Tag: framework

Talent overlooked: embracing neurodiversity in cybersecurity

Dec 4, 2024 8:48 AM

Tags: awareness, business, cisa, ciso, cloud, computing, corporate, cyber, cybersecurity, email, finance, firewall, flaw, framework, google, government, hacking, incident response, jobs, microsoft, mitre, office, sap, service, skills, technology, threat, tool, training, vulnerability

In cybersecurity, diverse perspectives help in addressing complex, emerging threats. Increasingly, there’s a push to recognize that neurodiversity brings significant value to cybersecurity. However, neurodiverse people frequently face systemic barriers that hinder their success in the field.Neurodiversity refers to the way some people’s brains work differently to the neurotypical brain. This includes autism, ADHD (attention…
BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia

Dec 4, 2024 5:49 AM

Tags: access, ai, attack, breach, ceo, ciso, communications, compliance, cyber, cyberattack, cybersecurity, data, detection, espionage, finance, framework, government, infrastructure, intelligence, international, Internet, iot, malware, mobile, monitoring, phishing, ransomware, regulation, resilience, risk, skills, software, strategy, supply-chain, threat, tool, training, vulnerability

In 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had…
SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Dec 3, 2024 2:48 PM

Tags: access, antivirus, attack, browser, credentials, cve, cvss, data, email, exploit, flaw, fortinet, framework, healthcare, login, malicious, malware, microsoft, office, phishing, remote-code-execution, risk, software, threat, vulnerability, windows

Threat actors are using a well-known modular malware loader, SmokeLoader, to exploit known Microsoft Office vulnerabilities and steal sensitive browser credentials.The loader which runs a framework to deploy multiple malware modules, was observed by Fortinet’s FortiGuard Labs in attacks targeting manufacturing, healthcare, and IT companies in Taiwan.”SmokeLoader, known for its ability to deliver other malicious…
EU enacts new laws to strengthen cybersecurity defenses and coordination

Dec 3, 2024 12:50 PM

Tags: ai, compliance, cyber, cybersecurity, data, defense, framework, healthcare, infrastructure, law, network, penetration-testing, privacy, regulation, risk, service, soc, technology, threat, vulnerability

The European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA).These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity…
Why identity security is your best companion for uncharted compliance challenges

Dec 3, 2024 5:48 AM

Tags: access, ai, attack, authentication, automation, business, cloud, compliance, control, cyberattack, cybersecurity, data, detection, exploit, finance, framework, GDPR, governance, government, healthcare, HIPAA, identity, india, law, least-privilege, mitigation, monitoring, privacy, regulation, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, zero-trust

In today’s rapidly evolving global regulatory landscape, new technologies, environments, and threats are heightening cybersecurity and data privacy concerns. In the last year, governing bodies have taken significant steps to enact stricter compliance measures”, and more than ever, they are focusing on identity-related threats.Some notable changes include: The National Institute of Standards and Technology (NIST)…
CIO POV: Building trust in cyberspace

Dec 3, 2024 5:48 AM

Tags: access, ai, attack, best-practice, business, cio, cisa, cloud, cyber, data, deep-fake, encryption, framework, GDPR, group, identity, infrastructure, intelligence, Internet, mfa, mitre, nist, privacy, regulation, resilience, risk, service, software, strategy, technology, threat, tool, update, windows

Trust lies at the heart of every relationship, transaction, and encounter. Yet in cyberspace”, where we work, live, learn, and play”, trust can become elusive.Since the dawn of the internet nearly 50 years ago, we’ve witnessed incredible digital transformations paired with increasingly formidable threats. Knowing who and what to trust has become so difficult that…
Channel Women In Security: Frameworks For Department Of Defense Compliance

Dec 2, 2024 5:48 PM

Tags: compliance, cybersecurity, defense, framework, governance, resilience, risk

In the latest episode of the Channel Women In Security podcast, Bridget Wilson, senior vice president of governance, risk, and compliance at NetCov, shares her insights on leadership, navigating CMMC compliance for small businesses, and fostering resilience in cybersecurity teams. First seen on crn.com Jump to article: www.crn.com/news/security/2024/channel-women-in-security-frameworks-for-department-of-defense-compliance
AWS launches tools to tackle evolving cloud security threats

Dec 2, 2024 2:28 PM

Tags: access, ai, api, attack, cio, ciso, cloud, credentials, cyber, data, detection, exploit, finance, framework, healthcare, incident response, metric, mitre, ml, ransomware, security-incident, service, tactics, theft, threat, tool, update

The increasing sophistication and scale of cyber threats pose a growing challenge for enterprises managing complex cloud environments. Security teams often face overwhelming volumes of alerts, fragmented workflows, and limited tools to identify and respond to attack patterns spanning multiple events.Amazon Web Services (AWS) is addressing these challenges with two significant updates to its cloud…
EU-Vorstoß: Was bedeuten die neuen NIS2-Anforderungen konkret?

Dec 1, 2024 7:27 PM

Tags: cyber, framework, nis-2, nist

Glücklicherweise können aktuelle Cybersicherheitsrahmenwerke, wie das NIST Cyber Security Framework (CSF) oder ISO27001 eine solide Grundlage bilden, … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/eu-vorstoss-was-bedeuten-die-neuen-nis2-anforderungen-konkret/a37350/
Introducing ABE Squared: A Framework for Comparing the Efficiency of ABE Schemes

Dec 1, 2024 2:19 AM

Tags: framework

Authors: Antonio de la Piedra (Kudelski Security Research Team), Marloes Venema (Radboud University Nijmegen), Greg Alpar (Radboud University Nijmegen… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/09/19/introducing-abe-squared-a-framework-for-comparing-the-efficiency-of-abe-schemes/
Applying Cyber Threat Intelligence and the SAMA Framework to Secure Saudi Arabian Financial Institutions

Dec 1, 2024 1:19 AM

Tags: cyber, finance, framework, intelligence, threat

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/Applying-Cyber-Threat-Intelligence-SAMA-Framework-Secure-Saudi-Arabian-Financial-Institutions
C2 Frameworks – Threat Hunting in Action with YARA Rules

Dec 1, 2024 12:18 AM

Tags: framework, threat

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/c2-frameworks-threat-hunting-in-action-with-yara-rules
Can You Transfer Data to the US Under the GDPR?

Nov 26, 2024 7:10 PM

Tags: corporate, data, framework, GDPR, international, privacy

The Data Privacy Framework, standard contractual clauses, and binding corporate rules The EU GDPR (General Data Protection Regulation) is strict about international data transfers EU residents’ personal data may not leave the EU or EEA unless an appropriate safeguard is in place. What are the most common safeguards US organizations can expect EU organizations to…
Phishing Prevention Framework Reduces Incidents by Half

Nov 26, 2024 12:34 AM

Tags: attack, business, framework, fraud, intelligence, phishing

The anti-fraud plan calls for companies to create a pipeline for compiling attack information, along with formal processes to disseminate that intelligence across business groups. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/phishing-prevention-framework-reduces-incidents-by-half
Top challenges holding back CISOs’ agendas

Nov 25, 2024 6:51 PM

Tags: ai, attack, authentication, awareness, breach, business, ceo, cisa, ciso, compliance, control, cyberattack, cybersecurity, data, deep-fake, defense, detection, framework, grc, group, insurance, intelligence, jobs, malicious, monitoring, network, password, phishing, privacy, regulation, risk, skills, soc, social-engineering, strategy, threat, tool, training, vulnerability, zero-trust

In the past decade, every CISO knew the question awaiting them in the boardroom: Can we survive the next cyberattack? Now, as the turbulent 2024 draws to a close, the concerns have multiplied, says Don Gibson, the CISO at Kinly. Board members are often asking: Can we survive these economic times? Or are we prepared…
What CISOs need to know about the SEC’s breach disclosure rules

Nov 25, 2024 6:51 PM

Tags: attack, breach, business, ceo, ciso, communications, compliance, corporate, cybersecurity, data, finance, framework, incident response, ISO-27001, law, privacy, risk, security-incident, service, software, supply-chain, threat, unauthorized

The US Securities and Exchange Commission’s (SEC) breach disclosure rules have placed increased responsibility on the CISOs of publicly traded companies in the reporting of cybersecurity incidents and risks.The SEC’s latest disclosure rules, which went into effect in December 2023, require listed companies to report any cybersecurity incident determined to be material via Form 8-K…
How to Prevent Evilginx Attacks Targeting Entra ID

Nov 23, 2024 3:55 PM

Tags: access, advisory, attack, authentication, blizzard, cisa, credentials, cyber, framework, group, mfa, phishing, russia, threat, tool, unauthorized
NIST IoT Device Security Framework to Get an Update

Nov 22, 2024 8:54 PM

Tags: ai, cybersecurity, framework, Internet, iot, nist, risk, technology, update

Revised Framework to Address Emerging IoT Risks and Technologies. The U.S. National Institute of Standards and Technology plans to revise its Internet of Things cybersecurity framework to address evolving risks posed by emerging technologies and use cases, such as AI and immersive tech. The proposed updates will broaden the focus to entire product ecosystems. First…
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps

Nov 22, 2024 5:53 PM

Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windows

Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
What is DSPT Compliance: From Toolkit to Audit (2024)

Nov 22, 2024 5:53 AM

Tags: compliance, cyber, cybersecurity, data, framework, tool

The Data Security and Protection Toolkit (DSPT), an online tool, is undergoing significant changes. From September 2024, the DSPT will now align with the National Cyber Security Centre’s Cyber Assessment Framework (CAF) to enhance cybersecurity measures across the NHS. This shift will impact many NHS organisations and require adjustments to their data security and protection……
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps

Nov 21, 2024 9:53 PM

Tags: access, attack, authentication, automation, best-practice, breach, cloud, compliance, control, cyber, cybersecurity, data, defense, detection, exploit, finance, framework, group, iam, identity, infrastructure, jobs, least-privilege, microsoft, monitoring, password, ransomware, RedTeam, resilience, risk, service, strategy, tactics, threat, tool, unauthorized, update, vulnerability

A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses. Microsoft’s Active Directory (AD) is at the heart of identity and access…
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics

Nov 21, 2024 9:53 PM

Tags: access, attack, authentication, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, detection, exploit, framework, iam, identity, infrastructure, intelligence, least-privilege, login, mfa, microsoft, monitoring, password, risk, service, software, strategy, tactics, threat, tool, update, vulnerability

A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on. The landmark report Detecting and Mitigating Active Directory Compromises, released in September by cybersecurity agencies…
10 Best Drata Alternatives to Consider for Compliance Management in 2024

Nov 21, 2024 10:53 AM

Tags: ai, automation, compliance, framework, risk, risk-management

If you’re familiar with platforms like Drata, you may appreciate their streamlined compliance processes and integrations. But if you’re ready for something beyond automation and integration (think powerful AI-driven risk management, live visual dashboards, and extensive framework mappings), Centraleyes delivers in ways Drata just can’t match! Let’s take a closer look at both platforms and……
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts

Nov 21, 2024 5:53 AM

Tags: apple, cve, cyber, framework, macOS, malicious, vulnerability

A race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from…
Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities

Nov 20, 2024 1:53 PM

Tags: apple, exploit, framework, update, vulnerability

Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-security-update/
Joe Sullivan: CEOs must be held accountable for security too

Nov 20, 2024 11:50 AM

Tags: ceo, framework

The former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he’s calling for clearer regulatory frameworks for… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366613603/Joe-Sullivan-CEOs-must-be-held-accountable-for-security-too
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Nov 20, 2024 6:58 AM

Tags: authentication, cve, exploit, flaw, framework, leak, network, oracle, sans, vulnerability

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.”This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network First seen on…
China Privacy Law: Data Management Audits Are Coming in 2025

Nov 19, 2024 8:53 PM

Tags: china, compliance, data, framework, law, privacy, regulation

Attorney James Gong Examines Upcoming Regulations Related to Non-Personal Data. In 2025, companies in China will face additional obligations when data protection audits become mandatory, setting a new benchmark for compliance with privacy laws. China is also expected to introduce regulations on non-personal data to establish a framework for ethical and secure data usage. First…
Achieving DORA Compliance: A Guide to Meeting Key ICT Control Requirements Using CimTrak

Nov 19, 2024 6:53 PM

Tags: compliance, control, cybersecurity, data, dora, finance, framework, guide, incident response, monitoring, regulation, resilience, risk, risk-management, technology, tool
Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)

Nov 19, 2024 11:53 AM

Tags: cve, exploit, framework, oracle, update, vulnerability

Oracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/cve-2024-21287/