cert – WindowsTechs.com

Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service

Posted on November 21, 2024 by Help Net Security

The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the simulation training platform Cyber Ranges to unveil TRYZUB, a cyber resilienc… Continue reading Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service→

OT security: Helping under-resourced critical infrastructure organizations

Posted on June 27, 2022 by Zeljka Zorz

In this Help Net Security interview, Dawn Cappelly, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles… Continue reading OT security: Helping under-resourced critical infrastructure organizations→

The Establishment of a Cyber Safety Review Board

Posted on May 18, 2021 by Richard Stiennon

In 2013, the Obama Administration began asking what government could do to improve cybersecurity. By February 2014, Farnam Jahanian, Assistant Director for Computer and Information Science and Engineering at the National Science Foundation, convened a… Continue reading The Establishment of a Cyber Safety Review Board→

EU investigating ‘IT security incident’ involving multiple agencies

Posted on April 6, 2021 by Sean Lyngaas

Cybersecurity experts at the European Union are investigating an “IT security incident” involving multiple institutions, though “no major information breach” has been detected, EU officials said Tuesday. The scope and nature of the incident were not immediately clear, but a spokesperson for the European Commission, the EU’s executive branch, said the commission had set up a “24/7 monitoring service” in response to the incident. “The European Commission and other EU institutions, bodies or agencies have experienced an IT security incident in their IT infrastructure,” the commission spokesperson said in an email. A spokesperson for the European Parliament said the parliament and other EU bodies had “received an alert on [a] possible vulnerability in its IT infrastructure.” The parliament “took immediate measures to check and protect its servers against this vulnerability,” the spokesperson said. As a 27-country bloc that affects trade and foreign policy on the continent, EU institutions are natural […]

The post EU investigating ‘IT security incident’ involving multiple agencies appeared first on CyberScoop.

Continue reading EU investigating ‘IT security incident’ involving multiple agencies→

Who Watches the Watchers, Italian Style – Insider IP Theft at Leonardo

Posted on December 15, 2020 by Christopher Burgess

Two infosec team members are accused of attacking Leonardo’s systems to perpetrate IP theft, highlighting the real issue of insider threats One question often asked in security is whether an event is really a cyberattack when insiders are the on… Continue reading Who Watches the Watchers, Italian Style – Insider IP Theft at Leonardo→

Intel pushes for hardware-specific additions to vulnerability taxonomy

Posted on January 15, 2020 by Sean Lyngaas

The professionals who work to uncover security vulnerabilities in hardware must find a “common language” for categorizing them in order to make important strides in securing those systems, according to chipmaking giant Intel Corp. Hardware researchers “do not have the same standard taxonomy that would enable them to share information and techniques with one another,” Intel researchers Arun Kanuparthi and Hareesh Khattri argued in an op-ed published this week on Help Net Security, an information security website. “If we expect hardware vendors and their partners to collectively deliver more secure solutions, we must have a common language for discussing hardware security vulnerabilities,” Kanuparthi and Khattri wrote. At issue is the Common Weakness Enumeration (CWE) system, a list that is used as a yardstick on which to map Common Vulnerabilities and Exposures (CVE). CVEs are more familiar to security researchers as signposts for potential threats, and they’re a notch in the belt […]

The post Intel pushes for hardware-specific additions to vulnerability taxonomy appeared first on CyberScoop.

Continue reading Intel pushes for hardware-specific additions to vulnerability taxonomy→

Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’

Posted on September 18, 2019 by Lindsey O'Donnell

Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously. Continue reading Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’→

Are Cyber-Ontologies the Future of Cybersecurity?

Posted on July 24, 2019 by Frank Ohlhorst

The science of cybersecurity is starting to permeate the discussions of thought leaders in the cyber realm. After all, attacks based on APTs (advanced persistent threats), phishing and ransomware are on a growth trajectory, and seem to be getting more… Continue reading Are Cyber-Ontologies the Future of Cybersecurity?→

Microsoft dismisses new Windows RDP ‘bug’ as a feature

Posted on June 6, 2019 by Danny Bradbury

Researchers have found an unexpected behavior in a Windows feature designed to protect remote sessions. Continue reading Microsoft dismisses new Windows RDP ‘bug’ as a feature→

Security weakness in popular VPN clients

Posted on April 16, 2019 by John E Dunn

Numerous enterprise VPN clients could be vulnerable to a potentially serious security weakness that could be used to spoof access. Continue reading Security weakness in popular VPN clients→