Crowdstrike

Researchers from CrowdStrike say that hackers are actively exploiting a seven-year-old improper input validation vulnerability in the Intel Ethernet diagnostics driver for Windows. The attackers are using the flaw to deploy a malicious kernel driver. Note The exploit requires administrative access to the system, often accomplished by a combination of credential capture (to include OTP …

Crowdstrike announced its plan to acquire attack surface management startup Reposify. It also made an undisclosed strategic investment in API security vendor Salt Security.