Tag: framework
-
Navigating AI Governance: Insights into ISO 42001 NIST AI RMF
As businesses increasingly turn to artificial intelligence (AI) to enhance innovation and operational efficiency, the need for ethical and safe implementation becomes more crucial than ever. While AI offers immense potential, it also introduces risks related to privacy, bias, and security, prompting organizations to seek robust frameworks to manage these concerns. The post Navigating AI…
-
DHS Releases Secure AI Framework for Critical Infrastructure
The voluntary recommendations from the Department of Homeland Security cover how artificial intelligence should be used in the power grid, water system, air travel network, healthcare, and other pieces of critical infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/dhs-releases-secure-ai-framework-critical-infrastructure
-
Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report
The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched. The post Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report/
-
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,…
-
Homeland Security Department Releases Framework for Using AI in Critical Infrastructure
The framework recommends that AI developers evaluate potentially dangerous capabilities in their products, ensure their products align with “human-centric values” and protect users’ privacy. The post Homeland Security Department Releases Framework for Using AI in Critical Infrastructure appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/homeland-security-department-releases-framework-for-using-ai-in-critical-infrastructure/
-
Microsoft revamps how it will disclose vulnerabilities
The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disclose-vulnerabilities-CSAF/733063/
-
Lessons From OSC&R on Protecting the Software Supply Chain
A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/lessons-from-osc-r-on-protecting-the-software-supply-chain
-
Zero-Day-Schwachstellen gefunden – Erneuter Fehler in Googles Android-Framework
First seen on security-insider.de Jump to article: www.security-insider.de/google-warnung-sicherheitsluecke-android-framework-a-347b05adfbcffd4c0b146d9addc28cf3/
-
APT41’s LightSpy Campaign Expands with Advanced DeepData Framework in Targeted Espionage Against Southern Asia
The BlackBerry Research and Intelligence Team has uncovered a new chapter in the LightSpy espionage campaign, marking a significant evolution in APT41’s capabilities. The China-linked cyber-espionage group has introduced DeepData,... First seen on securityonline.info Jump to article: securityonline.info/apt41s-lightspy-campaign-expands-with-advanced-deepdata-framework-in-targeted-espionage-against-southern-asia/
-
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a maliciou… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/critical-flaws-in-ollama-ai-framework.html
-
Trusted Name Weaponized: Sliver and Ligolo-ng Attack Leverages Y Combinator Brand
Security researchers from Threat Hunting Platform Hunt.io have uncovered a recent operation leveraging the Sliver command-and-control (C2) framework and Ligolo-ng tunneling tool. The operation aimed at targeting victims using the... First seen on securityonline.info Jump to article: securityonline.info/trusted-name-weaponized-sliver-and-ligolo-ng-attack-leverages-y-combinator-brand/
-
Toolkit Vastly Expands APT41’s Surveillance Powers
The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/toolkit-expands-apt41s-surveillance-powers
-
Middle East Cybersecurity Efforts Catch Up After Late Start
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East, led by Saudi Arabia and other Gulf nations, have adopted mature frameworks and regulations amid escalating volumes of attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/middle-east-cybersecurity-efforts-catch-up
-
Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework c… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html
-
Government launches cyber standard for local authorities
Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366613473/Government-launches-cyber-standard-for-local-authorities
-
WEF Introduces Framework to Strengthen Anti-Cybercrime Partnerships
The World Economic Forum has shared recommendations on how to build on the success of existing partnerships to accelerate the disruption of cybercriminal activities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wef-framework-combat-cybercrime/
-
JFrog-Analyse zur Gefährdung Maschinellen Lernens: Kritische Schwachstellen in ML-Frameworks entdeckt
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/jfrog-analyse-gefaehrdung-maschinelles-lernen-kritisch-schwachstellen-ml-frameworks-entdeckung
-
Metasploit Framework Released with New Features
The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced an exciting new release packed with cutting-edge features. The latest update includes new payloads targeting the emerging RISC-V architecture, a sophisticated SMB-to-HTTP(S) relay exploit for Active Directory Certificate Services (AD CS), and several new modules addressing high-profile vulnerabilities. These additions…
-
QSC Malware Framework: New Tool in CloudComputating Group’s Cyberespionage Arsenal
Kaspersky Labs has unveiled an advanced malware framework, QSC, reportedly deployed by the CloudComputating group (also known as BackdoorDiplomacy). This sophisticated tool is built with a modular, plugin-based architecture that... First seen on securityonline.info Jump to article: securityonline.info/qsc-malware-framework-new-tool-in-cloudcomputating-groups-cyberespionage-arsenal/
-
Embarking on a Compliance Journey? Here’s How Intruder Can Help
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting.Luckily, Intruder simplifies the process by helpin… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/embarking-on-compliance-journey-heres.html
-
ISMG Summit Highlights Growing Third-Party Vendor Threats
Financial Services Experts Call for Stronger Focus on Third-Party Risk Management. Financial services leaders and cybersecurity experts said at Information Security Media Group’s 2024 Financial Services Summit that third-party vendor security risks required the need for proactive, multi-layered security frameworks to combat the growing threat landscape. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-summit-highlights-growing-third-party-vendor-threats-a-26772
-
Subverting LLM Coders
Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“: Abstract: Large Language Models (LLMs) have transformed code com- pletion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter…
-
Chinese Gamers Targeted in Winos4.0 Framework Scam
Campaigns like Silver Fox and Void Arachne are deploying the framework, using social media and messaging platforms to lure in victims. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-gamers-targeted-winos40-framework-scam
-
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-increasingly-use-winos40-post-exploitation-kit-in-attacks/
-
Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps
Cybersecurity researchers are warning that a command-and-control (C&C) framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities.”Winos 4.0 is an advanced malicious framework that offers comprehensive functionality, a stable architecture, and efficient control over numerous online endpoints to execute First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/new-winos-40-malware-infects-gamers.html
-
New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps
Cybersecurity researchers are warning that a command-and-control (C&C) framework called Winos is being distributed within gaming-related applications … First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/new-winos-40-malware-infects-gamers.html
-
Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese government entity in early 2023, which leverages three modu… First seen on gbhackers.com Jump to article: gbhackers.com/evasive-panda-cloudscout-attack/
-
Fehler im DataBinder und Path Traversal – Sicherheitslücken im Spring Framework gefährden Daten
Tags: frameworkFirst seen on security-insider.de Jump to article: www.security-insider.de/spring-framework-update-6114-sicherheitsluecken-behoben-a-5d6bfd47c934acd6a4e09333963d0638/