Feed aggregator

Over 4,500 square miles of ocean will be protected off the California coast. It will also be managed in partnership with the indigenous groups that fought to create it.

(Image credit: Mario Tama/Getty Images)

'/>

As climate change makes hurricanes stronger and more intense, island communities like Longboat Key are particularly susceptible to catastrophic damage from hurricanes. Residents say they are sticking around.

(Image credit: Ryan Kellman)

Bob Woodward speaks to NPR about the revelations in his new book, and recounts how key moments and meetings in recent years played out behind closed doors.

(Image credit: Jim Watson)

Craig Breedlove became the first person to drive faster than 500 miles per hour. But his record-breaking run almost ended in disaster.

(Image credit: Bettmann)

With only weeks to a divisive election it can be hard to talk politics. Polarization can damage our relationships and our health. We have strategies to reduce election stress, starting with ourselves.

Eden Alonso-Rivera of Grandville, Mich. is the high school winner of NPR's Student Podcast Challenge. Her winning entry, "A Relationship Behind Bars," is about her father's incarceration.

(Image credit: Alfield Reeves for NPR)

Europa Clipper will make a six-year journey to Jupiter to study Europa, an icy-surfaced moon that scientists believe has “ingredients for life.”

(Image credit: AP)

The World Health Organization said a second dose will be crucial in order to stop the spread of the virus in Gaza and internationally.

(Image credit: Eyad Baba)

Polls show that some Black men may be gravitating toward former President Trump or not vote at all. Vice President Harris and other prominent Democrats are trying to counter that.

(Image credit: Brendan Smialowski)

Taiwan Semiconductor Manufacturing Co (TSMC) is building a new plant in Germany in order to address ongoing interest and continued investments in AI.

The news comes as part of the company’s efforts to expand globally, including across Europe, the US and Asia – a move confirmed by Taiwan’s National Science and Technology Council Minister, Wu Cheng-wen (via Bloomberg TV).

Wu confirmed that the construction of a facility in Dresden, Germany had already started, with opening more plants already on the agenda.

Taiwan is building more chip plants in other regions

The Minister confirmed: “[TSMC is] already planning the next few fabs in the future for different market sectors as well.”

TSMC, the world’s largest chipmaker, is reportedly investing billions to build new manufacturing sites in the US, Japan and Germany for a handful of reasons, including meeting demand for powerful components and mitigating risks associated with ongoing geopolitical tensions in China, which has resulted in import and export restrictions and tariffs in recent years.

The company’s $10.9 billion chip fabrication facility in Dresden is expected to be operational by the end of 2027 thanks to around 50% funding from state subsidies.

Alluding to ambitions to work more closely with the European Union, Wu hinted at opportunities from next-generation European chip designers like Germany’s Black Semiconductor and the Netherlands’ Axelera AI. However, US pressures could continue far beyond the upcoming presential election.

We added: “Short term, maybe it’s painful for Taiwanese companies because it’s more expensive if they move over there… But in the long run, maybe it’s good for them, from my point of view, because they can improve themselves.”

Moreover, relations between Taiwan and the Czech Republic have strengthened in recent months, which could represent an open door for TSMC into Europe.

More from TechRadar Pro

• Check out the best AI tools and best AI writers
• We’ve rounded up a list of all the best cloud computing services
• $6.6 billion given to Taiwan semiconductor giant to shore up US chip manufacturing

A quick start out of the gate is an enormous advantage for sprinters, swimmers, jockeys and race car drivers alike. It’s also extremely valuable to cybercriminals. By exploiting a zero-day vulnerability before anyone else knows about it, cybercriminals gain an early window to infiltrate systems and achieve goals like stealing data or deploying ransomware while avoiding detection.

Attacks that exploit zero-day vulnerabilities cannot be prevented — but they can be faced with confidence. This article offers practical guidance containing these threats by building a resilient IT infrastructure that features reducing the attack surface, fast detection and effective response.

The Frustration of Zero-Day Vulnerabilities

It is an inescapable fact that every operating system and software application have vulnerabilities that are not yet known by the vendor or the organizations using the product. Another unhappy fact is that cybercriminals are constantly looking for these vulnerabilities, and when they find one, they begin working hard to find a way to exploit it.

Organizations need to come to terms with the reality that adversaries sometimes succeed in developing an effective zero-day attack and there is little they can do to prevent the initial strike. Instead, they must focus on blocking the escalation of the threat and preventing attackers from gaining access to precious data or establishing control over the whole system.

Essentially, exploitation of a zero-day vulnerability is just the first stage of a longer battle for control over your valuable digital assets. To win that battle, security teams must proactively reduce their exposure to attack, stay on top of vulnerabilities, master threat detection and response, and ensure they can restore operations quickly after an incident.

Reducing the Attack Surface

The first priority in reducing the risk from zero-day vulnerabilities is to minimize the attack surface. Core strategies that will help include disabling unneeded services, implementing a robust patch management process, and segregating your network into distinct segments to isolate critical systems and sensitive data.

Another critical best practice is configuring stringent access controls that adhere to the least privilege principle. Even if an attacker gets into the system, their ability to move laterally will be restricted, since each account has only the access rights necessary for the user to perform their tasks.

For an even more robust approach, highly privileged accounts can be replaced with just-in-time (JiT) elevated privileges that are granted only after additional verification and that last only as long as needed for the task at hand. Such an approach further limits the ability of an adversary to escalate privileges.

Discovering and Mitigating Vulnerabilities

What makes a vulnerability a zero-day is that it is discovered by adversaries and exploited in attacks before anyone else knows about it. Software vendors usually quickly provide a security patch or mitigation strategy. Unfortunately, many organizations fail to perform the recommended action in good time, so they remain at risk from the vulnerability far longer than necessary.

Accordingly, a robust patch management strategy is another vital element in reducing the attack surface area. That strategy should include scanning systems for unpatched vulnerabilities so they can be mitigated promptly. One option is a traditional patch management tool that scans systems regularly. However, as the number of software products in use has grown, this process now takes more time than ever before. Modern solutions use a discovery process known as a scan-less scan, which maintains a real-time inventory of the software installed on the system and flags any vulnerabilities as they appear.

Detecting Threats in Their Early Stages

Attackers don’t advertise the time and place that they are going to attack, but entire websites are devoted to detailing the tactics and techniques that they use. Identity threat detection and response (ITDR) solutions leverage this knowledge, with a focus on detecting threats relating to identity and access control systems. Signs of these threats include unusual login attempts, suspicious access requests and unplanned changes to privileges. Detection of a threat can trigger automated responses like blocking access and resetting credentials.

Organizations also need an endpoint detection and response (EDR) system. EDR complements ITDR by monitoring endpoints for potentially malicious activity and enabling prompt response to those threats.

Of course, if these solutions flag too many events as suspicious, security teams will be overwhelmed with false alerts. Accordingly, file integrity monitoring (FIM) is also crucial, since it can filter out planned system changes and empower IT teams to focus on swift response to real threats.

Ensuring Quick Recovery

Organizations must also be prepared for attacks that succeed in taking down key systems and destroying or encrypting valuable data. To minimize disruption to the business in the wake of an incident, they need a documented strategy for data recovery and getting processes back on track as soon as possible.

A robust recovery plan starts with backing up key data and systems, testing those backups carefully and storing them securely. If attackers make malicious changes, IT teams should be able to identify the specific assets involved and granularly reverse the modifications. In a broader disaster, IT pros need to be able to quickly restore key domain controllers, applications and data to reduce downtime and business losses.

Conclusion

While it is not possible to prevent cybercriminals from discovering and exploiting zero-day vulnerabilities, organizations can and should take action to reduce the impact of these attacks. By implementing the practices above, organizations can build a multi-layered security strategy that enhances their resilience against not only zero-day exploits, but other types of cyberattacks and insider threats.

We've rated the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Britain has closed it's last coal-fired power plant, making the country that pioneered coal power, the first to give it up in favor of cleaner options. We hear about the transition. And a small town in Wales has become the unlikely site of a world-renowned Elvis festival.

The Irish capital's embrace of big tech is filtering through to its startups, who are building better tools for IT teams, AI content moderation tools, and RNA screening for herds of cattle.

The Spanish capital is drawing talent from Latin America, and its eye-catching startups are working on smarter payments, eldercare, and an AI-powered virtual nurse.

The Finnish capital's most exciting startups are building nuclear-powered heating networks, better weather forecasting tools and an esports streaming platform that lets viewers bet on the outcome.

The Portuguese capital's most exciting startups include a platform to help entrepreneurs get going, a smart punchbag, and the Uber of hair salons.

There are around 4,000 startups in Amsterdam—the best 10 are tackling forest fires, decarbonizing plastics, and building robot bricklayers.

The French capital has become the home of Europe's growing AI industry—but alongside giants like Mistral are startups building EV charging infrastructure and trying to revolutionize social media.

The Swiss capital might be most associated with fintech, but its startups are also focussing on medical robotics, AI-powered language learning, and the batteries of the future.

The Swedish capital produced Skype, Spotify, Klarna and Minecraft—its stars of the future are building fintech for businesses, GenAI for lawyers, and full-body health care scans.