Security News

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
2024-11-04 14:08

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including...

Enhancing national security: The four pillars of the National Framework for Action
2024-10-24 04:30

In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework...

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
2024-10-22 17:06

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously...

What you need to know to select the right GRC framework, North American Edition
2024-10-11 02:45

Governance, risk, and compliance (GRC) frameworks help professionals assess an organization’s risk posture, align technological initiatives with business goals, and ensure regulatory compliance....

Balancing legal frameworks and enterprise security governance
2024-10-10 04:00

In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the...

Guide for selecting the right GRC framework, EU edition
2024-10-09 07:43

Governance, risk, and compliance frameworks are critical. They enable cybersecurity professionals to accurately identify an organization’s risk posture, align business and strategic objectives...

MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more!
2024-10-04 04:00

MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP parser designed for...

Compliance frameworks and GenAI: The Wild West of security standards
2024-09-16 04:00

In this Help Net Security interview, Kristian Kamber, CEO at SplxAI, discusses how security challenges for GenAI differ from traditional software. Unlike predictable software, GenAI introduces...

NIST Cybersecurity Framework (CSF) and CTEM – Better Together
2024-09-05 09:19

It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with...

Automated Security Validation: One (Very Important) Part of a Complete CTEM Framework
2024-08-08 11:00

One of these categories is Automated Security Validation, which provides the attacker's perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. Traditional security methods can miss hidden assets or fail to account for vulnerabilities hiding in user accounts or security policies.