Sophia Antipolis, 22 February 2023

During the 17th meeting of ETSI’s Securing AI Industry Specification Group, Scott Cadzow from Cadzow Communications, was elected as the new Chair.

His vision is to confirm ISG SAI as the European Union’s and Standards Development Organizations’ centre of excellence in the topic of securing Artificial Intelligence and Machine Learning.

AI is, or is likely to become, endemic. All reasonably complex software will eventually include AI elements and he is convinced that ETSI is well placed to become thought leader on the role of AI and, particularly, the role of standards for AI, addressing the challenges to standardization of the forthcoming AI Act.

Read More...

Sophia Antipolis, 6 March 2023

The ETSI group on Encrypted Traffic Integration (ISG ETI) is pleased to announce the release of the group report GR-ETI-002 “Requirements definition and analysis”, the next step for the problems previously outlined in the report GR-ETI-001 “Problem Statement”.

Read More...

Sophia Antipolis, 31 March 2023

ETSI is pleased to unveil its 2023 ETSI Fellows who were announced at the 81th ETSI General Assembly on 29 March. The award ceremony took place in the Fernand Leger museum, in Biot, near ETSI facilities in the South of France where art, science and technology mixed beautifully. Scott Cadzow, Hans Johansson and Robert Sarfati were unanimously nominated as ETSI Fellows for their outstanding personal contributions to the organization by the Award committee, composed of the GA Chair and Vice-Chairs, the Board Chair and the ETSI Director-General.

Read More...

Sophia Antipolis, 27 April 2023

ETSI has just released a Protection Profile (PP) for the security evaluation of quantum key distribution (QKD) modules, ETSI GS QKD 016. This Protection Profile is a first and anticipates the need for quantum safe cryptography. The ETSI specification will help manufacturers to submit pairs of QKD modules for evaluation under a security certification process.

Read More...

Sophia Antipolis, 16 May 2023

ETSI is pleased to announce the release of the first Group Report developed by its Reconfigurable Intelligent Surface Industry Specification Group. The ETSI Report ETSI GR RIS-001 identifies and defines relevant RIS use cases, with corresponding general Key Performance Indicators (KPIs). It also describes deployment scenarios as well as potential requirements for each identified use case, to enable interoperability with existing and upcoming wireless technologies and networks.

Read More...

Sophia Antipolis, 23 May 2023

On 26 June 2023, ETSI will host the first panel of a series of Multi-access Edge Computing live panels. This panel will explore the drone business from a MEC perspective with a variety of speakers coming from this vertical market.

Read More...

Sophia Antipolis, 22 June 2023

On 21 June, a panel debate on ‘30 years of Standards for the Single Market: what way ahead?’ brought together the key stakeholders of the European standardization system. Reflecting on the role of standards in the first 30 years of the Single Market, panelists also discussed challenges ahead in the current geopolitical context.

Read More...

Sophia Antipolis, 22 June 2023

ETSI has just released a new White Paper on “MEC Support for Edge Native Design” written by members of the ETSI Multi-access Edge Computing group (ISG MEC). This White Paper provides an overview and vision about the Edge Native approach, as a natural evolution of Cloud Native. 

Read More...

Sophia Antipolis, 11 July 2023

ETSI is pleased to announce three new Reports developed by its Securing AI group (ISG SAI). They address explicability and transparency of AI processing and provide an AI computing platform security framework. The last Report is a multi-partner Proofs of Concepts framework.

Read More...

Sophia Antipolis, 25 July 2023

ETSI is proud to announce the establishment of its first Software Development Group, called OpenSlice. With this group, ETSI positions itself as a focal point for development and experimentation with network slicing.

Read More...

Sophia Antipolis, 26 July 2023

The ETSI Open Source MANO community is proud to announce OSM Release FOURTEEN. Release FOURTEEN is a Long-Term-Support (LTS) release of ETSI OSM, providing two years of continuous support with bug fixes and security patches, and including significant improvements in many key areas.

Read More...

Sophia Antipolis, 28 August 2023

ETSI is pleased to announce the completion of its Release 2 specifications on Fifth Generation Fixed Network (F5G). Building upon the accomplishments of Release 1, the ETSI F5G group has introduced an array of additional features that bring fiber fixed networks into the next level.

Read More...

Sophia Antipolis, 7 September 2023

ETSI is thrilled to announce its new Group Report on Artificial Intelligence on the use of AI for what are commonly referred to as deepfakes. The Report ETSI GR SAI 011, released by the Securing AI (ISG SAI) group, focuses on the use of AI for manipulating multimedia identity representations and illustrates the consequential risks, as well as the measures that can be taken to mitigate them.

Read More...

Sophia Antipolis, 20 September 2023

ETSI has published a new standard on “Requirements for trust service providers issuing publicly trusted S/MIME certificates” (ETSI TS 119 411-6 ) helping Trust Service Providers comply with new standards for S/MIME certificates that are enforced since 1 September 2023. Secure MIME (S/MIME) certificates are used to sign, verify, encrypt, and decrypt email messages. 

Read More...

Sophia Antipolis, 17 October 2023

As the second term of the Industry Specification Group Securing AI (ISG SAI) is scheduled to conclude in Q4 2023, and in line with ETSI's commitment to AI and SAI, the group has suggested the closure of ISG SAI, with its activity transferred to  a new ETSI Technical Committee, TC SAI.

Read More...

Sophia Antipolis, 9 November 2023

ETSI is delighted to announce the establishment of a new Software Development Group, called OpenCAPIF. OpenCAPIF is developing an open-source Common API Framework, as defined by 3GPP, allowing for secure and consistent exposure and use of APIs.

Read More...

Sophia Antipolis, 14 November 2023

ETSI is happy to announce that at a meeting in October of its technical committee in charge of the TETRA standard (TCCE), a full consensus was reached to make the primitives of all TETRA Air Interface cryptographic algorithms available to the public domain.

Read More...

Sophia Antipolis, 30 November 2023

On 28 November, the ETSI General Assembly announced the appointment of a diverse group of 27 board members to serve a new three-year term. Dr. Markus Mueck, Intel Deutschland GmbH, was elected as the new Chair while Mr. Nick Sampson, Orange, Dr. Colin Willcock, Nokia and Dr. Thomas Zielke, BMWK (Ministry for Economic Affairs and Climate Action) were elected as Vice Chairs during the board meeting on 30 November.

Read More...

As the project celebrates the 25th anniversary of the signing of the 3GPP Project Agreement, the 3GPP Organizational Partners have today issued the following joint press release.

Sophia Antipolis, 4 December 2023

With its work on 3G, 4G and 5G specifications used by billions of communications services consumers globally, 3GPP stands ready to create the 6G future.

Read More...

Sophia Antipolis, 21 December 2023

The ETSI Open Source MANO community is proud to announce OSM Release FIFTEEN, meeting the well-established cadence of two releases per year. The OSM community delivers one Long Term Support (LTS) and one regular release every year, to ensure the OSM user base is provided with continuous innovations and production-ready stability.

Read More...

Sophia Antipolis, 31 January 2024

The European Telecommunications Standards Institute (ETSI) has published a significant new technical report, "ETSI TR 103 936 V1.1.1 (2024-01): Cyber Security; Implementing Design Practices to Mitigate Consumer IoT-Enabled Coercive Control". This pioneering document addresses the increasingly important issue of safeguarding individuals from coercive control through the misuse of consumer Internet of Things (IoT) devices.

Coercive control encompasses a range of abusive acts such as security breaches, privacy invasions, harassment, physical assault, and other patterns of behaviour that can limit autonomy or cause emotional harm to potential targets.

Read More...

Sophia Antipolis, 05 April 2024

ETSI is pleased to announce the release of the first two Group Reports developed by its Terahertz Industry Specification Group (ISG THz). They are addressing key elements in this initial phase of the pre-standardization works for THz communications: the use-cases and the spectrum. The role of ETSI ISG THz is to develop an environment where various actors from the academia, research centres, industry can share, in a consensus-driven way, their pre-standardization efforts on THz technology resulting from various collaborative research projects and global initiatives, paving the way towards future standardization. Complementing the work of other ETSI Technical Bodies and other SDOs, the group concentrates on establishing the technical foundation for the development and standardization of THz communications.

Read More...

ETSI elects Director-General Jan Ellsberger

Sophia Antipolis, 17 April 2024

During their 83rd General Assembly, 16-17 April 2024, ETSI members elected the ETSI Director-General Mr. Jan Ellsberger with a majority on the third ballot.

Read More...

Sophia Antipolis, 18 April 2024

ETSI is pleased to unveil its 2024 ETSI Fellows who were announced at the 83rd ETSI General Assembly on 16 April 2024.
The Award Committee, composed of the GA Chair and Vice-Chairs, the Board Chair and the ETSI Director-General, unanimously named Dr. Howard Benn, Mr. Philippe Magneron, Dr. Matthias Schneider, Mrs. Isabelle Valet Harper and Mr. Dirk Weiler, as ETSI Fellows 2024 for their outstanding personal contributions to the organization.

Read More...

Sophia Antipolis, 30 April 2024

The ETSI TeraFlowSDN community is proud to announce the third release of TeraFlowSDN, an innovative and robust SDN orchestrator and controller, delivering a fully featured Network Automation Platform. In this latest release, TeraFlowSDN enhances its capabilities with the integration of an Optical SDN controller, expanding device support to include gNMI and OpenConfig protocols. It also features enriched network integrations for end-to-end orchestration like IP over DWDM, L3VPN, MEC, and network topology exposure. The management of network topologies is improved with the addition of a new BGP-LS speaker able to discover the topologies, and a new Forecaster component is introduced, providing predictive insights for network management. These additions substantially augment the versatility and management capabilities of the TeraFlowSDN platform.

Read More...

Sophia Antipolis, 9 July 2024

ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs.

OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G.

Read More...

Sophia Antipolis, 29 July 2024

We are thrilled to announce our latest official release of OpenSlice, proudly brought to you by ETSI Software Development Group OpenSlice (SDG OSL). This marks our first release under the ETSI umbrella, reflecting our commitment to excellence and innovation in the field of open-source Operations Support System (OSS) solutions.

We want to keep the community’s interest on par with our highest passion and expectation to revolutionize the way Network as a Service (NaaS) is delivered, and our latest release is a testament to our dedication! With this new release, we introduce significant changes aimed at enhancing user engagement and addressing the contemporary needs of both research and industry sectors on the matter.

"The latest OpenSlice 2024Q2 version is a manifest to our commitment to pave the way for modern telco-cloud requirements, seamless integration and reference implementations for 6G" - Christos Tranoris, Senior Research at UPATRAS and Chair of ETSI SDG OSL.

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

Sophia Antipolis, 5 September 2024

The ETSI Industry Specification Group for Network Functions Virtualization (ISG NFV) has just published its specifications of Release 5 first drop as version 5.1.1.

Read More...

Sophia Antipolis, 8 October 2024

ETSI announces the completion of its Release 3 specifications on Fifth Generation Advanced Fixed Network (F5G-A). Building on the achievements of the Release 1 and Release 2, the ETSI ISG F5G has specified a series of new features and capabilities, further elevating fixed fiber networks to a new level:

• Specification of F5G Advanced
  ETSI ISG F5G unveiled the "F5G Advanced Generation Definition", which not only further enhances existing three foundational features of F5G-Enhanced Fixed Broadband (eFBB), Full Fiber Connectivity (FFC), and Guaranteed Reliable Experience (GRE), but also introduces three new key features: Real-time Resilient Link (RRL), Optical Sensing and Visualization (OSV), and Green Agile Optical network (GAO).

Read More...

Sophia Antipolis, 31 October 2024

Protect Confidentiality, Integrity and Availability of Data as Smart Devices Proliferate.

Read More...

Sophia Antipolis, 6 November 2024

End-to-end Network Automation and Security Framework

Read More...

Starts: Thu, 14 Nov 2024 20:00:00 -0500
11/14/2024 06:00:00PM
Location: montreal, Canada

Starts: Sat, 23 Nov 2024 16:30:00 -0500
11/23/2024 02:30:00PM
Location: Ottawa, Canada

Starts: Sat, 07 Dec 2024 13:30:00 -0500
12/07/2024 11:30:00AM
Location: Los Angeles, U. S. A.

Teaching about Native American religion is a challenging task to tackle with students at any level.

Students reading about the coming of the Civil War will find the topic of religion and abolition more interesting than they imagined.

Job Summary: The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as a Senior Research Fellow (SRF I or SRF II) for a two-year, renewable appointment for its Nutrition, Diets and Health Unit. This position is based at IFPRI headquarters located in Washington, D.C but would involve travel to any of the countries in which IFPRI carries out its research. The SRF I/II would manage complex, multi-partner surveys and evaluations, mentor junior research staff, lead the development of new research activities, including developing proposals for the evaluation of multisectoral programs and food systems approaches to improving diet, nutrition and health outcomes in low- and middle-income countries. In addition, the SRF I/II would lead research activities related to the CGIAR Research Initiative on Fruit and Vegetables for Sustainable Healthy Diets (FRESH) which would include leading the co-development of programmatic activities (with program implementation partners) to increase intake of fruit and vegetables. Essential Duties:   Specific duties include but are not limited to: Conducting research related to diets, nutrition, health, and well-being in low-and middle-income countries and the impact of multisectoral programs and/or food systems approaches on these types of outcomes.  Developing and managing large/complex research projects and/or programs including developing workplans, coordinating research activities, monitoring and reporting on progress and sharing research findings with diverse audiences.  Design and supervise large-scale data collection activities such as household surveys, food environment surveys, dietary assessment surveys and nutritional status assessments.   Supervising the work of various research support staff and providing professional mentoring to others.  As part of multisectoral program and/or food systems evaluation activities, work closely with program implementation partners and other key stakeholders, to identify and oversee the design of programmatic activities to address constraints to sustainable, healthy diets. Recruiting and managing national collaborators. Developing and monitoring of the project or program budget. Publishing research in peer-reviewed publications. Providing strong research leadership in developing new ideas into proposals. Preparing donor and other project/program reports. Liaising with donor & senior government and other types of stakeholders on projects Communicating research to a broad spectrum of stakeholders (researchers, academicians, policy makers, local partners. Required Qualifications: At the Senior Research Fellow I level:  PhD in Nutrition, Public Health, Epidemiology, International Development, or closely related field and a minimum of 7 years of post-PhD experience. At the Senior Research Fellow II level:  PhD in Nutrition, Public Health, Epidemiology, International Development, or closely related field and a minimum of 10 years of post-PhD experience Major external recognition within peer professional network due to publications and other leaderships activities. Extensive publication record in peer-reviewed journals. Strong skills in quantitative data analysis Demonstrated ability to perform critical analyses of own & others’ research.  Sustained and consistent excellent publications record in peer-reviewed journals.  Demonstrated leadership skills and strong experience building and managing teams. Demonstrated leadership in developing global research programs with policy recommendations. Demonstrated experience in effective interactions in a multicultural setting with other researchers and with policymakers, donors, and civil society, facilitating impact of research & capacity strengthening. The ability to effectively contribute to IFPRI’s overall institutional value through demonstrated participation and support for organization-wide programs and activities. Willingness to travel extensively as required. Excellent written and spoken English communication skills with demonstrated excellence in written and oral presentations. Demonstrated computer literacy (PC and Microsoft Applications).  Proven record of fundraising success for broad and complex programs and projects. Preferred Qualifications: Proficiency in a second language of the U.N. system Dietary assessment and analysis expertise Experience with qualitative assessment methods and associated analytic techniques and software. Physical Demand and Work Environment: Employee will sit in an upright position for a long period of time.  Employee will lift between 0-10 pounds.  Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range : The expected salary ranges for this job requisition are between 24 R : $135,400 -  $169,300 ; 25 R: $159,800 -  $199,700 .  In determining your salary, we will consider your experience and other job-related factors. Benefits IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a  summary of our benefits can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Job Summary The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as an Associate Research Fellow or Research Fellow. This is a two-year, renewable, exempt appointment based at IFPRI’s Washington, DC Office.  The ideal candidate will have demonstrated aptitude with modeling water resources and hydrologic systems at multiple scales, experience in developing and operating modeling suites that link biophysical and economic models, and interest/experience in the analysis of risk and uncertainty. The successful candidate will work on interdisciplinary teams to conduct research, produce high-impact publications and disseminate knowledge that (for example): assists national level policy-making units confront the challenges posed by climate change and water constraints; fosters regional strategies for resilient growth and development in a context of climate change; works with CGIAR partners on research and/or model development, particularly in IWMI; and assists key agri-food system actors in low- and middle-income countries (LMICs) and other constituencies in the formation of investment plans in water resources, including in relation to food and energy. Specific areas of research are expected to be developed in accordance with the intersection of the interests and skills of the successful candidate and the objectives of the Foresight and Policy Modeling Unit. It is anticipated that about 80 percent of the job will be dedicated to applied research, and the remaining 20 percent will be allocated to capacity-building, policy engagement, and outreach activities supporting evidence-based decision-making. Essential Duties  Specific duties include but are not limited to:  ·          Lead development, maintenance, and improvement of IFPRI’s water data and modeling systems compatible with global (IMPACT) and national levels (RIAPA). ·          Contribute to scenario development, modeling and analytics supporting a variety of foresight-related research projects. ·          Lead focused studies on water-related issues relevant for food system transformation globally and in LMICs. ·          Work with other modelers in the Foresight and Policy Modeling unit to maintain and improve water modeling components of established modeling frameworks. ·          Conduct research in the service of the CGIAR’s mission to advance positive transformation of food, land, and water systems. ·          Support efforts to strengthen the capacity of partner organizations and networks to conduct scholarly research and communicate evidence-based policy recommendations. ·          Prepare project reports, research papers, presentations, and peer-reviewed journal articles in collaboration with CGIAR researchers, other collaborators, and partners. ·          Regularly communicate research outputs via policy seminars, policy briefs, and peer-reviewed publications to a broad spectrum of stakeholders, including researchers, academics, policymakers, and government officials. ·          The successful candidate will work with a multi-disciplinary and multi-cultural team of researchers and is expected to engage in a broad range of research projects and activities consistent with the research program of the Foresight and Policy Modeling Unit. Required Qualifications ·          PhD in Water Resources Engineering, Hydrology, or closely related field ·          Significant expertise in using water resources systems and hydrologic models and experience or interest to link these to economic and other simulation models at global, regional and national levels to evaluate policies related to food, land, and water systems. ·          Demonstrated capabilities in quantitative analysis and ability to use spatial data and methods in innovative and policy-relevant ways to examine water resource management issues in the context of climate change and other major drivers. ·          Ability or willingness to work in the GAMS modeling environment and code, other math/statistical programming languages, and GIS. ·          Experience using river basin modeling tools, (e.g. Mike Hydro Basin, WEAP, and Riverware). ·          Strong interpersonal skills and ability to work well both with a team and independently. ·          Ability to work in a dynamic environment, take initiatives to resolve issues and effectively work with minimal supervision. ·          Excellent written and verbal communication skills in English. ·          Willingness to travel extensively (including internationally) as required. Preferred Qualifications ·          Ability to work in Python. ·          Relevant research experience as applied to LMIC country contexts in Africa, Asia, and/or Latin America. ·          Demonstrated ability to produce high-quality written reports, oral presentations, blog posts, and/or other forms of written and oral communications associated with scholarly research outputs. Additional requirements at the Research Fellow level ·          At least 3 years of post-PhD experience relevant to the job and demonstrated fundraising experience. ·          Strong publication record in peer-reviewed journals. ·          Major external recognition within professional peer network based on publications and other leadership activities. ·          Demonstrated leadership skills and successful experience building and managing teams. Physical Demand & Work environment ·          Employee will sit in an upright position for a long period of time ·          Employee will lift between 0-10 pounds. ·          Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range :  The expected salary range for this job requisition is between $85,600 - $107,000. In determining your salary, we will consider your experience and other job-related factors. Benefits : IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits  can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.    

Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.

Imagine a bustling bank, made not of bricks and mortar, but of a swirling mass of data in the cloud. Account numbers, transaction histories and personally identifiable information (PII) zip across servers, powering the financial world. Holding all this sensitive data requires tremendous care. Therefore, securing this sensitive information is paramount.

This is where Tenable Cloud Security steps in, offering a data security shield specifically designed for the unique needs of financial institutions.

The challenge: A data deluge demands vigilance

Financial institutions generate massive volumes of data daily. While the public cloud offers unparalleled capacity to store such data, along with agility and scalability, the cloud also expands the attack surface. Legacy cybersecurity solutions are often unable to manage — let alone secure — the sheer volume of data and the variety of ways it is accessed, leaving organizations exposed to malicious actors. At the same time, financial institutions must keep up with new and evolving compliance standards and regulations set forth by governing bodies. Financial institutions need a security platform that helps them protect their data and maintain compliance.

Tenable Cloud Security’s advantage: Seeing beyond the walls

Tenable Cloud Security actively scrutinizes every corner of the cloud data vault, continuously and automatically.

"Without [Tenable Cloud Security], we would've been virtually blind to risks and threats impacting our sensitive data. [Tenable Cloud Security] allows us to preempt any issues and meet the requirements we're receiving from our business partners, with minimal effort.

— VP Security at a leading Fintech platform

Here's how Tenable empowers financial institutions:

• Protecting sensitive data: Tenable doesn't just guard the door; it knows what's inside and how to best protect it. It identifies and labels all data, like financial records and social security numbers, understanding its sensitivity and prioritizing its protection.
• Continuous monitoring: Imagine guards constantly scanning every inch of the vault. Tenable does the same digitally, using advanced technology to constantly search for suspicious activity and potential breaches. Any unusual movement of the data, either exfiltration or copying to a different and inaccessible location, triggers an alarm, allowing for immediate intervention.
• Policy enforcement: Just like a vault needs clear access protocols, so does your data. Tenable automates setting and enforcing cybersecurity policies across the entire cloud, ensuring everyone plays by the book and no unauthorized hands touch the valuables.
• Following mandated regulations: Financial institutions juggle a complex set of regulations and industry standards like the Payment Card Industry Data Security Standard (PCI-DSS). Tenable simplifies compliance with a host of international regulations by providing timely reports and audit trails.

Beyond traditional security: More than just a lock

Modern technology stacks for data storage require a modern cybersecurity stack. Traditional security solutions are unable to address the unique risks associated with storing data in cloud technologies. Financial organizations that leverage Tenable’s data security platform are able to meet existing and future challenges, including:

• Preventing data loss: Early detection and prevention of unauthorized data access can help organizations minimize financial losses and reputational damage, keeping valuable assets safe from even the most cunning thieves.
• Complying with regulations: Automated reports and adherence to the most stringent regulations and industry standards ensure compliance, saving time and resources.
• Automating workflows: Tenable automates tasks and provides deeper insights into how data behaves, enabling organizations to free up their valuable resources for other endeavors and make their security teams more efficient.
• Managing access: Just like knowing who has access to the vault is crucial. Tenable tracks who and what has access to data, ensuring only authorized parties can handle the data.

The future of financial security is data-centric

Tenable Cloud Security's data-centric approach positions it as a valuable partner, not just for guarding the perimeter but for understanding the inner workings of the vault and the most sensitive data within it. By leveraging Tenable’s capabilities, financial institutions can confidently embrace the cloud while ensuring the highest level of security for their most valuable assets — their data.

To learn more about how you can secure your data

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security in a Unified Cloud Security Solution
• Infographic: When CNAPP met DSPM
• Demo Video

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

TORONTO - The Ontario Securities Commission (OSC) is pleased to announce the release of the 2024 Investment Fund Survey (IFS) data dashboard.

"Humanity pushes back! The Survey Corps develops a risky gambit— have Eren in Titan form attempt to repair Wall Rose, reclaiming human territory from the monsters for the first time in a century. But Titan-Eren's self-control is far from perfect, and when he goes on a rampage, not even Armin can stop him! With the survival of humanity on his massive shoulders, will Eren be able to return to his senses, or will he lose himself forever?"-- Page [4] of cover.

Kyle Barnes has been plagued by demonic possession all his life and now he needs answers. Unfortunately, what he uncovers along the way could bring about the end of life on Earth as we know it.

"Kyle is faced with the most emotional exorcism he's performed yet … as he begins to learn more about his abilities and what's really happening around him. The pieces are starting to fall into place as secrets are revealed that will change everything." -- Description provided by publisher.

Kyle Barnes has been plagued by demonic possession all his life. In light of recent revelations, he finally feels like he's starting to piece together the answers he's looking for. But while he feels a new sense of purpose is Reverend Anderson's life falling apart?

"Answers are given, secrets are revealed, and the Barnes family has never been in more danger. Allison learns that there's something very special about her daughter, bu where's Kyle? Will Anderson risk everything to save him?' -- Page 4 of cover.

"As the House of Slaughter arrives to clean up the situation by any means necessary, Erica will find that the true threat to those around her isn't who— or what— she ever expected. And the cost of saving the day may be too high for anyone to pay … ." -- Description provided by publisher.

"A desperate call for help interrupts holiday celebrations at the Bureau of Balance, and sends Taako, Magnus and Merle on a high-stakes mission to find and reclaim a fourth deadly relic: a powerful transmutation stone, hidden somewhere in the depths of a floating arcane laboratory that's home to the Doctors Maureen and Lucas Miller. An unknown menace has seized control of the stone, and is using it to transform the lab into a virulent pink crystal that spreads to everything it touches. It's only a matter of time before this sparkling disaster crash-lands, but in order to find the stone and save the whole planet from being King Midased, our heroes will have to fight their way through a gauntlet of rowdy robots and crystal golems, decide whether they can trust the evasive Lucas Miller, and solve the mystery of what— or who— has put them all in peril, before there's no world left to save." -- Provided by publisher