Security News

HITRUST CSF version 9.4 now incorporates and harmonizes the largest number of authoritative sources of any security and privacy framework, most recently adding the CMMC framework and two community-specific standards, as well as updating existing sources for continued relevancy. As security and privacy requirements change in response to new and updated global laws and regulations, or breaches and other cyber events, HITRUST is committed to maintaining and expanding the relevancy and applicability of the HITRUST CSF to meet the continually evolving regulatory and risk-management landscape and associated control requirements.

The Kubeflow open-source project is a popular framework for running machine-learning tasks in Kubernetes. Because Kubeflow is a containerized service, these various tasks run as containers in the Kubernetes cluster, and each can present a path for an attacker into the core Kubernetes architecture.

BigID introduced the first Application Development Framework for any data discovery platform on the market. The BigID App Development Framework empowers customers and partners to get more value from their data by building custom application functionality on top of BigID's market-leading data discovery platform.

AcceleratXR announced the launch of its new open source project - Composer. Js is a framework and toolset for rapidly building back-end API services using NodeJS. The project is a fork of the internal tools and technology the company has been steadily building its innovative MMO gaming platform with over the last two years.

Dubbed Ramsay, the framework appears to be in the development stage, with its operators still working on refining delivery vectors. Ramsay appears to have been under development since late 2019, and ESET's security researchers believe that there are two maintained versions at the moment, each tailored based on the configuration of different targets.

Elastic, the company behind Elasticsearch and the Elastic Stack, announced the launch of a new alerting framework delivered across the Elastic Stack to provide first-class experiences with tailored interfaces that allow users to create powerful alerts in the normal flow of their daily tasks. The new alerting framework is delivered via Kibana across the Elastic Stack and available within the SIEM, Uptime, APM, and Metrics applications.

Google Project Zero security researchers have discovered multiple vulnerabilities in ImageIO, the image parsing API used by Apple's iOS and macOS operating systems. The bugs in image parsing code, some of which impact open source image libraries and not the ImageIO framework itself, can be triggered through popular messenger applications by sending specially crafted image files to the targeted user.

Guardicore's open source breach and attack simulation platform Infection Monkey now maps its attack results to the MITRE ATT&CK framework, allowing users to quickly discover internal vulnerabilities and rapidly fix them. Infection Monkey operates within organizations' existing environments, whether cloud, on prem, hypervisors or containers, and finds and maps lateral movement paths through the environment using real world exploits.

Failure in internet routing security leads to major outages, stolen data, hijacking, lost revenue and more, with more than 12,000 routing outages in 2018 alone. The cascading nature of internet routing means not only that major network players like Cloudflare, Akamai, Facebook and Netflix are committed to secure routing, they are also committed to encouraging adoption by all of the many thousands of networks that peer with them.

AI, whose artificial intelligence software is purpose-built for engineers, scientists, and researchers and enables them to innovate and make discoveries faster, announced that it had completed contributions to TensorFlow, the world's most popular open-source framework for deep learning created by Google. "Part of Noble's mission is building AI that's accessible to engineers, scientists and researchers, anytime and anywhere, without needing to learn or re-skill into computer science or AI theory," said Dr. Matthew C. Levy, Founder and CEO of Noble.