Security News

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
2024-10-22 17:06

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously...

What you need to know to select the right GRC framework, North American Edition
2024-10-11 02:45

Governance, risk, and compliance (GRC) frameworks help professionals assess an organization’s risk posture, align technological initiatives with business goals, and ensure regulatory compliance....

Balancing legal frameworks and enterprise security governance
2024-10-10 04:00

In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the...

Guide for selecting the right GRC framework, EU edition
2024-10-09 07:43

Governance, risk, and compliance frameworks are critical. They enable cybersecurity professionals to accurately identify an organization’s risk posture, align business and strategic objectives...

MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more!
2024-10-04 04:00

MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP parser designed for...

Compliance frameworks and GenAI: The Wild West of security standards
2024-09-16 04:00

In this Help Net Security interview, Kristian Kamber, CEO at SplxAI, discusses how security challenges for GenAI differ from traditional software. Unlike predictable software, GenAI introduces...

NIST Cybersecurity Framework (CSF) and CTEM – Better Together
2024-09-05 09:19

It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with...

Automated Security Validation: One (Very Important) Part of a Complete CTEM Framework
2024-08-08 11:00

One of these categories is Automated Security Validation, which provides the attacker's perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. Traditional security methods can miss hidden assets or fail to account for vulnerabilities hiding in user accounts or security policies.

Realm: Open-source adversary emulation framework
2024-07-15 04:16

Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It's designed to handle engagements of any size.

How to design a third-party risk management framework
2024-07-12 04:30

An effective third-party risk management framework ensures that an organization is not derailed by vendor risks and vulnerabilities. Right after you categorize your third-party vendors based on their importance to your organization, next you must define the scope of your third-party risk management services and framework by identification of the type of third parties involved and the risk factors posed by them.