CISA

Phosphorus’s Cyber-Physical System (CPS) Protection Platform Matches CISA Mitigation Guidance for Top Misconfiguration Risks Amid Rise in ICS Threats

Retrieved on: 
Thursday, December 7, 2023

“Misconfigurations are extremely common in Cyber-Physical Systems, from IoT to operational technology and industrial control systems,” said Sonu Shankar, Chief Strategy Officer of Phosphorus.

Key Points: 
  • “Misconfigurations are extremely common in Cyber-Physical Systems, from IoT to operational technology and industrial control systems,” said Sonu Shankar, Chief Strategy Officer of Phosphorus.
  • Over the next year, we expect to see more disruptive cyber attacks targeting CPS assets in corporate and industrial systems.
  • It is the industry’s only CPS Protection Platform covering the entire security and management lifecycle for xIoT devices–including OT/ICS, IoT, IIoT and IoMT Cyber-Physical Systems.
  • To learn more about Phosphorus’s CPS protection capabilities, visit https://phosphorus.io/ or check out the company’s “Spies, Saboteurs & Scoundrels” talk at select upcoming conferences.

WatchGuard Threat Lab Report Shows Rise in Threat Actors Exploiting Remote Access Software

Retrieved on: 
Wednesday, December 6, 2023

Key findings from the data show increasing instances of remote access software abuse, the rise of cyber adversaries using password-stealers and info-stealers to thieve valuable credentials, and threat actors pivoting from utilizing scripting to employing other living-off-the-land techniques to initiate an endpoint attack.

Key Points: 
  • Key findings from the data show increasing instances of remote access software abuse, the rise of cyber adversaries using password-stealers and info-stealers to thieve valuable credentials, and threat actors pivoting from utilizing scripting to employing other living-off-the-land techniques to initiate an endpoint attack.
  • “Modern security platforms that include firewalls and endpoint protection software can deliver enhanced protection for networks and devices.
  • These findings indicate to Threat Lab researchers that threat actors continue to utilize multiple living-off-the-land techniques, likely in response to more protections around PowerShell and other scripting.
  • For a more in-depth view of WatchGuard’s research, read the complete Q3 2023 Internet Security Report here: https://www.watchguard.com/wgrd-resource-center/security-report-q3-2023 .

Resiliant and Carahsoft Partner to Make Immutable Identity Access Management Solutions Available to the Public Sector

Retrieved on: 
Tuesday, November 21, 2023

“We are thrilled to join forces with Carahsoft to expand the reach of our cost-effective, customer- privacy-centric digital ID authentication products into the Public Sector market,” said Marc Duthoit, CEO at Resiliant.

Key Points: 
  • “We are thrilled to join forces with Carahsoft to expand the reach of our cost-effective, customer- privacy-centric digital ID authentication products into the Public Sector market,” said Marc Duthoit, CEO at Resiliant.
  • Resiliant offers Government agencies a complete integrated ID Management solution that verifies employees’ identities without invading their privacy.
  • “The addition of Resiliant’s identity access management solutions to our offerings marks an exciting new development,” said Steve Jacyna, Director of Emerging Cybersecurity Solutions at Carahsoft.
  • “In an era characterized by ongoing remote work and escalating cyberthreats, protecting digital assets and data is imperative for the Public Sector.

HiddenLayer Partners with CVE Program as a Numbering Authority to Secure AI

Retrieved on: 
Wednesday, December 20, 2023

AUSTIN, Texas, Dec. 20, 2023 /PRNewswire/ -- HiddenLayer, the leading security provider for artificial intelligence (AI) models and assets, proudly announces its partnership with the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA), reinforcing our commitment to enhancing AI system security.

Key Points: 
  • AUSTIN, Texas, Dec. 20, 2023 /PRNewswire/ -- HiddenLayer , the leading security provider for artificial intelligence (AI) models and assets, proudly announces its partnership with the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA) , reinforcing our commitment to enhancing AI system security.
  • HiddenLayer joins over 300 organizations across 37 countries, authorized by the CVE Program to assign CVE IDs to vulnerabilities within their specific scopes, enabling the efficient collaboration of multiple parties to address known AI security risks.
  • "Being acknowledged as a CNA underscores HiddenLayer's dedication and responsibility towards enhancing security for AI," said Tom Bonner, VP of Research of HiddenLayer.
  • The CVE Program is community-driven and is steered by an international board of industry, academic, and government representatives.

Security Journey Announces New AI/LLM and API Learning Paths to Teach Development Teams How to Build Software Securely

Retrieved on: 
Tuesday, November 14, 2023

Just a short time after the OWASP vulnerability lists were published, Security Journey responded with training that enterprises must adopt to build and integrate these technologies securely.

Key Points: 
  • Just a short time after the OWASP vulnerability lists were published, Security Journey responded with training that enterprises must adopt to build and integrate these technologies securely.
  • The training curriculum covers essential topics, enabling development teams to hone their engineering skills to secure data, AI models, and software applications, resulting in the design of robust systems.
  • These learning paths represent our dedication to staying at the forefront of security education, ensuring organizations are equipped to tackle the ongoing security challenges.
  • To learn more about these essential learning paths and enhance your organization's security posture, please visit securityjourney.com.

MITRE, Red Balloon Security, and Narf Announce EMB3D™ – A Threat Model for Critical Infrastructure Embedded Devices

Retrieved on: 
Wednesday, December 13, 2023

Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.

Key Points: 
  • Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.
  • The EMB3D™ Threat Model, a collaborative effort by MITRE , Niyo Little Thunder Pearson ( ONEGas, Inc.), Red Balloon Security , and Narf Industries , provides a common understanding of the threats posed to embedded devices and the security mechanisms required to mitigate them.
  • These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices.
  • “Together, we are committed to enhancing the cyber posture of critical infrastructure sectors that rely on Operational Technology (OT) technologies.

Artificial Intelligence Leaders Partner with Cloud Security Alliance to Launch the AI Safety Initiative

Retrieved on: 
Tuesday, December 12, 2023

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the launch of the AI Safety Initiative in partnership with Amazon, Anthropic, Google, Microsoft, and OpenAI.

Key Points: 
  • The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the launch of the AI Safety Initiative in partnership with Amazon, Anthropic, Google, Microsoft, and OpenAI.
  • The AI Safety Initiative is dedicated to crafting and openly sharing reliable guidelines for AI safety and security, initially concentrating on generative AI.
  • The AI Safety Initiative is actively developing practical safeguards for today's generative AI, structured in a way to help prepare for the future of much more powerful AI systems.
  • The collaborative spirit of leaders crossing competitive boundaries to educate and implement best practices has enabled us to build the best recommendations for the industry,” said Caleb Sima, industry veteran and Chair of the Cloud Security Alliance AI Safety Initiative.

Opal Security Raises $22M in Series B Funding to Expand Next-Generation Identity Security Platform

Retrieved on: 
Thursday, December 7, 2023

Opal Security, the next-generation identity security and access management company, today announced its $22 million Series B funding, led by Battery Ventures, with participation from existing investors Greylock and Box Group.

Key Points: 
  • Opal Security, the next-generation identity security and access management company, today announced its $22 million Series B funding, led by Battery Ventures, with participation from existing investors Greylock and Box Group.
  • With this new round of funding, Opal Security will expand its global team, scale enterprise customer support and ramp up new product development, including a new suite of visualization and AI tools to remediate identity risk.
  • The Opal Security platform simplifies the management of human and non-human identities by providing a clean, API-driven approach to unifying and acting on identity and authorization data.
  • “Opal Security has developed a platform that integrates various solutions, significantly advancing progress in this domain.

Media Alert: Splunk GovSummit 2023 - Delivering on the Nation’s Cyber Strategy Together

Retrieved on: 
Tuesday, December 5, 2023

Splunk Inc. (NASDAQ: SPLK), the cybersecurity and observability leader, is hosting its annual public sector event, GovSummit 2023 , in the Nation’s capital, bringing together government IT and security professionals to explore innovative strategies to deliver on the nation's cyber strategy.

Key Points: 
  • Splunk Inc. (NASDAQ: SPLK), the cybersecurity and observability leader, is hosting its annual public sector event, GovSummit 2023 , in the Nation’s capital, bringing together government IT and security professionals to explore innovative strategies to deliver on the nation's cyber strategy.
  • He has devoted over 40 years to supporting America's service members and veterans, establishing the Gary Sinise Foundation in 2011.
  • GovSummit 2023 will provide attendees with an immersive experience focused on driving innovation through artificial intelligence (AI) and cultivating a resilient cyber workforce.
  • Secure your spot, and register now for GovSummit 2023 and follow along on social media with the hashtag #SplunkGovSummit.

Discover New AI Opportunities at GovAI Summit and CodeForward

Retrieved on: 
Tuesday, December 5, 2023

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has established a roadmap for AI , outlining the public sector’s future plans.

Key Points: 
  • The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has established a roadmap for AI , outlining the public sector’s future plans.
  • Two influential AI events, GovAI Summit and CodeForward , will take place Dec. 5-6 at the Hyatt Regency Crystal City in Arlington, Virginia, to continue the conversation about what’s next for AI.
  • “Events like the GovAI Summit and CodeForward play a crucial role in convening the pioneers who are shaping the responsible development and deployment of AI,” said Pete Erickson, CEO of Modev and organizer of AI-related conferences for more than five years.
  • The agendas promise more than 100 speakers across panels, workshops, keynotes, and sessions focused on AI strategy, responsible implementation, product development, and the future of AI.