ENISA and ETSI joint workshop tackles challenges for European identity proofing

Sophia Antipolis, 3 May 2022

Today ENISA (the European Union Agency for Cybersecurity) and ETSI organized a workshop as part of their joint effort and collaboration to support EU requirements for identity proofing. The event was mainly addressed at EU companies and other public or academic organizations that run or prepare to launch their remote ID solution.

Read More...

New Extension for Disabled People to the ETSI Mobile Emergency App Framework

Sophia Antipolis, 16 January 2023

The ETSI emergency communications technical committee has just released a specification for a Pan-European Mobile Emergency Application framework (PEMEA) Real-Time Text Extension. Real-Time Text (RTT) communications are used extensively by people with hearing and speech disabilities around the world. These systems convey letters as they are typed from the source to the destination.

Read More...

Sophia Antipolis, 16 February 2023

The 9th face-to-face ETSI-IQC Quantum-Safe Cryptography event this week attracted a large audience of nearly 200 people from Europe, North America and Asia, bringing together industry, academia and government. The event was kicked off by ETSI Director-General Luis Jorge Romero, who gave an overview of the quantum-safe standardization journey since the first workshop in 2013 and reiterated ETSI’s continued support for this important global effort.

Read More...

Sophia Antipolis, 14 March 2023

To celebrate the 10th anniversary of ETSI NFV, ETSI organized a conference on the “Evolution of NFV towards the next decade” on 6 and 7 March at its facilities. The face-to-face event provided a unique opportunity for the NFV community to reflect on their achievements in the past 10 years and on the way forward. Carriers, vendors, SDOs representatives, and stakeholders from the whole ecosystem came together to debate on challenges and opportunities. They also addressed how to increase the cooperation between various SDOs and the open-source communities to enhance interoperability and to smooth the deployment of cloudified network telecom functions.

Read More...

Sophia Antipolis, 28 April 2023

Sustainability was the focus of a high-level meeting of the world’s leading information and communication technologies (ICT) standards bodies. The 23rd meeting of the Global Standards Collaboration (GSC) was hosted by ETSI, in London, 26-27 April 2023. Three sessions were moderated in a workshop format and included interactive discussions.

Read More...

Sophia Antipolis, 20 September 2023

ETSI has published a new standard on “Requirements for trust service providers issuing publicly trusted S/MIME certificates” (ETSI TS 119 411-6 ) helping Trust Service Providers comply with new standards for S/MIME certificates that are enforced since 1 September 2023. Secure MIME (S/MIME) certificates are used to sign, verify, encrypt, and decrypt email messages. 

Read More...

Sophia Antipolis, 30 April 2024

The ETSI TeraFlowSDN community is proud to announce the third release of TeraFlowSDN, an innovative and robust SDN orchestrator and controller, delivering a fully featured Network Automation Platform. In this latest release, TeraFlowSDN enhances its capabilities with the integration of an Optical SDN controller, expanding device support to include gNMI and OpenConfig protocols. It also features enriched network integrations for end-to-end orchestration like IP over DWDM, L3VPN, MEC, and network topology exposure. The management of network topologies is improved with the addition of a new BGP-LS speaker able to discover the topologies, and a new Forecaster component is introduced, providing predictive insights for network management. These additions substantially augment the versatility and management capabilities of the TeraFlowSDN platform.

Read More...

Sophia Antipolis, 24 May 2024

Speakers at the 10th ETSI/IQC Quantum Safe Cryptography Conference have called on organizations to prepare their cybersecurity infrastructures to address the challenges of a post-quantum world.

Organized by ETSI and the Institute for Quantum Computing, this year’s conference was hosted from 14-16 May by the Centre for Quantum Technologies (CQT), National University of Singapore (NUS), in partnership with the Infocomm Media Development Authority (IMDA) and the Cyber Security Agency (CSA) of Singapore. The event attracted an impressive 235 onsite delegates from 27 countries, reflecting fast-growing interest worldwide in the critical importance of quantum-safe cryptography in today’s cybersecurity strategies.

Read More...

Starts: Wed, 27 Nov 2024 13:00:00 -0500
11/27/2024 12:00:00PM
Location: Montreal, Canada

Starts: Thu, 28 Nov 2024 18:30:00 -0500
11/28/2024 05:30:00PM
Location: Montreal, Canada

Starts: Sun, 08 Dec 2024 18:30:00 -0500
12/08/2024 04:30:00PM
Location: San Mateo, U. S. A.

New essay by Trudier Harris, "The Image of Africa in the Literature of the Harlem Renaissance," added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.

This document is only available in PDF format.

This document is only available in PDF format.

This document is only available as a PDF.

This document is only available in PDF format.

Job Summary: The Director General’s Office (DGO) of the International Food Policy Research Institute (IFPRI) seeks a highly motivated Proposal Coordinator   to join its team. The ideal candidate will be innovative, self-motivated and goal-oriented, with experience creating and executing fundraising strategies and developing successful proposals to secure restricted and unrestricted funding from foundations and government and multilateral agencies.  The incumbent will be responsible for supporting senior staff and research leads with strategic resource mobilization, proposal development, and coordination efforts across the institute. This locally recruited position is a one year, renewable appointment and is located at IFPRI’s headquarters in Washington, DC.    Essential Duties: Specific duties include but are not limited to: Fundraising Assist in advising staff on the development and implementation of fundraising strategies Perform competitive intelligence gathering through research and analytics to identify new donors and funding prospects, including private industry, foundations, high-net worth individuals, multilateral agencies, and government Advise staff on strategies for approaching donor prospects and draft outreach & communication materials Manage cultivation and stewardship for select foundations and individual donors   Proposal Development & Coordination Proactively liaise with research units and corporate services to facilitate proposal development efforts, streamline the process, strengthen the output, and track progress and staff input throughout the proposal process Work closely with and support research units from project concept to full proposal development, incorporating input from multi-disciplinary staff Provide high quality review for key proposals to ensure output complies with proposal requirements, and facilitate professional service support (grant writer, editor, etc.), in collaboration with research units and finance Continually assess and propose improvements for practices/procedures/systems involving IFPRI’s proposal pipeline and funder/funding intelligence Other duties: Assist with partnership-related activities and event coordination as needed.     Required Qualifications: Bachelor’s degree plus 10 years of relevant work experience or master’s degree or equivalent certification plus 8 years of experience, preferably 4 years of experience in a business development team supporting international development clients, including USAID and US government contracting. At least 2 years of management experience. Experience developing and/or implementing fundraising strategies for nonprofit organizations, including prospect research; outreach to funding sources; and donor cultivation and stewardship Experience developing successful proposals/grants targeting various funding sources (government, private industry, foundation and individuals), preferably in agriculture, nutrition and/or relevant fields Highly effective and versatile communication skills—both written and oral. Ability to effectively synthesize scientific/programmatic content for multiple audiences High level of professionalism, including the ability to diplomatically coordinate individuals with various disciplines to accomplish common objections Self-motivated, with proven ability to work independently and multi-task to accomplish key goals and complete projects Strong analytical skills Comfortable in a global team, including working well with team members and collaborators located in multiple time zones and countries Willingness and ability to travel as needed   Preferred Qualifications: Master’s degree Proficiency in a second language of the U.N. system International experience, especially in Africa, Asia and Latin America Working knowledge of Microsoft Office and donor databases Background, or interest in, international development   Physical Demand & Work environment: Employee will sit in an upright position for a long period of time Employee will lift between 0-10 pounds. Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading   Salary Range: The expected salary range for this job requisition is between $85,600- $104,900. In determining your salary, we will consider your experience and other job-related factors. Benefits: IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits can be found on our website. Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.

Last month, the Department of Homeland Security announced the availability of $279.9 million in grant funding for the Fiscal Year (FY) 2024 State and Local Cybersecurity Grant Program (SLCGP). Now in its third year, the four-year, $1 billion program provides funding for State, Local and Territorial (SLT) governments to implement cybersecurity solutions that address the growing threats and risks to their information systems. Applications must be submitted by December 3, 2024.

While there are no significant modifications to the program for FY 2024, the Federal Emergency Management Agency (FEMA), which administers SLCGP in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), identified key changes, some of which we highlight below:

The FY 2024 NOFO adds CISA’s KEV catalog as a new performance measure and recommended resource

The FY 2024 notice of funding opportunity (NOFO) adds the CISA Known Exploited Vulnerabilities (KEV) catalog as a recommended resource to encourage governments to regularly view information related to cybersecurity vulnerabilities confirmed by CISA, prioritizing those exploited in the wild. In addition, CISA has added “Addressing CISA-identified cybersecurity vulnerabilities” to the list of performance measures it will collect through the duration of the program.

Tenable offers fastest, broadest coverage of CISA’s KEV catalog

At Tenable, our goal is to help organizations identify their cyber exposure gaps as accurately and quickly as possible. To achieve this goal, we have research teams around the globe working to provide precise and prompt coverage for new threats as they are discovered. Tenable monitors and tracks additions to the CISA KEV catalog on a daily basis and prioritizes developing new detections where they do not already exist.

Tenable updates the KEV coverage of its vulnerability management products — Tenable Nessus, Tenable Security Center and Tenable Vulnerability Management — allowing organizations to use KEV catalog data as an additional prioritization metric when figuring out what to fix first. The ready availability of this data in Tenable products can help agencies meet the SLCGP performance measures. This blog offers additional information on Tenable’s coverage of CISA’s KEV catalog.

FY 2024 NOFO adds “Adopting Enhanced Logging” as a new performance measure

The FY 2024 NOFO also adds “Adopting Enhanced Logging” to the list of performance measures CISA will collect throughout the program duration.

How Tenable’s library of compliance audits can help with Enhanced Logging

Tenable's library of Compliance Audits, including Center for Internet Security (CIS) and Defense Information Systems Agency (DISA), allows organizations to assess systems for compliance, including ensuring Enhanced Logging is enabled. Tenable's vulnerability management tools enable customers to easily schedule compliance scans. Users can choose from a continuously updated library of built-in audits or upload custom audits. By conducting these scans regularly, organizations can ensure their systems are secure and maintain compliance with required frameworks.

FY 2024 NOFO continues to require applicants to address program objectives in their applications

As with previous years, the FY 2024 NOFO sets four program objectives. Applicants must address at least one of the following in their applications:

• Objective 1: Develop and establish appropriate governance structures, including by developing, implementing, or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents, and ensure operations.
• Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
• Objective 3: Implement security protections commensurate with risk.
• Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

How Tenable can help agencies meet Objective 2 of the program

Tenable is uniquely positioned to help SLTs meet Objective 2 through the Tenable One Exposure Management Platform. In addition to analyzing traditional IT environments, Tenable One analyzes cloud instances, web applications, critical infrastructure environments, identity access and privilege solutions such as Active Directory and more — including highly dynamic assets like mobile devices, virtual machines and containers. Once the complete attack surface is understood, the Tenable One platform applies a proactive risk-based approach to managing exposure, allowing SLT agencies to successfully meet each of the sub-objectives outlined in Objective 2 (see table below).

Source: Tenable, October 2024

Tenable One deployment options offer flexibility for SLT agencies

Tenable offers SLT agencies flexibility in their implementation models to help them best meet the requirements and objectives outlined as part of the SLCGP. Deployment models include:

• Centralized risk-based vulnerability program managed by a state Department of Information Technology (DoIT)
• Multi-entity projects
• Decentralized deployments of Tenable One managed by individual municipalities,
• Managed Security Service Provider (MSSP) models that allow agencies to rapidly adopt solutions by utilizing Tenable’s Technology Partner network.

Whole-of-state approach enables state-wide collaboration and cooperation

A “whole-of-state” approach — which enables state-wide collaboration to improve the cybersecurity posture of all stakeholders — allows state governments to share resources to support cybersecurity programs for local government entities, educational institutions and other organizations. Shared resources increase the level of defense for SLTs both individually and as a community and reduce duplication of work and effort. States get real-time visibility into all threats and deploy a standard strategy and toolset to improve cyber hygiene, accelerate incident response and reduce statewide risk. For more information, read Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach.

FY 2024 NOFO advises SLT agencies to adopt key cybersecurity best practices

As in previous years, the FY 2024 NOFO again recommends SLT agencies adopt key cybersecurity best practices. To do this, they are required to consult the CISA Cross-Sector Cybersecurity Performance Goals (CPGs) throughout their development of plans and projects within the program. This is also a statutory requirement for receiving grant funding.

How Tenable One can help agencies meet the CISA CPGs

The CISA CPGs are a prioritized subset of cybersecurity practices aimed at meaningfully reducing risk to critical infrastructure operations and the American people. They provide a common set of IT and operational technology (OT) fundamental cybersecurity best practices to help SLT agencies address some of the most common and impactful cyber risks. Learn more about how Tenable One can help agencies meet the CISA CPGs here.

Learn more

• $1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants
• Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach
• How to Meet FY 2023 U.S. State and Local Cybersecurity Grant Program Objectives
• New U.S. SLCGP Cybersecurity Plan Requirement: Adopt Cybersecurity Best Practices Using CISA's CPGs
• Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

TORONTO – The Canadian Securities Administrators (CSA) is providing an update to interested parties on the status of its work to introduce binding authority for an independent dispute resolution service.

SAINT JOHN, NB - In recognition of Financial Literacy Month’s theme “Money on your Mind?

#solo12fraud

"Humanity pushes back! The Survey Corps develops a risky gambit— have Eren in Titan form attempt to repair Wall Rose, reclaiming human territory from the monsters for the first time in a century. But Titan-Eren's self-control is far from perfect, and when he goes on a rampage, not even Armin can stop him! With the survival of humanity on his massive shoulders, will Eren be able to return to his senses, or will he lose himself forever?"-- Page [4] of cover.

"The one who wields the fire power is destined to save the world, but Owen Johnson has turned his back on that life. But after the Dragon's Claw's attack, Owen and his family are reeling from the loss— and more danger lurks on the horizon!" -- Description provided by publisher.

"A deadly typhoon, a mysterious creature and a girl who won't quit. In 2020, a large creature rampages through Tokyo, destroying everything in its path. In 1959, Asa Asada, a spunky young girl from a huge family in Nagoya, is kidnapped for ransom— and not a soul notices. When a typhoon hits Nagoya, Asa and her kidnapper must work together to survive. But there's more to her kidnapper and this storm than meets the eye. When Asa's mother goes into labor yet again, Asa runs off to find a doctor. But no one bats an eye when she doesn't return— not even as a storm approaches Nagoya. Forgotten yet again, Asa runs into a burglar and tries to stop him on her own, a decision that leads to an unlikely alliance." -- Provided by publisher.

"Asa and Kasuga see the tail of a giant creature rise from the water. In a jungle, explorers discover massive claw marks in a tree trunk. And years later in 1964, a mysterious military man appears asking all the wrong questions." -- Provided by publisher.

"France spirals towards a civil war, as nobles continue to ignore the people of France. Noblewoman Oscar Fraṅois de Jarjayes is forced to reconsider her life as a soldier and a woman, her loyalties and her love. Marie Antoinette and the royal family seek escape, while Robespierre and the National Assembly take up arms and demand democracy." -- Provided by publisher.

We’re delighted to announce that SpotOn will return this year as a one-day conference in

“Buckle up – we’re going to start with some physics” Our keynote at this year’s

استمرت المواجهة في السودان بين القوات المسلحة السودانية وقوات الدعم السريع لعدة أشهر قبل أن تتصاعد إلى نزاع مسلح في 15 أبريل 2023. بالإضافة ة إلى جانب الكارثة الإنسانية، عطل النزاع العديد من الخدمات العامة مثل الكهرباء والمياه والخدمات الصحية والخدمات المصرفية، بينما تعطل أيضا الوصول إلى الأسواق، مما أدى إلى ندرة كبيرة في السلع والخدمات. وقد دمر الصراع البنية التحتية الرئيسية، وقيد التجارة المحلية والدولية وعطل أنشطة الإنتاج وسلاسل الموردين.

From #1 New York Times bestselling author Sandra Brown comes another masterful creation, a riveting novel of suspense, revenge, and unpredictable twists and turns...When Melina suggests that her twin sister Gillian take her place as a media escort to an astronaut, she initially refuses. The following morning Melina is horrified to learn that her sister has been murdered. Now she must work together to learn the truth behind her sister's death, and discover the identity of the killer, whose plans are far from over.

When she returns home to start a new medical practice, Lara finds she can't escape her troubled past to open up her medical practice after all these years. Soon she finds herself in the sights of a powerful oil executive who wants nothing more than to be rid of Lara. Lara decides to find the truth behind the corruption and secrets in town- even if it could cost her everything.

The best public defender in Prosper, Kendall has stumbled upon the town's chilling secret - and her marriage to one of the town's most powerful men has become a living hell. Now Kendall is a terrified mother trying to save her child's life.

Assistant DA Hammond Cross has his sights set on the DA's office. Prosecuting a high-profile murder case practically ensures him the job. But a Saturday night encounter with a mysterious woman is the start of a living nightmare.

An ambitious female television reporter is driving through New Mexico when she hears that a Texas millionarie's teenage daughter has been kidnapped. Knowing the girl's father lives nearby, she quickly lines up an interview. The situation quickly spins out of control, however, and the reporter finds herself at the center of a tense situation that could have devastating consequences for all involved.

#1 New York Times bestselling author Sandra Brown weaves a tale of murder, passion, and intrigue in the pristine corridors of the White House. Barrie Travis is not famous: she's just a damn good reporter stuck at a low-budget television station. Then, her old friend and now First Lady calls her to investigate the supposed SIDS death of her baby. Stunned by grief after the loss of her infant son, the President's wife hints that her child may have murdered. Blind to everything but finding the truth, Barrie delves into the private lives of the president and his wife and uncovers dark and terrible secrets that will test her ethics, her patriotism, and her courage. With the help of Gray Bondurant, a mysterious former presidential aide, this story could topple the presidency and change the course of history. In this fast-moving political thriller, Barrie must fight powerful forces that want nothing more than to see the scandalous past-and a certain young reporter-dead and buried.

A medical miracle gives TV personality Cat Delaney more than a new heart. With her second chance at life Cat trades Hollywood for San Antonio, where she hosts a TV show for children with special needs. Here she meets Alex Pierce, an ex-cop turned crime writer-and the first man to see her as a woman since her surgery. But her new world turns sinister when fatal "accidents" begin killing other heart recipients, and a mysterious stalker starts shadowing her every move. Soon Cat realizes Alex may-or may not-be her most important ally and that her new heart comes at a terrible price: a tangled web of secrets and someone determined to take her life.

Carl Herbold is a cold-blooded psychopath who has just escaped the penitentiary where he was serving a life sentence. Bent on revenge, he's going back to where he began--Blewer County, Texas... Born deaf, lately widowed, Anna Corbett fights to keep the ranch that is her son's birthright, unaware that she is at the center of Herbold's horrific scheme--and that her world of self-imposed isolation is about to explode... Drifter Jack Sawyer arrives at Anna's ranch asking for work, hoping to protect the innocent woman and her son from Herbold's rage. But Sawyer can't outrun the secrets that stalk him--or the day of reckoning awaiting them all...

A master of romantic suspense, Sandra Brown spins an action-packed tale of mistaken identity, political intrigue, and assassination. The crash of a Dallas-bound jet wasn't just a tragedy for TV reporter Avery Daniels; it was an act of fate that handed her a golden opportunity to further her career, but made her the crucial player in a drama of violent passions and deadly desires. After plastic surgery transforms her face, Daniels is mistaken for a glamorous, selfish woman named Carole Rutledge-wife of the famous senatorial candidate Tate Rutledge who is a member of a powerful Texas dynasty. As she lay helpless in the hospital, Daniels made a shattering discovery: Someone close to Tate planned to assassinate him. Now, to save Tate's life, Avery must live another woman's life-and risk her own...

As a surgeon, Dr. Rennie Newton is the consummate professional. When she's summoned to jury duty, she brings to the courtroom the same level of competence and composure that she displays in the operating room. It is this commitment to precision that compels her to deliver a not guilty verdict in the murder case against notorious contract killer Ricky Lozada. It will be the most regrettable decision of her life... because Rennie's trial with Lozada doesn't end with his acquittal. Her carefully structured life begins to crumble when a rival colleague is brutally slain. Lozada's menacing shadow looms over the murder, but it's Rennie the investigators focus on as the prime suspect. The privacy she has cultivated and protected at all costs is violated by the police as well as Lozada. And when he begins an earnest courtship, insinuating himself into every aspect of her life, it becomes terrifyingly clear that he is obsessed with having her. Wick Threadgill is a detective on indefinite leave from the Fort Worth PD, who has his own personal agenda for the contract killer. Temperamental, bitter, and driven by loyalty and love, Wick is determined to destroy Lozada...as determined as Lozada is to possess Rennie Newton. In order to defeat Lozada-and save their lives-Rennie and Wick form an uneasy alliance. Mistrustful of each other, they know only one thing with absolute certainty-like one of Lozada's prize scorpions, when this killer strikes, they won't see it coming. The Crush will take you on a tortuous path through a twisted sociopath's eerie obsession, a haunted man's fragile hopes for redemption, and a woman's heart as she struggles to face her greatest fear-to open herself to love.

A police officer is furious that his partner's murderer was acquitted. In a desperate act of revenge, he kidnaps the defense attorney's wife. Who will find redemption in this story of corruption and passion?

Modern ideas get tangled up with traditional ones in the latest intriguing installment in the beloved, best-selling No. 1 Ladies' Detective Agency series. Precious Ramotswe has taken on two puzzling cases. First she is approached by the lawyer Mma Sheba, who is the executor of a deceased farmer's estate. Mma Sheba has a feeling that the young man who has stepped forward may be falsely impersonating the farmer's nephew in order to claim his inheritance. Mma Ramotswe agrees to visit the farm and find out what she can about the self-professed nephew. Then the proprietor of the Minor Adjustment Beauty Salon comes to Mma Ramotswe for advice. The opening of her new salon has been shadowed by misfortune. Not only has she received a bad omen in the mail, but rumors are swirling that the salon is using dangerous products that burn people's skin. Could someone be trying to put the salon out of business? Meanwhile, at the office, Mma Ramotswe has noticed something different about Grace Makutsi lately. Though Mma Makutsi has mentioned nothing, it has become clear that she is pregnant . . . But in Botswana-a land where family has always been held above all else-this may be cause for controversy as well as celebration. With genuine warmth, sympathy, and wit, Alexander McCall Smith explores some tough questions about married life, parenthood, grief, and the importance of the traditions that shape and guide our lives. This is the fourteenth installment in the series. This ebook edition includes a Reading Group Guide.

#1 New York Times bestselling author Iris Johansen offers readers a classic tale of a love that seems impossible-and a hunger that is undeniable. Jenny Cashman longs to escape the refined, rarified air of her exclusive Swiss education. At nineteen, she's desperate for independence-and to once again see the man she loves. So she sells her belongings, leaves Europe, and heads to Las Vegas. The sight of Steve Jason's newest palatial hotel and casino thrills Jenny-but not as much as the sight of the man himself. Steve came to her rescue after her father died, paying for her years of expensive schooling. Now, she must convince him that she's old enough to make her own decisions . . . including about her passion for him. Steve Jason is a powerful mogul, a man who came from nothing and made a name for himself in the industry before he was thirty years old. He takes great care to keep all emotional involvement with others to a bare minimum-with only one exception. Jenny has always been incredibly important to him. But how can he keep her safe when she seems oblivious to her own stunning beauty and the reactions she gets from other men? It will take all of Steve's resolve to protect her-especially from his own desires.

Toronto – The Canadian Securities Administrators (CSA) is warning the public about scammers claiming to represent large, well-known financial companies.  Recently, the CSA has noted an increase in the number of scams involving the use of professional looking electronic broch

Montreal - The Canadian Securities Administrators (CSA) is warning the public to be vigilant for unsolicited communications that come from scammers posing as CSA staff or staff of CSA members.

TORONTO – The Canadian Securities Administrators (CSA), the Canadian Investment Regulatory Organization (CIRO), and the Ombudsman for Banking Services and Investments (OBSI) remind investors that they all offer investors services related to claims or complaints free of charge.

Summary of the findings • We find that the PSNP did not significantly alter the risk of violent events. • However, it had a negative impact on demonstrations (protests and riots) as well as fatalities. • These effects are most pronounced during the period of 2014-18, coinciding with widespread protests in Amhara and Oromia, the […] Source: IFPRI Ethiopia: Ethiopia Strategy Support Program