Tag: framework
-
Agentic AI Threat Modeling Framework: MAESTRO
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/agentic-ai-threat-modeling-framework-maestro/
-
NSA Adds Innovative Features to Ghidra 11.3 Release
The National Security Agency (NSA) has unveiled Ghidra 11.3, the latest iteration of its open-source software reverse engineering (SRE) framework, introducing transformative features that streamline vulnerability analysis and collaborative research. This release”, coded internally as >>NSA Adds Innovative Features to Ghidra 11.3 Release
-
Microsoft’s End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now
For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks First seen on thehackernews.com…
-
Der trügerische Komfort des Risikomanagements
Gefahrenmanagement statt Risikomanagement: Cybersicherheit erfordert Dringlichkeit und Entschlossenheit.Herkömmliches Risikomanagement basiert auf Wahrscheinlichkeiten und statistischen Berechnungen doch in einer zunehmend komplexen und aggressiven Bedrohungslandschaft sind solche Prognosen unzuverlässig. Daher ist ein Umdenken nötig: Anstatt dem Risikomanagement sollten Organisationen Gefahrenmanagement als neues Konzept einführen.Risikomanagement impliziert, dass man die Wahrscheinlichkeit eines Cyberangriffs vorhersagen kann. Doch die Realität sieht…
-
Russian Government Proposes Stricter Penalties to Tackle Cybercrime
Tags: cyber, cybercrime, cybersecurity, framework, government, hacker, infrastructure, law, russia, threatThe Russian government has unveiled sweeping legislative reforms aimed at curbing cybercrime, introducing stricter penalties, expansive law enforcement powers, and novel judicial measures. Approved on February 10, 2025, the amendments seek to modernize the nation’s cybersecurity framework amid rising digital threats, targeting hackers, fraudsters, and infrastructure attackers with harsher punishments and strengthened investigative tools. The…
-
Think being CISO of a cybersecurity vendor is easy? Think again
Tags: access, business, ciso, compliance, control, cybersecurity, framework, infrastructure, phishing, strategy, tool, updateand that our product was securing us gave me a perspective I might never have gained elsewhere. I wasn’t just testing controls or rolling out new tools; I was immersed in a feedback loop between our product team, our security operations, and our customers.Every time we identified ways to improve the product internally, those insights…
-
New Research Aims to Strengthen MITRE ATTCK for Evolving Cyber Threats
A recent study by researchers from the National University of Singapore and NCS Cyber Special Ops R&D explores how the MITRE ATT&CK framework can be enhanced to address the rapidly evolving landscape of cyber threats. The research synthesizes findings from 417 peer-reviewed publications to evaluate the framework’s applications across various cybersecurity domains, including threat intelligence,…
-
Compliance Isn’t Security: Why a Checklist Won’t Stop Cyberattacks
Think you’re safe because you’re compliant? Think again. Recent studies continue to highlight the concerning trend that compliance with major security frameworks does not necessarily prevent data breaches. Learn more from Pentera on how automated security validation bridges the security gaps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/compliance-isnt-security-why-a-checklist-wont-stop-cyberattacks/
-
NeMo Guardrails: Sicheres Framework für KI-Agenten – Nvidia stärkt KI-Sicherheit mit neuen NeMo Guardrails Microservices
First seen on security-insider.de Jump to article: www.security-insider.de/-nvidia-nemo-guardrails-nim-microservices-sichere-ki-anwendungen-a-66c8b480798f63f0e678ba3e944a9e00/
-
Microsoft Text Services Framework Exploited for Stealthy Persistence
A novel persistence mechanism exploiting Microsoft’s Text Services Framework (TSF) has been uncovered by researchers at Praetorian Labs, revealing a sophisticated method for maintaining long-term access to compromised systems. While requiring administrative privileges for initial deployment, this technique enables stealthy code execution across dozens of critical Windows processes through aboriginal system components designed for text…
-
Cybersecurity as a Business Imperative: Embracing a Risk Management Approach
Cybersecurity is much more than just a technical challenge. It’s now a critical business imperative that requires a strategic risk management approach. By integrating cybersecurity into broader risk management frameworks, you can proactively address threats, improve resilience, and align your security efforts with your core business objectives. Shifting your organization’s collective mindset around this concept…
-
Linux Kernel 6.14 rc3 Released With The Fixes for Critical Issues
Linus Torvalds has announced the release of Linux Kernel 6.14-rc3, marking a critical milestone in stabilizing the upcoming 6.14 kernel version. This release candidate addresses architectural vulnerabilities and introduces the lightweight >>Faux Bus
-
How to evaluate and mitigate risks to the global supply chain
Tags: access, business, ceo, ciso, communications, compliance, control, cyberattack, cybersecurity, data, framework, governance, government, intelligence, international, ISO-27001, kaspersky, microsoft, mitigation, monitoring, office, resilience, risk, risk-assessment, risk-management, russia, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityMaintain a diversified supply chain: Organizations that source from international technology suppliers need to ensure they are not overly reliant on a single vendor, single region or even a single technology. Maintaining a diversified supply chain can mitigate costly disruptions from a cyberattack or vulnerability involving a key supplier, or from disruptions tied to regulatory…
-
Delinea Extends Scope of Identity Management Platform
Delinea this week updated its platform for managing identities to add a vault for storing managing credentials, analytic tools for tracking user behavior and a framework for automating the management of the lifecycle of an identity from onboarding to offboarding. Additionally, administrators using the platform to manage access and privileges can now access it via..…
-
Microsoft GCCH vs. Google Public Sector for CMMC
When it comes to overall productivity platforms, collaboration tools, and office suites, the two biggest options dominating the market are the Google G Suite and Microsoft’s Office ecosystem. Whether it’s word processing, team collaboration, IT frameworks, device management, or the entire infrastructure of a business, there’s a pretty good chance one of these two options……
-
SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files
A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using compromised websites to deliver malicious ZIP files disguised as legitimate browser updates. This campaign, active since at least 2017, continues to exploit unsuspecting users by embedding malicious JavaScript into trusted websites. These sites, often appearing in organic search results, are weaponized…
-
Kartellamt meldet Bedenken gegen App-Tracking an
Das Bundeskartellamt untersucht seit 2022 Apples App Tracking Transparency Framework – und hat nun Anzeichen für einen Wettbewerbsvorteil gefunden. First seen on golem.de Jump to article: www.golem.de/news/apple-kartellamt-meldet-bedenken-gegen-app-tracking-an-2502-193340.html
-
What is anomaly detection? Behavior-based analysis for cyber threats
a priori the bad thing that you’re looking for,” Bruce Potter, CEO and founder of Turngate, tells CSO. “It’ll just show up because it doesn’t look like anything else or doesn’t look like it’s supposed to. People have been tilting at that windmill for a long time, since the 1980s, trying to figure out what…
-
New Australian Law Makes Banks, Telecoms Liable for Scams
Social Platforms Also Could Face Stiff Fines for Failing to Protect Users. The Australian government passed the Scams Prevention Framework law in Parliament to make social media companies, banks and telecommunication companies accountable for scammers using their networks, subjecting them to a maximum of AU$50 million in fines for violations. First seen on govinfosecurity.com Jump…
-
Cybercriminals Exploit Pyramid Pentesting Tool for Covert C2 Communications
Cybersecurity analysts have identified that hackers are leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Originally designed as a post-exploitation framework for penetration testers, Pyramid has become an attractive option for malicious actors due to its ability to evade detection by endpoint security tools. The tool, first released on GitHub in…
-
Security compliance firm Drata acquires SafeBase for $250M
Drata, a security compliance automation platformthat helps companies adhere to frameworks such as SOC 2 and GDPR, has acquired software security review startup SafeBase for $250 million. SafeBase co-founders Al Yang (CEO) and Adar Arnon (CTO) will retain their roles, and SafeBase will continue to offer a standalone product while bringing its core solutions to…
-
Getting the Most Value out of the OSCP: Pre-Course Prep
Tags: access, antivirus, attack, compliance, control, credentials, cyber, cybersecurity, detection, exploit, finance, framework, guide, hacker, hacking, infosec, infrastructure, jobs, kali, linux, mandiant, metric, microsoft, mitre, network, organized, password, penetration-testing, PurpleTeam, RedTeam, risk, service, skills, software, tactics, technology, tool, training, vulnerability, windowsThe first post in a five-part practical guide series on maximizing the professional, educational, and financial value of the OffSec certification pursuit for a successful career in offensive cybersecurity consulting Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements.…
-
How to Steer AI Adoption: A CISO Guide
CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren’t many resources to guide them on what their role should look like or what they should bring to these meetings. We’ve pulled together a framework for security leaders to help push AI teams and committees…
-
Die besten DAST- & SAST-Tools
Tags: access, ai, api, application-security, authentication, awareness, cloud, cyberattack, cybersecurity, docker, framework, HIPAA, injection, PCI, rat, risk, risk-management, service, software, sql, supply-chain, tool, vulnerability, vulnerability-managementTools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten. Wir zeigen Ihnen die besten Tools zu diesem Zweck.Die Softwarelieferkette respektive ihre Schwachstellen haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren.…
-
The Art of Human-AI Synergy: A Framework for Smart Collaboration
A proven framework for merging human intuition with AI precision to enhance innovation, reduce bias, and scale operations. Explores real-world case studies, ethical considerations, and hybrid workflows that outperform pure automation models. Essential reading for forward-thinking business leaders. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/the-art-of-human-ai-synergy-a-framework-for-smart-collaboration/
-
Privacy Roundup: Week 6 of Year 2025
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Leveraging Microsoft Text Services Framework (TSF) for Red Team Operations
The Praetorian Labs team was tasked with identifying novel and previously undocumented persistence mechanisms for use in red team engagements. Our primary focus was on persistence techniques achievable through modifications in HKCU, allowing for stealthy, user-level persistence without requiring administrative privileges. Unfortunately, while we identified an interesting persistence technique, the method we discuss in this……
-
Core-Media-Framework Day-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/apple-core-media-framework-sicherheitsluecke-a-b1e972a48d78893f3808f22de82f36b6/
-
Beelzebub: Open-source honeypot framework
Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/10/beelzebub-open-source-honeypot-framework/