Security News
Cybersecurity is a lucrative field, and you don't have to spend years learning all the various aspects of it. If you are an advanced IT professional, you can actually break into it with very specialized training, such as the NIST Cybersecurity & Risk Management Frameworks course.
Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites. It exists because the Gutenberg Template Library & Redux Framework plugin registers several AJAX actions available to unauthenticated users, one of which is deterministic and predictable, making it possible to uncover what the $support hash for a site would be.
MITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Tips on how to use it as part of your cyber skills strategy.
Sisense announced the Sisense Extense Framework, an innovation developed to deliver AI-driven analytic experiences directly within the applications users are working in without needing to leave their workflow. As a part of the announcement, Sisense is introducing several new infusion applications built on the Extense Framework to deliver actionable intelligence to employees for enhanced operational, logistical, and role-based teamwork, improving collaboration and decision-making effectiveness.
NICE unveiled a Robo Ethical Framework promoting responsibility and transparency in the design, creation and deployment of AI-powered robots. NICE's ethical guidelines set the standard for designing, building and deploying robots, and form the basis for solid and ethically sound robot and human collaboration.
The project, called D3FEND, is available through the non-profit MITRE Corporation as a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality.
As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts", the end-to-end framework aims to secure the software development and deployment pipeline - i.e., the source build publish workflow - and mitigate threats that arise out of tampering with the source code, the build platform, and the artifact repository at every link in the chain.
The U.S. tech giant this week unveiled SLSA, a new end-to-end framework the company hopes will drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain. "The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats. With SLSA, consumers can make informed choices about the security posture of the software they consume."
The Business Logic Attack Definition Framework sets the stage for shared understanding and knowledge among vendors, cybersecurity professionals and customers who are proactively tackling an increasing number of malicious bot threats. Once the attack stages for a scalper bot attack were confirmed, Netacea analysed the tactics, techniques and processes of other types of bot attacks and captured all automated bot threats and their lifecycles in a series of comprehensive kill chains.
IonQ announced the full integration of its quantum computing platform with Cirq, an open-source quantum computing framework from Google. "From its origins, the vision for Cirq was to expand access to quantum computing to even broader audiences," said Dave Bacon, VP of Software at IonQ. "As a developer myself, I know that a smoother, simpler implementation is a better implementation, one that will be more useful in the real world. Volkswagen has shown that developing in Cirq on IonQ has real benefits for real problems faced by development teams."