Security News

NICE unveiled a Robo Ethical Framework promoting responsibility and transparency in the design, creation and deployment of AI-powered robots. NICE's ethical guidelines set the standard for designing, building and deploying robots, and form the basis for solid and ethically sound robot and human collaboration.

The project, called D3FEND, is available through the non-profit MITRE Corporation as a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality.

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts", the end-to-end framework aims to secure the software development and deployment pipeline - i.e., the source build publish workflow - and mitigate threats that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain.

The U.S. tech giant this week unveiled SLSA, a new end-to-end framework the company hopes will drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain. "The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats. With SLSA, consumers can make informed choices about the security posture of the software they consume."

The Business Logic Attack Definition Framework sets the stage for shared understanding and knowledge among vendors, cybersecurity professionals and customers who are proactively tackling an increasing number of malicious bot threats. Once the attack stages for a scalper bot attack were confirmed, Netacea analysed the tactics, techniques and processes of other types of bot attacks and captured all automated bot threats and their lifecycles in a series of comprehensive kill chains.

IonQ announced the full integration of its quantum computing platform with Cirq, an open-source quantum computing framework from Google. "From its origins, the vision for Cirq was to expand access to quantum computing to even broader audiences," said Dave Bacon, VP of Software at IonQ. "As a developer myself, I know that a smoother, simpler implementation is a better implementation, one that will be more useful in the real world. Volkswagen has shown that developing in Cirq on IonQ has real benefits for real problems faced by development teams."

Elastic announces new updates across the Elastic Security solution in its 7.13 release to broaden support for osquery, the open source host instrumentation framework, with a new host management integration for Elastic Agent and unified analysis of osquery host data. The osquery host management integration, now in beta, enables security teams to use osquery results to address cyber threats without the complexity or cost of a separate management layer.

Aqua Security announced that its Team Nautilus researchers were tapped by the MITRE ATT&CK team to contribute to the development of the new Container Framework. Aqua's contributions help to create a foundation for cloud security methodologies and shape the future of container security by illuminating key cloud native security attack vectors and methods observed in the wild by Aqua's threat research team.

Hewlett Packard Enterprise announced solutions to help organizations advance data monetization by tapping into Gaia-X, an emerging federated data infrastructure supported by more than 300 organizations in Europe and globally. The HPE Solution Framework for Gaia-X was designed for companies, service providers and public organizations that want to get ready to participate in Gaia-X. It supports virtually all capabilities that are required to both provide and consume data and services in a decentralized, federated environment.

The European Council this week announced its decision to extend for one year the framework for sanctions against cyberattacks that threaten the European Union and its member states. Established in 2017, the framework allows member states to take restrictive measures against cyberattacks, including to prevent, discourage, deter and respond to malicious activities.