Security News

The tech world has a problem: Security fragmentation. There's no standard set of rules or even language for mitigating cyber risk used to address the growing threats of hackers, ransomware and stolen data, and the threat to data only continues to grow.

GSM Association's Fraud and Security Group has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques and procedures that they use.The Mobile Threat Intelligence Framework is focused on mobile network-related attacks that are not already covered by existing public frameworks like MITRE ATT&CK and MITRE FiGHT. In scope are 2G, 3G, 4G, 5G, including all kind of telecommunication service enablers and future mobile technology evolutions.

Mantis is an open-source command-line framework that automates asset discovery, reconnaissance, and scanning. You input a top-level domain, and it identifies associated assets, such as subdomains and certificates.

Attackers are leveraging a vulnerability in Anyscale's Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells."We observed hundreds of compromised clusters in the past three weeks alone. Each cluster uses a public IP address, and most clusters contain hundreds to thousands of servers. There are hundreds of servers that are still vulnerable and exposed."

Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. The solution enables the identification of security vulnerabilities in applications and devices by taking on the role of an app and facilitating interactions with the Dalvik VM, other apps' IPC endpoints, and the operating system.

Ray is an open-source framework developed by Anyscale that is used to scale AI and Python applications across a cluster of machines for distributed computational workloads. In November 2023, Anyscale disclosed five Ray vulnerabilities, fixing four tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023.

TechRepublic's cheat sheet about the NIST CSF is an overview of this new government recommended best practice, and it includes steps on implementing the security framework. Is the NIST cybersecurity framework just for government use?

The February 2024 Patch Tuesday was pretty typical, with the standard Microsoft Windows, Office, and Exchange Server updates. Before we get to the March 2024 Patch Tuesday forecast, I want to provide information on the updated NIST framework.

Python Risk Identification Tool is Microsoft's open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. It started as a collection of individual scripts used during the team's initial foray into red teaming generative AI systems in 2022.

Overcoming the pressures of cybersecurity startup leadershipIn this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO's leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. How organizations can navigate identity security risks in 2024In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats.