Tag: framework
-
10 Best Drata Alternatives to Consider for Compliance Management in 2024
by
in SecurityNewsIf you’re familiar with platforms like Drata, you may appreciate their streamlined compliance processes and integrations. But if you’re ready for something beyond automation and integration (think powerful AI-driven risk management, live visual dashboards, and extensive framework mappings), Centraleyes delivers in ways Drata just can’t match! Let’s take a closer look at both platforms and……
-
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts
by
in SecurityNewsA race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from…
-
Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities
by
in SecurityNewsApple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-security-update/
-
Joe Sullivan: CEOs must be held accountable for security too
by
in SecurityNewsThe former CSO at Uber was found guilty in 2022 of obstruction of justice relating to a breach. Now he’s calling for clearer regulatory frameworks for… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366613603/Joe-Sullivan-CEOs-must-be-held-accountable-for-security-too
-
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
by
in SecurityNewsOracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.”This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network First seen on…
-
China Privacy Law: Data Management Audits Are Coming in 2025
by
in SecurityNewsAttorney James Gong Examines Upcoming Regulations Related to Non-Personal Data. In 2025, companies in China will face additional obligations when data protection audits become mandatory, setting a new benchmark for compliance with privacy laws. China is also expected to introduce regulations on non-personal data to establish a framework for ethical and secure data usage. First…
-
Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)
by
in SecurityNewsOracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/cve-2024-21287/
-
Navigating AI Governance: Insights into ISO 42001 NIST AI RMF
by
in SecurityNewsAs businesses increasingly turn to artificial intelligence (AI) to enhance innovation and operational efficiency, the need for ethical and safe implementation becomes more crucial than ever. While AI offers immense potential, it also introduces risks related to privacy, bias, and security, prompting organizations to seek robust frameworks to manage these concerns. The post Navigating AI…
-
DHS Releases Secure AI Framework for Critical Infrastructure
by
in SecurityNewsThe voluntary recommendations from the Department of Homeland Security cover how artificial intelligence should be used in the power grid, water system, air travel network, healthcare, and other pieces of critical infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/dhs-releases-secure-ai-framework-critical-infrastructure
-
Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report
The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched. The post Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report/
-
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
by
in SecurityNewsA threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,…
-
Homeland Security Department Releases Framework for Using AI in Critical Infrastructure
by
in SecurityNewsThe framework recommends that AI developers evaluate potentially dangerous capabilities in their products, ensure their products align with “human-centric values” and protect users’ privacy. The post Homeland Security Department Releases Framework for Using AI in Critical Infrastructure appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/homeland-security-department-releases-framework-for-using-ai-in-critical-infrastructure/
-
Microsoft revamps how it will disclose vulnerabilities
by
in SecurityNewsThe company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disclose-vulnerabilities-CSAF/733063/
-
Lessons From OSC&R on Protecting the Software Supply Chain
by
in SecurityNewsA new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much vulnerable software reaches production. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/lessons-from-osc-r-on-protecting-the-software-supply-chain
-
Zero-Day-Schwachstellen gefunden – Erneuter Fehler in Googles Android-Framework
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/google-warnung-sicherheitsluecke-android-framework-a-347b05adfbcffd4c0b146d9addc28cf3/
-
APT41’s LightSpy Campaign Expands with Advanced DeepData Framework in Targeted Espionage Against Southern Asia
by
in SecurityNewsThe BlackBerry Research and Intelligence Team has uncovered a new chapter in the LightSpy espionage campaign, marking a significant evolution in APT41’s capabilities. The China-linked cyber-espionage group has introduced DeepData,... First seen on securityonline.info Jump to article: securityonline.info/apt41s-lightspy-campaign-expands-with-advanced-deepdata-framework-in-targeted-espionage-against-southern-asia/
-
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
by
in SecurityNewsCybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a maliciou… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/critical-flaws-in-ollama-ai-framework.html
-
Trusted Name Weaponized: Sliver and Ligolo-ng Attack Leverages Y Combinator Brand
by
in SecurityNewsSecurity researchers from Threat Hunting Platform Hunt.io have uncovered a recent operation leveraging the Sliver command-and-control (C2) framework and Ligolo-ng tunneling tool. The operation aimed at targeting victims using the... First seen on securityonline.info Jump to article: securityonline.info/trusted-name-weaponized-sliver-and-ligolo-ng-attack-leverages-y-combinator-brand/
-
Toolkit Vastly Expands APT41’s Surveillance Powers
by
in SecurityNewsThe China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/toolkit-expands-apt41s-surveillance-powers
-
Middle East Cybersecurity Efforts Catch Up After Late Start
by
in SecurityNewsDespite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East, led by Saudi Arabia and other Gulf nations, have adopted mature frameworks and regulations amid escalating volumes of attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/middle-east-cybersecurity-efforts-catch-up
-
Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
by
in SecurityNewsGoogle said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework c… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html
-
Government launches cyber standard for local authorities
by
in SecurityNewsLocal government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366613473/Government-launches-cyber-standard-for-local-authorities
-
WEF Introduces Framework to Strengthen Anti-Cybercrime Partnerships
by
in SecurityNewsThe World Economic Forum has shared recommendations on how to build on the success of existing partnerships to accelerate the disruption of cybercriminal activities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wef-framework-combat-cybercrime/
-
JFrog-Analyse zur Gefährdung Maschinellen Lernens: Kritische Schwachstellen in ML-Frameworks entdeckt
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/jfrog-analyse-gefaehrdung-maschinelles-lernen-kritisch-schwachstellen-ml-frameworks-entdeckung
-
Metasploit Framework Released with New Features
by
in SecurityNewsThe Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced an exciting new release packed with cutting-edge features. The latest update includes new payloads targeting the emerging RISC-V architecture, a sophisticated SMB-to-HTTP(S) relay exploit for Active Directory Certificate Services (AD CS), and several new modules addressing high-profile vulnerabilities. These additions…
-
QSC Malware Framework: New Tool in CloudComputating Group’s Cyberespionage Arsenal
by
in SecurityNewsKaspersky Labs has unveiled an advanced malware framework, QSC, reportedly deployed by the CloudComputating group (also known as BackdoorDiplomacy). This sophisticated tool is built with a modular, plugin-based architecture that... First seen on securityonline.info Jump to article: securityonline.info/qsc-malware-framework-new-tool-in-cloudcomputating-groups-cyberespionage-arsenal/
-
Embarking on a Compliance Journey? Here’s How Intruder Can Help
by
in SecurityNewsNavigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting.Luckily, Intruder simplifies the process by helpin… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/embarking-on-compliance-journey-heres.html