ETSI releases first globally applicable standard for consumer IoT security

Sophia Antipolis, 19 February 2019

The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.

Read More...

ETSI Intelligent Transport Systems workshop outlines global projects

Sophia Antipolis, 8 March 2019

The annual ETSI Intelligent Transport Systems (ITS) workshop ended after 2 days of intensive discussions and networking opportunities between industry, the European Commission and stakeholders involved in Cooperative ITS deployment (C-ITS) worldwide.

Read More...

22^nd Global Standards Collaboration meeting convenes world’s leading standards bodies in Montreux, Switzerland

Sophia Antipolis, 28 March 2019

The 22nd meeting of the Global Standards Collaboration (GSC), a high-level gathering of the world’s leading information and communication technologies (ICT) standards organizations, took place from 26-27 March 2019, hosted by IEC (International Electrotechnical Commission) and ISO (International Organization for Standardization) in Montreux, Switzerland.  GSC members shared their priorities and focused on Smart Sustainable Cities and AI (Artificial Intelligence). 

Read More...

"CALLING THE SHOTS" A report commissioned by ETSI calls on EU to retake global leadership in digital standard setting

Sophia Antipolis, 10 October 2019

The report Calling the Shots: Standardization for EU Competitiveness in a Digital Era, was drawn up by an independent panel of experts brought together by Kreab at the request of ETSI and led by Carl Bildt, former Prime Minister and Foreign Minister of Sweden. The panel who met during the first half year of 2019, gathered insights and experience from industry, politics and academia. 

Read More...

ETSI releases a Technical Report on Global Acceptance of EU Trust Services

Sophia Antipolis, 16 January 2020

The ETSI Technical Committee on Electronic Signatures and Infrastructures (TC ESI) is pleased to release the ETSI TR 103684 technical report. This report addresses existing trust service infrastructures that operate in different regions of the world and their possible mutual recognition/global acceptance. The report identifies ways to facilitate cross recognition between EU trust services and trust services from other schemes. The trust services are based on ETSI standards and support the eIDAS Regulation (EU) No 910/2014.

Read More...

ETSI IPE releases the first IPv6 Enhanced Innovation Report, helping global industry players to reach consensus

Sophia Antipolis, 15 October 2021

ETSI is pleased to announce the first ETSI IPv6 Enhanced Innovation (IPE) report ETSI GR IPE 001 “IPv6 Enhanced Innovation: Gap Analysis”. Jointly compiled by 15 leading IP industry players, this report comprehensively analyzes gaps based on requirements created by the new use cases and services like 5G and the cloud, to accelerate IPv6 deployment and innovations, and identifies recommendations of new features of the IPv6 enhanced innovations, paving the way for a consensus to be reached among global IP industry players.

Read More...

ETSI releases first comprehensive global standard for securing smart phones

Sophia Antipolis, 24 November 2021

Today our smartphones and tablets are fundamental for citizens and hold a wide range of user data and apps. At the same time, security attacks have increased with malicious applications and network eavesdropping. To define security and assurance requirements for smart phones and tablets, mitigate potential risks and protect users, ETSI has released a world class standard called Consumer Mobile Device Protection Profile, ETSI TS 103 732. The specification identifies key security and privacy risks for user data and provides appropriate protection.

Read More...

Sophia Antipolis, 28 April 2023

Sustainability was the focus of a high-level meeting of the world’s leading information and communication technologies (ICT) standards bodies. The 23rd meeting of the Global Standards Collaboration (GSC) was hosted by ETSI, in London, 26-27 April 2023. Three sessions were moderated in a workshop format and included interactive discussions.

Read More...

Sophia Antipolis, 15 April 2024

This year’s first ETSI Conference on Non-Terrestrial Networks has stressed the importance of technical standardization in delivering a fully connected planet via NTN, a key element of tomorrow’s global 6G networks.

Held from 3-4 April 2024 at ETSI’s Sophia Antipolis headquarters, the event was co-organized with the European Space Agency (ESA), the 6G Smart Networks and Services Industry Association (6G-IA) and the Smart Networks and Services Joint Undertaking (SNS JU).

Titled ‘Non-Terrestrial Networks, a Native Component of 6G’, the 2-day conference attracted over 200 participants from 25 countries, including experts in standardization and research as well as industrial representation from the mobile, satellite and wider space industries. Delegates shared perspectives on NTN use cases, candidate technology solutions, current research status and standardization roadmaps. Day one sessions focused on the opportunities and challenges of integrating terrestrial and non-terrestrial networks within tomorrow’s global communications landscape. The second day afforded a deep dive into numerous cutting-edge NTN and 6G research & development initiatives in Europe and around the world.

Read More...

Here is a Storify summary of the SpotOn London session: BrainSpace, a global interest graph for

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

Article PDF (download)

2020年在诸多方面都让我们始料未及。新冠肺炎（COVID-19）疫情为全球带来了一场大规模的公共卫生灾难，各国均陷入了疫情及其相关应对政策带来的不同程度的经济困境，面临服务严重中断和人员流动严重受限的局面。无论是富裕国家还是贫穷国家，均未能幸免。在中低收入国家，许多弱势群体直接面临食物安全、医疗和营养方面的威胁。丧失生计、营养不良、教育中断和资源枯竭造成的长期影响可能性非常巨大，特别是对许多国家来说，距离新冠肺炎疫情的结束还遥遥无期。此外，疫情还凸显并加剧了我们食物系统的薄弱环节和不平等状况。一年过去了，全球因新冠肺炎疫情而进一步偏离了到2030年实现可持续发展目标(SDG)的进程。显然，食物系统可以在推动我们走上正轨方面发挥核心作用。要想实现可持续发展目标，就必须对食物系统进行转型，帮助我们更好地为下一次冲击做好准备，同时造福世界贫困人口和弱势群体以及我们的地球。

气候变化对全球食物系统构成的威胁日益严重，对食物和营养安全、生计及全人类整体福祉，尤其是对世界各地的贫困人口和弱势群体造成了严峻影响。我们迫切需要对气候变化采取紧急行动，既要实现限制全球变暖所需的大幅度减排，又要提高适应和应对气候变化的能力，这一点正引起全球的广泛关注。《2022全球食物政策报告》提出了一系列加快行动的机会，这些机会应在制定适应、减缓和应对气候变化的政策与投资决策时加以考虑。

2022年，世界面临多重危机。旷日持久的2019冠状病毒病疫情(COVID-19)、重大自然灾害、内乱和政治动荡以及气候变化日益严重的影响对食物系统的破坏仍在继续，而与此同时，俄乌战争和通货膨胀加剧了全球粮食和化肥危机。危机数量不断增加，多种危机的叠加影响日益加剧，饥饿人口和流离失所者数量不断攀升，促使人们呼吁重新思考粮食危机应对措施，从而为变革创造了一个真正的机会。

Full Book [download]

لقد واجه العالم الكثير من الازمات خلال عام 2022. واستمرت معاناة النظم الغذائية من تداعيات جائحة كوفيد-19 المطولة، والكوارث الطبيعية الكبرى، والاضطرابات المدنية، وحالة عدم الاستقرار السياسي، والاثار المتزايدة لتغير المناخ، وتفاقمت ازمة الغذاء والأسمدة العالمية نتيجة الحرب الروسية الأوكرانية والتضخم. أدى تزايد عدد الأزمات وتأثيرها المتصاعد، وارتفاع عدد الجياع والنازحين الى الحث على إعادة التفكير في طرق الاستجابة للأزمات الغذائية، مما خلق فرص حقيقية للتغيير.

Tenable®, the exposure management company, today released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organizations globally are leaving themselves exposed at the highest levels due to the “toxic cloud trilogy” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyber attackers.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. The Tenable Cloud Risk Report provides a deep dive into the most pressing cloud security issues observed in the first half of 2024, highlighting areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers and Kubernetes. It also offers mitigation guidance for organizations seeking ways to limit exposures in the cloud.

Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organizations have cloud workloads that meet all three of these toxic cloud trilogy criteria, representing a perfect storm of exposure for cyber attackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers, and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organization, with the 2024 average cost of a single data breach approaching $5 million.¹ 

Additional key findings from the report include: 

• 84% of organizations have risky access keys to cloud resources: The majority of organizations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk. 
• 23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions. 
• Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing. 
• 74% of organizations have publicly exposed storage: 74% of organizations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks. 
• 78% of organizations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organizations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from millions of cloud resources across multiple public cloud repositories, analyzed from January 1 through June 30, 2024.

To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024 

¹ IBM Security Cost of a Data Breach Report 2024

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Limiting deforestation involves complex tradeoffs: Results from a global land-use model

Many dimensions of combating climate change.

The post Limiting deforestation involves complex tradeoffs: Results from a global land-use model appeared first on IFPRI.

Global Food Policy Report 2024: Improving governance to create supportive environments for diet and nutrition policies

Key steps to strengthen institutions and relationships

The post Global Food Policy Report 2024: Improving governance to create supportive environments for diet and nutrition policies appeared first on IFPRI.

Global Food Policy Report 2024: Leveraging plant-source foods for sustainable healthy diets

Integrating more fruits, vegetables, and other high-quality crops into food systems.

The post Global Food Policy Report 2024: Leveraging plant-source foods for sustainable healthy diets appeared first on IFPRI.

HeadnoteNational Policy 11-203 Process for Exemptive Relief Applications in Multiple Jurisdictions -- Relief granted from fund multi-layering restriction in paragraph 2.5(2)(b) of NI 81-102 to permit an investment fund to invest in another investment fund under common management that hol

Event Begins: Wednesday, November 13, 2024 8:00am
Location: Shapiro Library
Organized By: University Library

This exhibit highlights U-M Press books (https://myumi.ch/N682p) relevant to the practices of democracy in five arenas:

* Ancient Athens
* The Iroquois Confederacy
* The Roman Republic
* South Korea in the 21st Century
* the U.S. in the 21st Century

The exhibit displays were developed and designed by student organization Michigan Advertising and Marketing in partnership with U-M Press.

Supporting and shaping the global nutrition agenda with evidence: A three-decade journey of research and partnerships for impact

This year’s Forman Lecture will be delivered by Dr. Marie Ruel, Senior Research Fellow in the Nutrition, Diets, and Health Unit at IFPRI. She served as the Director of IFPRI’s Poverty, Health, and Nutrition Division from 2004 to 2023, after serving as Senior Research Fellow and Research Fellow in that division beginning in 1996. Dr. […]

The post Supporting and shaping the global nutrition agenda with evidence: A three-decade journey of research and partnerships for impact appeared first on IFPRI.

Improving Diets and Nutrition through Food Systems: What Will it Take? A Dialogue on IFPRI’s 2024 Global Food Policy Report

IFPRI’s 2024 Global Food Policy flagship publication arrives at a pivotal moment, as the importance of addressing food systems for better nutrition continues to gain global recognition. With United Nations Framework Convention on Climate Change (UNFCCC) 29th Conference of the Parties taking place in November, the SUN Global Gathering on the horizon and the Nutrition […]

The post Improving Diets and Nutrition through Food Systems: What Will it Take? A Dialogue on IFPRI’s 2024 Global Food Policy Report appeared first on IFPRI.

Advancing Sustainable Agri-food Systems for Climate Resilience, Food Security, and Global Collaboration

The livestream will be available on Tuesday November 12, 2024 at 5:00 – 6:30 pm (America/Sao_Paulo) / 3:00 – 4:30 pm (US/Eastern). Join us for an in-depth discussion on Avanzar2030, an evidence-based initiative that identifies promising innovations in agri-food systems and estimates the costs of implementing them. Launched in response to the 2021 UN Food […]

The post Advancing Sustainable Agri-food Systems for Climate Resilience, Food Security, and Global Collaboration appeared first on IFPRI.

Food Systems for Healthy Diets and Nutrition: Africa Regional Launch of IFPRI’s 2024 Global Food Policy Report

The livestream will be available on this page November 14, 2024 at 2:30pm (EAT) / 6:30am (EST). Despite significant progress in addressing hunger and undernutrition in the early 2000s, malnutrition, in all its forms, remains a major challenge in all regions of the world. Unhealthy diets remain the primary drivers of many forms of malnutrition, […]

The post Food Systems for Healthy Diets and Nutrition: Africa Regional Launch of IFPRI’s 2024 Global Food Policy Report appeared first on IFPRI.