Tag: framework

Meta hit with $263 million fine in Europe over 2018 data breach

Dec 18, 2024 11:42 AM

Tags: access, breach, business, ceo, cio, compliance, cyber, data, data-breach, exploit, finance, framework, GDPR, governance, incident response, law, privacy, regulation, risk, technology, threat, unauthorized, vulnerability

Meta has been fined $263.5 million (Euro251 million) by Ireland’s Data Protection Commission (DPC) for a 2018 Facebook security breach that exposed the sensitive data of 29 million users globally.The breach exploited a vulnerability in Facebook’s “view as” feature, which allows users to view their profiles as others would see them.The exploit enabled unauthorized access…
Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released

Dec 18, 2024 9:42 AM

Tags: access, cve, cyber, exploit, framework, unauthorized, vulnerability

A Proof of Concept (PoC) exploit for the critical path traversal vulnerability identified as CVE-2024-38819 in the Spring Framework has been released, shedding light on a serious security issue affecting applications that serve static resources via functional web frameworks. This vulnerability allows attackers to access unauthorized files on the server through carefully crafted HTTP requests.…
2024: A Year of Hyperproof Highlights, Innovations, and Milestones

Dec 18, 2024 5:42 AM

Tags: compliance, framework

As 2024 comes to a close, we at Hyperproof are reflecting on a year marked by remarkable progress and innovation. This year, we delivered exciting new features, expanded our global reach, and added powerful frameworks to help compliance teams tackle their biggest challenges. All of this was made possible thanks to the invaluable feedback and……
Next-gen cybercrime: The need for collaboration in 2025

Dec 17, 2024 5:42 PM

Tags: ai, attack, awareness, cloud, crime, crimes, cyber, cyberattack, cybercrime, cybersecurity, defense, exploit, framework, group, healthcare, infrastructure, intelligence, risk, service, strategy, tactics, technology, threat, training, vulnerability

Cybercrime is a relentless and evolving threat to organizations worldwide. However, with the right insights, we can significantly enhance our security, mitigate risks, and stay ahead of these criminals.FortiGuard Labs’ Cyberthreat Predictions for 2025 report is designed to provide exactly these insights. It identifies emerging threat trends for the coming year and offers actionable guidance…
Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage

Dec 17, 2024 2:42 PM

Tags: access, ai, attack, authentication, breach, business, cloud, compliance, computer, computing, credentials, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, dora, encryption, framework, hacker, infrastructure, international, law, ml, monitoring, network, nis-2, nist, PCI, phishing, privacy, regulation, resilience, risk, risk-management, service, skills, social-engineering, software, strategy, supply-chain, technology, threat, tool, vulnerability, zero-trust

Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage madhav Tue, 12/17/2024 – 05:10 Cybersecurity is a remarkably dynamic industry. New trends, technologies, and techniques reshape the landscape at an extraordinary pace, meaning keeping up can be challenging. Protecting data, the driving force of modern businesses, will continue to be the primary…
CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework

Dec 16, 2024 9:42 PM

Tags: cisa, cyber, framework, incident, incident response, update

The agency is seeking public comment on its much-anticipated draft update to 2016’s PPD-41. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-national-cyber-incident-response-plan-comments/
Framework for a more resilient critical infrastructure: The 4 Rs

Dec 16, 2024 9:42 PM

Tags: framework, infrastructure

First seen on scworld.com Jump to article: www.scworld.com/resource/framework-for-a-more-resilient-critical-infrastructure-the-4-rs
CISA, ONCD propose updated National Cyber Incident Response Plan

Dec 16, 2024 8:44 PM

Tags: cisa, cyber, framework, government, incident, incident response

The updated framework is designed to bolster the government’s partnership with private-sector organizations in the wake of an attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/national-cyber-incident-response-plan-update/735660/
Why We Should Insist on Future-Proofing Cybersecurity Regulatory Frameworks

Dec 16, 2024 6:42 PM

Tags: cybersecurity, framework

There are concerns around the future adaptability and efficacy of regulatory frameworks, particularly among the developer community. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/why-we-should-insist-on-future-proofing-cybersecurity-regulatory-frameworks/
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads

Dec 16, 2024 1:42 PM

Tags: apache, cve, cvss, cyber, exploit, framework, hacker, malicious, open-source, vulnerability

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting…
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Dec 16, 2024 11:44 AM

Tags: attack, backdoor, china, cyber, cybersecurity, exploit, framework, group, malicious, malware

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa.QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti…
What is gRPC and How Does it Enhance API Security?

Dec 13, 2024 12:05 PM

Tags: api, framework, open-source, tool

As the reliance on APIs grows, so do the challenges of ensuring they are both fast and secure. Enter gRPC”, a high-performance, open-source framework that has revolutionised how systems communicate in real time. More than just a tool for building APIs, gRPC brings an added layer of efficiency and robust security features to the table.…
KI-gestützte Bedrohungen und Schwachstellen in der Lieferkette dominieren in Europa

Dec 13, 2024 12:05 PM

Tags: ai, cyber, framework, supply-chain, threat, vulnerability

Der Bericht ‘Europe Threat Landscape Report 2024-2025″ bietet Organisationen ein hilfreiches Framework, um sich in der Cyber-Bedrohungslandschaft zurechtzufinden und auf die bevorstehenden Herausforderungen vorbereiten zu können. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ki-gestuetzte-bedrohungen-und-schwachstellen-in-der-lieferkette-dominieren-in-europa/a39257/
FuzzyAI: Open-source tool for automated LLM fuzzing

Dec 13, 2024 7:05 AM

Tags: ai, cloud, framework, LLM, open-source, tool, vulnerability

FuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/13/fuzzyai-automated-llm-fuzzing/
New Malware Framework Targets Cleo File Systems

Dec 12, 2024 10:05 PM

Tags: attack, communications, exploit, flaw, framework, hacker, malware, software, update

Possible Long-Term Attack by Unknown Hackers Thwarted. Hackers exploiting flaws in Cleo Communications software instances had intimate knowledge of their internals and deployed a previously unknown family of malware, security researchers from Huntress said Thursday. Cleo published a patch Wednesday evening. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-malware-framework-targets-cleo-file-systems-a-27045
Security researchers find deep flaws in CVSS vulnerability scoring system

Dec 12, 2024 9:05 PM

Tags: access, apt, breach, business, citrix, control, cve, cvss, cybersecurity, ddos, exploit, finance, flaw, framework, Hardware, metric, privacy, risk, service, software, threat, vulnerability

The industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
Top 5 CMMC Services MSPs Should Offer

Dec 12, 2024 7:05 PM

Tags: defense, framework, msp, service

CMMC is a rigorous framework designed to enhance the security of the Department of Defense (DoD) supply chain. But while CMMC is essential, it can be challenging and resource-intensive. This is especially true for SMBs. Small businesses are the backbone of the U.S. economy and a key focus of recent federal initiatives aimed at leveling……
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

Dec 12, 2024 2:08 PM

Tags: access, apple, control, cve, exploit, flaw, framework, macOS, unauthorized, vulnerability

Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information.The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved First…
The 7 most in-demand cybersecurity skills today

Dec 12, 2024 12:05 PM

Tags: access, ai, api, application-security, attack, backup, best-practice, breach, business, cloud, compliance, computing, control, cyber, cyberattack, cybersecurity, data, defense, encryption, exploit, framework, gartner, GDPR, google, governance, grc, group, hacker, Hardware, healthcare, incident response, infrastructure, injection, intelligence, jobs, LLM, malicious, mitigation, ml, network, penetration-testing, phishing, privacy, ransomware, risk, risk-analysis, risk-assessment, risk-management, saas, service, skills, social-engineering, software, spear-phishing, strategy, technology, threat, tool, training, update, vulnerability, zero-trust

Cybersecurity teams find themselves understaffed, overburdened, and rushing to keep up with a rapidly changing threat landscape, as cyberattackers continually devise new ways to attack organizations, and organizations accelerate their embrace of the latest technologies.As a result, security professionals must continually upskill themselves to ensure they keep pace with organizations’ latest skill demands. Unfortunately, deciding…
Attackers can abuse the Windows UI Automation framework to steal data from apps

Dec 12, 2024 5:05 AM

Tags: attack, automation, computer, control, credit-card, data, detection, edr, email, endpoint, exploit, framework, Internet, malicious, malware, microsoft, service, software, technology, threat, tool, windows

An accessibility feature built into Windows to facilitate the use of computers by people with disabilities can be abused by malware to steal data from other applications or control them in malicious ways that evades detection by most endpoint protection systems.The Windows UI Automation framework has existed since the days of Windows XP and provides…
Leveraging NIST OSCAL to Provide Compliance Automation: The Complete Guide

Dec 10, 2024 12:08 PM

Tags: automation, compliance, control, data, fedramp, framework, guide, nist, risk, risk-management

What is OSCAL? OSCAL provides a traceable and machine-readable data format for capturing and sharing security information. A standardized, continuous representation of an organization’s security controls helps prove compliance with NIST’s risk management framework for mandated federal agencies. FedRAMP joined with NIST to create the Open Security Controls Assessment Language (OSCAL), a standard that can……
Gen AI use cases rising rapidly for cybersecurity, but concerns remain

Dec 9, 2024 8:07 AM

Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usa

Generative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
A Framework for Human-AI Partnership in the SOC

Dec 6, 2024 9:49 PM

Tags: ai, framework, soc

First seen on scworld.com Jump to article: www.scworld.com/perspective/a-framework-for-human-ai-partnership-in-the-soc
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Dec 6, 2024 1:48 PM

Tags: cybersecurity, flaw, framework, open-source, supply-chain, tool, vulnerability

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.Unlike the first…
FCC calls for urgent cybersecurity overhaul amid Salt Typhoon espionage case

Dec 6, 2024 12:50 PM

Tags: access, at&t, attack, breach, china, cisa, communications, cyber, cyberattack, cyberespionage, cybersecurity, data, defense, espionage, framework, infrastructure, intelligence, law, monitoring, network, phone, risk, risk-management, service, technology, threat, unauthorized, usa, vulnerability

In the wake of the Salt Typhoon cyberespionage campaign allegedly linked to China, Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel has proposed immediate measures to strengthen the cybersecurity of US telecommunications infrastructure.The FCC’s action came a day after top US security agencies briefed senators and the Commission on the scope of Salt Typhoon’s espionage campaign,…
8 biggest cybersecurity threats manufacturers face

Dec 6, 2024 8:48 AM

Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windows

The manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

Dec 5, 2024 11:49 AM

Tags: cyber, cyberattack, framework, hacking, penetration-testing

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to solve Capture The Flag (CTF) challenges without human intervention. It utilizes a two-module architecture: a planner to create commands and a summarizer to understand the hacking process’s current state by employing contextual information from past commands to make future decisions and…
Six password takeaways from the updated NIST cybersecurity framework

Dec 4, 2024 4:48 PM

Tags: cybersecurity, framework, nist, password, software

Updated NIST guidelines reject outdated password security practices in favor of more effective protections. Learn from Specops Software about 6 takeaways from NIST’s new guidance that help create strong password policies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/
A Strategic Approach to Building a Comprehensive Third-Party Risk Framework

Dec 4, 2024 9:48 AM

Tags: framework, risk, risk-management

Building a third-party risk management framework (TPRM) is an ongoing process that requires commitment, resources and continuous improvement. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/a-strategic-approach-to-building-a-comprehensive-third-party-risk-framework/
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts

Dec 4, 2024 8:48 AM

Tags: cve, cyber, flaw, framework, malicious, mobile, vulnerability, xss

A critical vulnerability has been identified in the Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts into the system. This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the >>Diff or Compare