Tag: framework
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
What is DSPT Compliance: From Toolkit to Audit (2024)
The Data Security and Protection Toolkit (DSPT), an online tool, is undergoing significant changes. From September 2024, the DSPT will now align with the National Cyber Security Centre’s Cyber Assessment Framework (CAF) to enhance cybersecurity measures across the NHS. This shift will impact many NHS organisations and require adjustments to their data security and protection……
-
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
Tags: access, attack, authentication, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, detection, exploit, framework, iam, identity, infrastructure, intelligence, least-privilege, login, mfa, microsoft, monitoring, password, risk, service, software, strategy, tactics, threat, tool, update, vulnerabilityA landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on. The landmark report Detecting and Mitigating Active Directory Compromises, released in September by cybersecurity agencies…
-
10 Best Drata Alternatives to Consider for Compliance Management in 2024
If you’re familiar with platforms like Drata, you may appreciate their streamlined compliance processes and integrations. But if you’re ready for something beyond automation and integration (think powerful AI-driven risk management, live visual dashboards, and extensive framework mappings), Centraleyes delivers in ways Drata just can’t match! Let’s take a closer look at both platforms and……
-
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts
A race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from…
-
Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities
Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-security-update/
-
Joe Sullivan: CEOs must be held accountable for security too
The former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he’s calling for clearer regulatory frameworks for… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366613603/Joe-Sullivan-CEOs-must-be-held-accountable-for-security-too
-
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.”This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network First seen on…
-
China Privacy Law: Data Management Audits Are Coming in 2025
Attorney James Gong Examines Upcoming Regulations Related to Non-Personal Data. In 2025, companies in China will face additional obligations when data protection audits become mandatory, setting a new benchmark for compliance with privacy laws. China is also expected to introduce regulations on non-personal data to establish a framework for ethical and secure data usage. First…
-
Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)
Oracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/cve-2024-21287/
-
Navigating AI Governance: Insights into ISO 42001 NIST AI RMF
As businesses increasingly turn to artificial intelligence (AI) to enhance innovation and operational efficiency, the need for ethical and safe implementation becomes more crucial than ever. While AI offers immense potential, it also introduces risks related to privacy, bias, and security, prompting organizations to seek robust frameworks to manage these concerns. The post Navigating AI…
-
DHS Releases Secure AI Framework for Critical Infrastructure
The voluntary recommendations from the Department of Homeland Security cover how artificial intelligence should be used in the power grid, water system, air travel network, healthcare, and other pieces of critical infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/dhs-releases-secure-ai-framework-critical-infrastructure
-
Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report
The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched. The post Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report/
-
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,…
-
Homeland Security Department Releases Framework for Using AI in Critical Infrastructure
The framework recommends that AI developers evaluate potentially dangerous capabilities in their products, ensure their products align with “human-centric values” and protect users’ privacy. The post Homeland Security Department Releases Framework for Using AI in Critical Infrastructure appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/homeland-security-department-releases-framework-for-using-ai-in-critical-infrastructure/
-
Microsoft revamps how it will disclose vulnerabilities
The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disclose-vulnerabilities-CSAF/733063/
-
Lessons From OSC&R on Protecting the Software Supply Chain
A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/lessons-from-osc-r-on-protecting-the-software-supply-chain
-
Zero-Day-Schwachstellen gefunden – Erneuter Fehler in Googles Android-Framework
First seen on security-insider.de Jump to article: www.security-insider.de/google-warnung-sicherheitsluecke-android-framework-a-347b05adfbcffd4c0b146d9addc28cf3/
-
APT41’s LightSpy Campaign Expands with Advanced DeepData Framework in Targeted Espionage Against Southern Asia
The BlackBerry Research and Intelligence Team has uncovered a new chapter in the LightSpy espionage campaign, marking a significant evolution in APT41’s capabilities. The China-linked cyber-espionage group has introduced DeepData,... First seen on securityonline.info Jump to article: securityonline.info/apt41s-lightspy-campaign-expands-with-advanced-deepdata-framework-in-targeted-espionage-against-southern-asia/
-
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a maliciou… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/critical-flaws-in-ollama-ai-framework.html
-
Trusted Name Weaponized: Sliver and Ligolo-ng Attack Leverages Y Combinator Brand
Security researchers from Threat Hunting Platform Hunt.io have uncovered a recent operation leveraging the Sliver command-and-control (C2) framework and Ligolo-ng tunneling tool. The operation aimed at targeting victims using the... First seen on securityonline.info Jump to article: securityonline.info/trusted-name-weaponized-sliver-and-ligolo-ng-attack-leverages-y-combinator-brand/
-
Toolkit Vastly Expands APT41’s Surveillance Powers
The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/toolkit-expands-apt41s-surveillance-powers
-
Middle East Cybersecurity Efforts Catch Up After Late Start
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East, led by Saudi Arabia and other Gulf nations, have adopted mature frameworks and regulations amid escalating volumes of attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/middle-east-cybersecurity-efforts-catch-up
-
Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework c… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html
-
Government launches cyber standard for local authorities
Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366613473/Government-launches-cyber-standard-for-local-authorities
-
WEF Introduces Framework to Strengthen Anti-Cybercrime Partnerships
The World Economic Forum has shared recommendations on how to build on the success of existing partnerships to accelerate the disruption of cybercriminal activities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wef-framework-combat-cybercrime/

