Nathan R. Clark is an expert in transaction agreements and armaments at EverGlade Consulting

CURE Token is teaming up with Kaulig Racing and NASCAR CUP Series driver Noah Gragson in CURE Token's RACE FOR A CURE.

Total Secure Technology Ranks 171 On Annual MSP 501 Identifies Industry's Best-in-Class Businesses And Growing Via Recurring Revenue and Innovation

Radeus Labs has been awarded a major contract by General Atomics Aeronautical Systems, Inc. (GA-ASI) to provide vital support for testing and upgrading their Unmanned Aircraft System (UAS) platforms.

Renaissance's non-GMO acrylamide-reducing yeast is a clean-label ingredient that reduces the formation of acrylamide in many common foods, including chips, crackers, bread, cereals and many other everyday foods and snacks

HTP Consultancy https://www.htpconsultancy.com/ is a boutique consultancy with a different edge. Harshini Carey is proud to announce the launch of her new company that provides Cyber Security, Privacy, Risk and compliance services.

Root of Provenance Service launches at CCC NFT Auction

When you sign up for an MMRF Walk/Run event, you join nearly 30,000 participants across the country to accelerate a cure for each and every myeloma patient.

$349.5k settlement is more than 8X the initial insurance company offer

After months of rigorous negotiations and multiple steps toward litigation, The Layton Law Firm secured a settlement to help cover medical expenses, ongoing rehabilitation, and the financial losses incurred.

Value is king at Krystal with new deals

The award will allow the evaluation of a prototype smart patch in an exploratory clinical study of 50 healthy volunteers

Multiple Myeloma Research Foundation® Walk/Run

Providing robust security measures to safeguard sensitive data, ensure compliance, and enhance AI capabilities.

Heavy Metal and Everscapes Bring the Legend of St Valentine into the Metaverse With "A Very Metal Valentine," Available Now Through Artefy

This remarkable achievement is evidence of Ticino Management, Inc.'s unwavering commitment and expertise. The secured funding will significantly impact social welfare and humanitarian efforts in Barbados.

Focus Placed on Company Staff and Customer's People and Properties' Safety First

FemSMS, an innovative messaging program launched after the start of the 2022 escalation of war in Ukraine has received funding to enable it to continue to the end of 2023.

Woodside Credit attended the recent 2023 Cruisin' for a Cure event as a sponsor.

Austin-based 3NUM, a trailblazer in secure web3 native communication, invites users to join the waitlist for its innovative app called Speak.3Z combining onchain and traditional phone capabilities.

FemSMS, a compassionate messaging service that provides critical resources for women and girls affected by war and forced displacement, has received funding to reach those at risk of gender-based violence.

Paving the Way for Process Automation at the Department of the Air Force

Companies with 10 to 99 people were considered for the small list, and companies with 100-999 employees were considered for the medium list.

Modernizing the USDA's IT Infrastructure

FonePaw WhatsApp Transfer:Transfer WhatsApp Data Between Android and iOS

Amber Lewey brings expertise in supply chains to her consulting roles with Mano Consulting Group, Treat Consulting Group and AMB Services

As India gears up to celebrate its 72nd Republic Day, 3 proud Indians have proven their skills and are in the top 10 of the Global Ethical Hacking Leaderboard by EC-Council.

The Ararat Alliance has petitioned the UN Secretary-General to help Armenian refugees return to Karabakh, suggested a unique project benefitting both Azerbaijan and Armenia: International Inter-Faith Peace Park

AI-native cybersecurity and digital work platform integration delivers real-time threat detection and automated remediation to natively secure virtual and physical environments

Quadient's digital automation platform will help design, create, and seamlessly manage thousands of daily customer communications

There is undeniable potential in generative AI and large language models, but these tools alone come with significant gaps and challenges. AI often needs additional technologies to create guardrails around data security and response accuracy.

Campos quotes a comment from a thread on RFK Jr. and his running mate: It’s a very short jump from believing kale smoothies are a cure for cancer to denying the Holocaust happened. He points to this link: The physiologist … Continue reading →

Organizer: Canoe Procurement Group of Canada
Location: Online

ETSI releases cybersecurity specification to secure sensitive functions in a virtualized environment

Sophia Antipolis, 6 February 2019

The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 457, that tackles the challenge of secure storage - where organizations want to protect customer data whilst still using a cloud that is not under their direct control.

Read More...

ETSI standardizes new Secure Platform to address IoT, 5G, and security sensitive sectors

Sophia Antipolis, 18 November 2019

Trust and privacy together with cost and flexibility are key to security solutions for many applications in today’s digital world. To address this challenge, ETSI Technical Committee Smart Card Platform, who standardized the former generations of SIM cards, has been working on a brand-new security platform called Smart Secure Platform (SSP). The ETSI committee is pleased to unveil the first three technical specifications to launch this new security platform.

Read More...

New ETSI group to develop standardization framework for secure smartphone-based proximity tracing systems, helping to break COVID-19 transmission chains

Sophia Antipolis, 12 May 2020

In response to the global coronavirus pandemic, the new ETSI Industry Specification Group “Europe for Privacy-Preserving Pandemic Protection” (ISG E4P) has been established to provide a standardization framework that will enable developers to build interoperable mobile apps for proximity detection and anonymous identification.

Read More...

ETSI Top 10 Webinars in 2020 - Starring: cybersecurity, the Radio Equipment Directive, the new smart secure platform and AI

Sophia Antipolis, 8 December 2020

As 2020 comes to an end, we have selected for you our most popular webinars of the year. If you missed them, listen to the recorded presentations and their Q&A sessions, deep dive into cybersecurity novelties, discover the RED latest developments and find out about the new smart secure platform and AI.

Read More...

ETSI standard to secure digital signatures solves issue for 4,000 banks

Sophia Antipolis, 17 March 2021

ETSI is pleased to unveil ETSI TS 119 182-1, a specification for digital signatures supported by PKI and public key certificates which authenticates the origin of transactions ensuring that the originator can be held accountable and access to sensitive resources can be controlled.

Read More...

ETSI’s world-first standard to secure consumer IoT devices is extended to Home Gateways

Sophia Antipolis, 7 April 2022

ETSI is pleased to announce a new cyber security specification for Home Gateways, called ETSI TS 103 848 and developed by the CYBER Technical Committee. Adapted from the provisions of the world-first standard to secure consumer IoT devices, EN 303 645, this technical specification will secure physical devices between the in-home network and the public network, as well as the traffic between these networks.

Read More...

ETSI and MIPI Alliance Announce Incorporation of MIPI I3C Basic into ETSI Smart Secure Platform

I3C Interface for SSP provides higher data rate and improved integration flexibility with decreased power consumption

Piscataway, N.J. and Sophia Antipolis, France 30 June, 2022

The MIPI Alliance, an international organization that develops interface specifications for mobile and mobile-influenced industries, and ETSI Technical Committee Secure Element Technologies (TC SET) today announced the adoption of the I3C Interface for SSP (ETSI TS 103 818) specification, allowing the MIPI I3C Basic specification to serve as a physical and logical link layer for the ETSI Smart Secure Platform (SSP). The I3C Interface for SSP joins the family of specifications that underpin the ETSI SSP, the next-generation platform for Universal Subscriber Identity Module (USIM) and Secure Elements to meet new market requirements driven by emerging Internet of Things (IoT), 5G and other security-sensitive applications.

Read More...

ETSI Secures Critical Infrastructures against Cyber Quantum Attacks with new TETRA Algorithms

Sophia Antipolis, 8 November 2022

With the world facing growing challenges including the war in Europe and a global energy crisis, it is essential that the mission- and business-critical communications networks used by the public safety, critical infrastructure and utilities sectors (including transportation, electricity, natural gas and water plants) are secured against third-party attacks, to protect communications and sensitive data. With more than 120 countries using dedicated TETRA (Terrestrial Trunked Radio) networks for these critical services, work has been undertaken to ensure the ETSI TETRA technology standard remains robust in the face of evolving threats.

Read More...

Sophia Antipolis, 11 July 2023

ETSI is pleased to announce three new Reports developed by its Securing AI group (ISG SAI). They address explicability and transparency of AI processing and provide an AI computing platform security framework. The last Report is a multi-partner Proofs of Concepts framework.

Read More...

Sophia Antipolis, 24 May 2024

Speakers at the 10th ETSI/IQC Quantum Safe Cryptography Conference have called on organizations to prepare their cybersecurity infrastructures to address the challenges of a post-quantum world.

Organized by ETSI and the Institute for Quantum Computing, this year’s conference was hosted from 14-16 May by the Centre for Quantum Technologies (CQT), National University of Singapore (NUS), in partnership with the Infocomm Media Development Authority (IMDA) and the Cyber Security Agency (CSA) of Singapore. The event attracted an impressive 235 onsite delegates from 27 countries, reflecting fast-growing interest worldwide in the critical importance of quantum-safe cryptography in today’s cybersecurity strategies.

Read More...

Sophia Antipolis, 9 July 2024

ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs.

OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G.

Read More...

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.