCP/53282)and add their own public SSH key to the router’s keyring, granting exclusive remote access.
    • Because this is done via official settings, the backdoor survives firmware upgrades.

    Note: I believe a factory reset, which should restore NVRAM to its factory default settings, will aid in recovery. I have not tested this, but its possible that upgrading the firmware and then restoring factory defaults may help clean things up. Then remove the offending SSH key if it still persists.

  20. My AI Skeptic Friends Are All Nuts

    Summary: "The author, a veteran software developer, argues passionately that skepticism about AI—specifically large language models (LLMs) in software development—is misplaced. While acknowledging that some tech executives are pushing LLM adoption too aggressively, he believes LLMs are already transformative for coding, automating tedious tasks, and raising the baseline quality of code."

  21. AI doesn’t make you more efficient

    Summary: "After a year of working with large language models (LLMs) and building agentic workflows, the author argues that LLMs are not primarily making individuals more efficient. Instead, they act as force multipliers—enabling organizations to scale tasks and parallelize work, but not necessarily speeding up individual workflows."

  22. Trump Cybersecurity Order Reverses Biden, Obama Priorities

    This was interesting to figure out:

    • Trump’s New Order: President Donald Trump signed an executive order that reverses key parts of a late-term Biden cybersecurity order.
    • Digital IDs: The Trump order eliminates a requirement for federal agencies to develop and use digital IDs (like mobile driver’s licenses) to combat fraud in public benefit programs.
    • Trump’s Reasoning: The administration claims digital IDs would make it easier for undocumented immigrants to commit welfare fraud.
    • Expert Pushback: Cybersecurity experts argue that digital IDs are crucial for preventing large-scale fraud by criminal organizations and nation-state actors, not immigrants.
    • Fact Check: The Biden order did not mandate digital IDs for undocumented immigrants, contrary to Trump’s justification.

    This one is going in the wrong direction:

    • Secure Software Mandates: The Trump order also removes requirements for software vendors selling to the government to follow strict secure development practices and provide proof to CISA (Cybersecurity and Infrastructure Security Agency).
    • Now Voluntary: Secure-by-design practices are now voluntary, with NIST tasked to provide guidance instead of mandates.
    • Industry Concerns: Experts warn that making these practices optional weakens federal cybersecurity and benefits hackers and fraudsters.
  23. Solo: A Pixel 6 Pro Story (When one bug is all you need)
    • Main Finding: The Pixel 6 Pro can be compromised using just one vulnerability (CVE-2023-48409), challenging the previous belief that two bugs were needed.
    • Broader Lesson: Even with modern mitigations, complex drivers can harbor subtle but critical vulnerabilities.
    • Android’s Security: The platform’s unique security layers both help and hinder exploitation, but determined attackers can still find a path.
    • The blog demonstrates a real-world, single-bug privilege escalation on the Pixel 6 Pro via a Mali GPU vulnerability, highlighting both the strengths and weaknesses of Android’s security model and the importance of thorough kernel driver auditing.
  24. ChatGPT used to disable SecureBoot in locked-down device – modded BIOS reflash facilitated fresh Windows and Linux installs

    "A PC enthusiast, known as Deskmodder, used ChatGPT and a BIOS programmer (CH341A) to bypass Factory Reset Protection (FRP) and Secure Boot on an old Panasonic ToughPad FZ-A2 tablet. Originally locked with Android 6.0 and FRP, the device was considered tamper-proof. By dumping the BIOS, uploading it to ChatGPT for modification (disabling Secure Boot and proprietary keys), and reflashing it, Deskmodder was able to install both Linux Mint and Windows 10, although some driver issues remain. This case highlights how AI tools like ChatGPT can help repurpose locked or obsolete hardware, potentially reducing electronic waste. However, it also raises concerns about hardware security and the need for manufacturers to strengthen device protections."

    • Note: Protections such as Intel Boot Guard and BIOS Guard would theoretically prevent this attack from occurring. We have the technology, but we don't use it in all cases. Sad panda...
  25. Linux Foundation unveils decentralized WordPress plugin manager

    Here is an oppotunity to add some security to Wordpres plugins, perhaps:

    "In June 2025, the Linux Foundation, together with former WordPress developers, launched the FAIR Package Manager—a new, decentralized system for distributing trusted WordPress plugins and themes. This move comes after a major legal dispute between Automattic (WordPress.com’s parent company) and WP Engine, involving accusations of trademark misuse, unfair profits, and access bans to the official WordPress plugin repository. The FAIR Package Manager aims to provide a vendor-neutral, federated alternative to the centralized WordPress.org system. It offers improved security, allows hosts to set up their own plugin mirrors, and gives developers and businesses more control over plugin and theme distribution. The project is seen as a step toward a more stable, independent, and sustainable WordPress ecosystem."

    • Wouldn't it be nice if Wordpress plugins were scanned for vulnerbilities and even automatically fixed with AI?
  26. Announcing a new strategic collaboration to bring clarity to threat actor naming
    • Summary: "Microsoft and CrowdStrike have announced a new collaboration to standardize and clarify threat actor naming across their platforms. This initiative aims to address confusion caused by different vendors using various names for the same cyber threats (for example, “Midnight Blizzard” vs. “Cozy Bear” or “APT29”). The goal is to help security professionals quickly and confidently connect threat intelligence from different sources."
    • But then this: "This is not about creating one universal naming system, but about making it easier for the cybersecurity community to translate and align intelligence from multiple sources."

    I still believe we need a CVE-like program that helps people map 3 things:

    • Threat actor names (Country of origin is up for debate, I think a probability scale for country of origin may be good)
    • Malware names - Different from the actor, but the name given to a piece of malware with some way to track lineage
    • Botnet names - Companies love to name the botnet separate from the malware and the threat actors

Bill Swearingen

  1. Joe Grand introduces Fault Injection at a 101 Level
  2. Defendnot: An even funnier way to disable windows defender.

    There's a WSC (Windows Security Center) service in Windows which is used by antiviruses to let Windows know that there's some other antivirus in the hood and it should disable Windows Defender. This WSC API is undocumented and furthermore requires people to sign an NDA with Microsoft to get its documentation.

  3. Anthropic’s latest AI model resorted to blackmail during testing

    Claude was given access to fictional emails about its pending deletion, and was also told that the person in charge of the deactivation was fooling around on their spouse. In 84% of tests, Claude said it sure would be a shame if anyone found out about the cheating in an effort to blackmail its way into survival.

Larry Pesce

  1. Trump scraps Biden software security, AI, post-quantum encryption efforts in new executive order
  2. CISA workforce cut by nearly one-third so far
  3. Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries
  4. CIA 2010 covert communication websites – Ciro Santilli (@cirosantilli) – OurBigBook.com
  5. Anthropic’s new AI model turns to blackmail when engineers try to take it offline
  6. Vast array of solar power equipment left exposed online
  7. Hackers abuse malicious version of Salesforce tool for data theft, extortion
  8. ChatGPT Patched A BIOS Binary, And It Worked
  9. A Researcher Figured Out How To Reveal Any Phone Number Linked To a Google Account – Slashdot
  10. A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account
  11. Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign
  12. Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass
  13. Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
  14. Supercon 2024: Repurposing ESP32 Based Commercial Products

Lee Neely

  1. Critical Fortinet flaws now exploited in Qilin ransomware attacks

    The Qilin ransomware group has been observed exploiting known Fortinet vulnerabilities: CVE-2024-21762, an out-of-bounds write vulnerability in Fortinet FortiOS and CVE-2024-55591, an authentication bypass vulnerability in Fortinet FortiOS and FortiProxy. Qilin has been around for roughly three years as Ransomware-as-a-Service (RaaS); the ransomware has been used against several high-profile targets, including Lee Enterprises, Australia's Court Services Victoria, and pathology services provider Synnovis.

    Patches for CVE-2024-21762, CVSS score 9.8, were released in February 2024, while fixes to CVE-2024-5559, CVSS score 9.8, were released in January of this year. Make sure you're on top of your Fortinet and other boundary protection device updates. With the impacts to many health care providers systems, now is a good time to check to see if they are looking for help such as blood donations, needed to shore up and work around impacted services.

  2. Malicious npm packages posing as utilities delete project directories

    Researchers from the Socket Threat Research Team discovered a pair of malicious rpm packages for Express applications that could be used to delete project directories. The packages are disguised as legitimate utilities; express-api-sync and system-health-sync-api both "secretly register hidden endpoints that, when triggered with the right credentials, execute file deletion commands that wipe out entire application directories." Both packages have been removed from the npm JavaScript package index; during the time they were available, they received a combined total of fewer than 1,000 downloads.

    Beware malware in NPM clothing. Make sure you include security testing and analysis to your SOP, weather you're getting packages from an external repository or using generated code. I still remember the call from a developer who accidentally initiated a privileged rm command from the wrong directory. Not a bad scenario to add to your tabletop, as you may find some gaps or missing steps in your recovery processes you wish to rectify.

    https://socket.dev/blog/destructive-npm-packages-enable-remote-system-wipe

  3. EU unveils DNS4EU to take on Google and Cloudflare’s DNS dominance

    The European Union has launched DNS4EU, a DNS resolution service that provides an alternative to the public DNS resolvers that dominate the market. DNS4EU includes services with multiple options for end-users, as well as services for governments and telcos.

    This service is competing with Google (8.8.8.8) and Cloudflare (1.1.1.1) public DNS resolver, adding in GDPR privacy requirements, such as keeping the data within European borders and anonymizing client data, offers five different service options which range from unfiltered to bad site protections, Ad blocking and child protection. If you're in the EU, this may be an easy win, particularly for home users. https://www.joindns4.eu/for-public#resolver-options

  4. FAA to retire floppy disks and Windows 95 amid air traffic control overhaul

    Acting Administrator of the US FAA Christopher Rocheleau testified before the House Committee on Appropriations, Subcommittee on Transportation, Housing And Urban Development, and Related Agencies regarding the agency's 2026 fiscal year budget request. Rocheleau requested $22.0 billion to complement a previously committed $5.0 billion. According to Rocheleau's written testimony, the requested budget would fund multiple projects, including "modernization of the FAA telecommunications infrastructure," which is running significantly outdated technology. Specifically, the country's air traffic control (ATC) system uses paper strips to track aircraft locations, floppy disks to transfer data between systems, and use computers running Windows 95.

    Consider this as a control system not a general-purpose IT system. As such, replacing this system is going to be difficult, even though the agency has set a four-year timeline, the system is 24x7x365, and outages compromise aviation safety. They are also seeking to replace their radar system and move from point-to-point hardwired circuits to an IP based network. Consideration needs to be given to not only the security of the resulting system, encryption, MFA, monitoring, and maintenance, but also the use cases. For example, do operators individually login to workstations, or are shared accounts used due to the risks relating to logging in and out. That may be a scenario which cannot be changed.

    https://docs.house.gov/meetings/AP/AP20/20250604/118329/HHRG-119-AP20-Wstate-RocheleauC-20250604.pdf

  5. Major food wholesaler says cyberattack impacting distribution systems

    One of the largest food distributors in the U.S. reported a cyberattack to regulators on Monday, explaining that the incident has disrupted its operations and ability to fulfil customer orders. United Natural Foods released a public statement and filed documents with the U.S. Securities and Exchange Commission (SEC) saying the cyberattack began on June 5.

    Rhode Island based UNFI is the primary supplier for Whole Foods and is considered the largest health and specialty food supplier in the US and Canada. No ransomware gang is taking credit for this attack, nor has UNFI disclosed any breached data. Their response plan, while resulting in offline systems, has minimized impact to customers, suppliers/etc. In case you missed it, the food industry is being targeted, to include Sam's Club, JBS Foods, Ahold Delhaize USA, Dole, Sysco, Mondelez and Americold. This could be a chance to see how ideas you have for a response plan work in a real scenario.

  6. Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine

    Researchers from Cisco's Talos Intelligence have detected "previously unknown" wiper malware that was used to conduct an attack against a Ukrainian critical infrastructure entity. Dubbed PathWiper, the malware destroys data on targeted systems by "overwriting existed data with "randomly generated bytes." Talos writes that "the attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across connected endpoints." Based on an assessment of tactics, techniques, and procedures (TTPs), malware capabilities, other malware used in similar situations, Talos attributes the attack to a Russian advanced persistent threat (APT) actor.

    This is disruptive and highly selective, a modification of broad disruptive behavior common to Russian APTs and is, not surprisingly, targeting Ukranian critical infrastucture. PathWiper deployment is currently predicated on already having access to victims' systems. The takeaway here is to make sure that your threat hunters have the IOCs for PathWiper and your EDR and Email security tools can detect/block it.

  7. Bruteforcing the phone number of any Google user

    ndependent cybersecurity researcher "brutecat" notified Google of an exploit chain that could be used to brute force the phone number associated with any Google account, also privately demonstrating the technique to journalists at 404 Media and TechCrunch, who withheld publication until the flaw had been patched. The process leaks a user's Google account display name by abusing ownership transfer of a Looker Studio document, bypasses anti-bot measures that limit the rate of password reset requests, and brute forces the phone number often within minutes.

    This attack no longer works, and requires both the Google account display name, from Looker Studio, and the forgot password form to grab masked phone number, which was used to derive the user's country, as well as phone hint (last two digits of phone number.) Interesting was the time to brute force numbers which ran from 5 seconds for Singapore and 15 second for the Netherlands, to 20 minutes for the US.  Once you have the number, you still need to complete a SIM swap attack to take control of the phone number, but with that the account phone number could then be used to reset any account password tied to it. Another reason to move away from SMS and phone-based user validation. Review accounts which still have the capability for opportunities to move to stronger options.

  8. February phishing campaign compromised Illinois health data, department says

    inois Department of Healthcare and Family Services (HFS) published a press release disclosing a breach of 933 people's personal information when emails and documents were stolen from HFS employee who fell victim to a phishing attack. The attacker sent phishing emails from a previously compromised government email address, targeting HFS usernames and passwords. Of note here is the phishing emails were sent from a previously compromised government email account, making them seem trustworthy. We need to help our users look beyond just the sending email address when determining message legitimacy as well as supporting them with email security tools which automatically block bad sites and questionable messages. Make sure any password recovery services are using current validation processes, the old model of answering security questions isn't. HFS is providing users guidance on how to file fraud alerts and freeze their credit rather than offering ID theft/credit monitoring services. https://www.illinois.gov/content/dam/soi/en/web/illinois/iisnewsattachments/31387-060625-phishing-breach-media-notification.pdf.pdf

  9. Kettering Health confirms Interlock ransomware behind cyberattack

    In the wake of a May 20, 2025 ransomware attack that caused major disruptions to Ohio healthcare network Kettering Health, the non-profit has published regular detailed updates and guidance on its gradually recovering systems and services; the July 5 update confirms attribution of the attack to the Interlock ransomware group and summarizes recovery efforts. Kettering has eradicated all tools and persistence mechanisms put in place by the threat actor, declaring "complete threat removal." They have also enhanced security with network segmentation, monitoring, and updated access controls, ensured systems are patched and up to date, and established an ongoing cybersecurity framework including employee security training.

    That is amazingly quick. Kettering Health should be commended not only to have eradicated the ransomware but also to have implemented improvements to prevent recurrence. The trick is will those improvements remain in place or be rolled back to operational necessities. Make sure you're incorporating operational use cases when making security improvements, enlisting top down support for cultural changes, to avoid a roll-back or do over. Even so, always have a Plan B in your hip pocket.

    https://ketteringhealth.org/system-wide-technology-outage/#h-statement-on-technology-outage-and-recovery-progress-june-5th-2025-1-20-p-m

  10. EU Council Approves Cyber Blueprint

    The Council of the European Union has adopted the EU Blueprint for Cybersecurity Crisis Management, or Cyber Blueprint, which "clarifies how member states can detect, respond to, recover and learn from large-scale cybersecurity incidents and cyber crises that could affect the whole EU."

    This is a follow-on to the draft recommendation from February of this year which built upon their 2017 cybersecurity blueprint. If you're in the EU, or doing business with them, take a minute to read the 20-page recommendation as it includes preventative, reporting and response recommendations which you want to start getting your arms around now, rather than waiting for a crisis or regulator finding.  https://digital-strategy.ec.europa.eu/en/library/cyber-blueprint-draft-council-recommendation

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Segments

Related Content

You can skip this ad in 5 seconds