Security News

The U.S. Office of the National Cyber Director released a request for information entitled Open-Source Software Security: Areas of Long-Term Focus and Prioritization, which indicates that the U.S. Government's effort to invest in open-source software and security continues to pick up steam. In this Help Net Security video, Luis Villa, General Counsel at Tidelift, discusses how the RFI is a clear call to open source experts and industry leaders that the best ideas for how the government can make the entire open source ecosystem more healthy and secure are top of mind.

The University of Michigan has isolated itself from the internet but, hey, everything's fine! The institute's president on Tuesday published a letter to the school community thanking everyone for their patience as technical staff work to restore internet access following an undisclosed security incident.

'We will continue fighting this case' global chief's lawyer tells us An appeals court has reversed a 2021 decision to drop a bribery charge against Apple's head of global security, who is accused...

Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI. OpenAI, Google, Meta and more companies put their large language models to the test on the weekend of August 12 at the DEF CON hacker conference in Las Vegas. The Generative Red Team Challenge organized by AI Village, SeedAI and Humane Intelligence gives a clearer picture than ever before of how generative AI can be misused and what methods might need to be put in place to secure it.

At its Google Next '23 event this week, Google revealed how - with the use of its PaLM 2 foundational model - it is applying the generative AI Duet AI to security solutions in Google Cloud, including posture management, threat intelligence and detection and network and data security. Integrating Duet AI into Chronicle explicitly addresses security operations workload and tool proliferation, and implicitly the shortage of security operators in SOC teams, Potti explained.

According to the report, attackers favor Microsoft because of the potential to move laterally through an organization's Microsoft environments. If 4.31% seems like a small figure, Abnormal Security CISO Mike Britton pointed out that it is still four times the impersonation volume of the second most-spoofed brand, PayPal, which was impersonated in 1.05% of the attacks Abnormal tracked.

Ask any security professional and they'll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate "Fixer" somewhere in the organization. A new study, commissioned by Seemplicity and conducted by Dark Reading, provides fresh insight into how security pros handle the challenging remediation life cycle from discovery to resolution.

96% of respondents indicated they were still 'confident or very confident' in their organization's SaaS security measures, and yet, 'managing the security of SaaS applications' is the top challenge for IT leaders. The effects of generative AI. IT leaders must now factor the effects of generative AI, such as ChatGPT, into their overall SaaS security approach.

Cloud Native Application Protection Platforms have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, network security, and secure DevOps.

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructureNorth Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability to target internet backbone infrastructure and healthcare institutions in Europe and the US. Maintaining consistent security in diverse cloud infrastructuresIn this Help Net Security interview, Kennedy Torkura, CTO at Mitigant, discusses the complexity of maintaining clear visibility into cloud environments, why it poses such a challenge for CISOs, and how they can prepare to address potential issues. IEEE 802.11az provides security enhancements, solves longstanding problemsIn this Help Net Security interview, Jonathan Segev, IEEE 802.11 Task Group Chair of next-generation positioning at IEEE, discusses IEEE 802.11az.