ETSI releases first globally applicable standard for consumer IoT security

Sophia Antipolis, 19 February 2019

The ETSI Technical Committee on Cybersecurity (TC CYBER) has just released ETSI TS 103 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.

Read More...

ETSI offers a Novel Approach to Standards Education

Sophia Antipolis, 25 March 2019

ETSI has released a new set of classroom teaching materials on ICT standardization. A comprehensive textbook, “Understanding ICT Standardization: Principles and Practice”, together with an extensive slide pack have been developed with the support of the European Commission and the EFTA Secretariat.

Read More...

ETSI Open Source MANO unveils Release SEVEN, enables more than 20,000 cloud-native applications for NFV environments

Sophia Antipolis, 12 December 2019

Today, the ETSI Open Source MANO group is pleased to unveil its latest release, OSM Release SEVEN. This release brings cloud-native applications to NFV deployments, enabling OSM to on-board over 20,000 pre-existing production-ready Kubernetes applications, with no need of any translation or repackaging. OSM release SEVEN allows you to combine within the same Network Service the flexibility of cloud-native applications with the predictability of traditional virtual and physical network functions (VNFs and PNFs) and all the required advanced networking required to build complex end to end telecom services.

Read More...

ETSI's Securing Artificial Intelligence group appoints Chair and Vice Chairs

Sophia Antipolis, 27 January 2020

ETSI's new Industry Specification Group on Securing Artificial Intelligence (ISG SAI) met last week for its second meeting and appointed Alex Leadbeater (BT) as its Chair. Dr Kate Reed (NCSC) was appointed as First Vice Chair and Tieyan Li (Huawei) was appointed as Second Vice Chair. This second meeting, after the launch of the group last October, was also the place to discuss work priorities.

Read More...

ETSI releases a Technical Report on autonomic network management and control applying machine learning and other AI algorithms

Sophia Antipolis, 5 March 2020

The ETSI Technical Committee on Core Network and Interoperability Testing (TC INT) has just released a Technical Report, ETSI TR 103 626, providing a mapping of architectural components for autonomic networking, cognitive networking and self-management. This architecture will serve the self-managing Future Internet.

The ETSI TR 103 626 provides a mapping of architectural components developed in the European Commission (EC) WiSHFUL and ORCA Projects, using the ETSI Generic Autonomic Networking Architecture (GANA) model.

The objective is to illustrate how the ETSI GANA model specified in the ETSI specification TS 103 195-2 can be implemented when using the components developed in these two projects. The Report also shows how the WiSHFUL architecture augmented with virtualization and hardware acceleration techniques can implement the GANA model. This will guide implementers of autonomics components for autonomic networks in their optimization of their GANA implementations.

The TR addresses autonomic decision-making and associated control-loops in wireless network architectures and their associated management and control architectures. The mapping of the architecture also illustrates how to implement self-management functionality in the GANA model for wireless networks, taking into consideration another Report ETSI TR 103 495, where GANA cognitive algorithms for autonomics, such as machine learning and other AI algorithms, can be applied.

ETSI’s new group on COVID-19 tracing apps interoperability moving fast: officials elected and work programme set up

Sophia Antipolis, 11 June 2020

The ETSI E4P group, “Europe for Privacy-Preserving Pandemic Protection”, launched a month ago has already held two meetings. The work of ISG E4P aims to facilitate the development of backward-compatible and interoperable proximity tracing applications to be used to combat pandemics by helping to break viral transmission chains.

Read More...

ETSI announces MEC Sandbox for edge app developers

Sophia Antipolis, 6 January 2021

ETSI announces the launch of ETSI MEC Sandbox, available at https://try-mec.etsi.org/. The Sandbox is designed to allow application developers to experience and interact with an implementation of ETSI MEC APIs and test out their applications.  

Read More...

World’s first non-cellular 5G technology, ETSI DECT-2020, gets ITU-R approval, setting example of new era connectivity

Sophia Antipolis, 19 October 2021

ETSI DECT-2020 NR, the world’s first non-cellular 5G technology standard, has been recognized by the WP5D of the International Telecommunication Union’s Radiocommunication Sector (ITU-R) and included as part of the 5G standards in IMT-2020 technology recommendation. Dr. Günter Kleindl, Chair of the ETSI Technical Committee DECT, says: “With our traditional DECT standard we already received IMT-2000 approval by ITU-R twenty-one years ago, but the requirements for 5G were so much higher, that we had to develop a completely new, but compatible, radio standard.” Released last year, the standard sets an example of future connectivity: the infrastructure-less and autonomous, decentralized technology is designed for massive IoT networks for enterprises. It has no single points of failure and is accessible to anyone, costing only a fraction of the cellular networks both in dollars and in carbon footprint.

Read More...

New ETSI White Paper and MEC Hackathon: another step to engage with app developers and verticals

Sophia Antipolis, 16 June 2022

The ETSI MEC (Multi-access Edge Computing) group is pleased to announce a new White Paper which aims to describe the deployment options related to MEC federation, especially from an architectural point of view. With a key focus on ETSI MEC implementations, it also aims to provide an open approach taking into account other standards and technologies, including those from 3GPP SA Working Group 6 and GSMA OPG. For this purpose, the White Paper first analyses the recent publications of GSMA OPG and recent updates in ETSI MEC and 3GPP specifications, then introduces the synergized architecture supported by both standards organizations, which indicates the background information for the deployment of MEC federation harmonized standards for edge computing.

Read More...

New ETSI specification allows single UICC to support the use of multiple applications simultaneously

Sophia Antipolis, 26 October 2022

New specifications released by ETSI will enable multiple subscriptions and identities to exist in the same smartphone handset without needing several SIM cards to be within the device.

The mobile telecom industry has been facing an increasing demand for applications running on mobile devices like banking, payments, transport and identity for some time. These new specifications address this demand by adding the possibility to host and address several "virtual secure elements" into the same UICC. This allows multiple virtual secure elements to coexist logically separated, whilst having the ability to be addressed independently through the same physical interface.

Read More...

New Extension for Disabled People to the ETSI Mobile Emergency App Framework

Sophia Antipolis, 16 January 2023

The ETSI emergency communications technical committee has just released a specification for a Pan-European Mobile Emergency Application framework (PEMEA) Real-Time Text Extension. Real-Time Text (RTT) communications are used extensively by people with hearing and speech disabilities around the world. These systems convey letters as they are typed from the source to the destination.

Read More...

Sophia Antipolis, 22 June 2023

ETSI has just released a new White Paper on “MEC Support for Edge Native Design” written by members of the ETSI Multi-access Edge Computing group (ISG MEC). This White Paper provides an overview and vision about the Edge Native approach, as a natural evolution of Cloud Native. 

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

The Minister of Finance has approved amendments to Ontario Securities Commission (OSC) Rule 91-507 Trade Repositories and Derivatives Data Reporting and consequential amendments to OSC Rule 13-502 Fees (collectively, the Amendments) pursuant to

Here is a Storify round up of the SpotOn London session: Enhanced eBooks & BookApps: The

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

TORONTO – The Ontario Securities Commission (OSC) is inviting applications for membership on its Registrant Advisory Committee (RAC or the Committee).

TORONTO – The Capital Markets Tribunal is seeking applications for membership to the Securities Proceedings Advisory Committee (SPAC).

"When local park fixture (and spy-master) Pops gets squirrel-napped, it's up to Norma, Belly, and their friend little B to save him!" -- Provided by publisher.

The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This report provides details of vulnerability data discovered by Tenable Web App Scanning.

Tenable Web App Scanning provides comprehensive and accurate vulnerability scanning and risk analysis by leveraging OWASP Top 10 risks to vulnerable web application components. Tenable provides comprehensive and automated vulnerability scanning for modern web applications using Dynamic Application Security Tests (DAST). The security and development teams leverage these detailed vulnerability scans of the application at any point in the development lifecycle and are able understand the true security risks of the web application before deployment.

Tenable Security Center uses a comprehensive list of attributes to increase visibility into web application vulnerabilities. Risk managers are able to focus on security challenges that pose the greatest threat and most risk by leveraging Common Vulnerability Scoring System (CVSS) and OWASP references. The report provides a detailed view of the web application components and custom code vulnerabilities. Additionally, vulnerability details related to Log4J are provided, which displays any detected applications that are found to be vulnerable to Log4J exploits.

The report and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.

The requirements for this dashboard are:

• Tenable Security Center 6.2.0
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.

Chapters

Executive Summary: The Tenable Web App Scanning Overview report provides details of vulnerability data discovered by Tenable Web App Scanning, beginning with summary dashboard style view for leadership team. 

Web Application Vulnerability Statistics: This chapter combines the data collected from Nessus and Tenable Web App Scanner, providing a holistic view of vulnerabilities based on scanning the physical asset as well as the web application asset.  

OWASP 2021 Vulnerability Summary: Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, provides risk managers insight into methods used by adversaries to exploit common flaws and misconfigurations. 

Log4Shell: This chapter provides trending analysis along with vulnerability details related to log4shell vulnerabilities detected by both Nessus and Tenable Web App Scanning. Tenable recommends prioritizing these applications immediately for remediation efforts.
 

Le changement climatique constitue une menace croissante pour nos systèmes alimentaires, dont les implications sont graves pour la sécurité alimentaire et nutritionnelle, les moyens de subsistance et le bien-être général, en particulier pour les personnes pauvres et vulnérables du monde entier. Une action urgente contre le changement climatique est attendue à l’échelle mondiale – à la fois pour réaliser les importantes réductions d’émissions requises pour limiter le réchauffement climatique et pour accroître les capacités d’adaptation et la résilience.

En 2022, le monde a subi des crises multiples. Les perturbations des systèmes alimentaires dues à la longue pandémie de COVID-19, des catastrophes naturelles majeures, des troubles civils, l’instabilité politique et les impacts croissants du changement climatique ont persisté, tandis qe l’inflation et la guerre entre la Russie et l’Ukraine ont exacerbé la crise alimentaire mondiale et la crise des engrais.

Depuis la pandémie de COVID-19 et plus récemment la crise russo-ukrainienne, la problématique de construire des systèmes alimentaires résilients et durables est devenue une urgence pour la plupart des pays d’Afrique au Sud du Sahara (ASS) dont le Sénégal. Très récemment, le Gouvernement du Sénégal à travers le Ministère de l’Agriculture de l’Équipement Rural et de la Souveraineté Alimentaire (MAERSA) a validé le Programme Alimentaire pour la Souveraineté Alimentaire Durable (PASAD 2021-2025).

The prevalence of web applications makes them a prime target for cyber criminals. Failure to secure web applications can lead to serious financial and reputational consequences. This dashboard provides a high-level summary of vulnerability data discovered by Tenable Web App Scanning.

Tenable Web App Scanning provides comprehensive and accurate vulnerability scanning and risk analysis by leveraging OWASP Top 10 risks to vulnerable web application components. Tenable provides comprehensive and automated vulnerability scanning for modern web applications using Dynamic Application Security Tests (DAST). The security and development teams leverage these detailed vulnerability scans of the application at any point in the development lifecycle and are able understand the true security risks of the web application.

Tenable Security Center uses a comprehensive list of attributes to increase visibility into web application vulnerabilities. Risk managers are able to focus on security challenges that pose the greatest threat and most risk by leveraging Common Vulnerability Scoring System (CVSS) and OWASP references. The dashboard provides a detailed view of the web application components and custom code vulnerabilities. Additionally, vulnerability details related to Log4J are provided , which displays any detected applications that are found to be vulnerable to Log4J exploits.

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable Security Center Feed under the category Security Industry Trends.

• The requirements for this dashboard are:
• Tenable Security Center 6.2.0
• Tenable Web Application Scanner

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Security Center discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture.

Components

Web App Scanning - Statistics: The matrix provides a quick overview of actionable metrics collected using Nessus and Tenable Web AppScanner. The first column shows a count of vulnerabilities with a CVSSv3 score present, followed by the most critical of vulnerabilities with a CVSSv3 score greater than 9.  The "Needs Review" column displays the vulnerabilities with CVSSv3 base score of 5 to 8. The "Remediated" column shows all vulnerabilities with a CVSSV3 score greater than 5 that have been remediated.  The last two columns are focused on OWASP based vulnerabilities. The matrix provides two rows, the top showing vulnerabilities detected by Nessus.

Web App Scanning - Log4Shell Vulnerabilities: This chart presents a list of log4shell vulnerabilities detected by both Nessus and Tenable Web App Scanning. The chart uses the plugin name string and "Include Web App Results" to provide ring segments for each discovered vulnerability. Tenable recommends that these applications be prioritized immediately for remediation efforts.

Web App Scanning - OWASP 2021 Categories: This matrix provides a count of assets and vulnerabilities for each OWASP 2021 category that were detected using the Tenable Web App Scanner. Security and compliance frameworks, such as the Open Web Application Security Project (OWASP) Top 10, enables risk managers to gain insight into methods used by adversaries to exploit common flaws and misconfigurations.  Tenable Web App Scanner attributes vulnerabilities using the Cross Reference field to link to all published OWASP versions. Upon completion of the web application scan, the vulnerabilities detected and linked to OWASP 2021 provide an industry best practice approach to mitigating vulnerabilities.

Web App Scanning - Tenable Detected Applications Vulnerable to Log4Shell: The table presents a list of assets detected by both Nessus and Tenable Web App Scanning that are vulnerable to log4shell. The chart uses the plugin name string and "Include Web App Results" to provide entries for assets with the log4shell vulnerability. Tenable recommends that these applications be prioritized immediately for remediation efforts.

Beyond the Health Extension Program: Developing a focused approach to improve nutrition in Ethiopia

A study points to reforms.

The post Beyond the Health Extension Program: Developing a focused approach to improve nutrition in Ethiopia appeared first on IFPRI.

Reach, Benefit, Empower, Transform: Approaches to helping rural women secure their resource rights

Avenues to empowerment.

The post Reach, Benefit, Empower, Transform: Approaches to helping rural women secure their resource rights appeared first on IFPRI.

How can we improve global crop mapping? IFPRI’s Spatial Production Allocation Model (SPAM)

Accessibility to consistent, subnational, spatial information on crops globally will be hugely beneficial to  researchers and policy makers. Researchers need this data to evaluate the benefits and costs of adopting new crop and livestock technologies, estimate the impact of climate change on agriculture calculate yield gaps, and analyze the historical evolution of farming systems. Policymakers, […]

The post How can we improve global crop mapping? IFPRI’s Spatial Production Allocation Model (SPAM) appeared first on IFPRI.

Micropillar arrays, wide window acquisition and AI-based data analysis improve comprehensiveness in multiple proteomic applications  Nature.com

Nanoparticle enrichment mass-spectrometry proteomics identifies protein-altering variants for precise pQTL mapping  Nature.com

Proteomics approach to discovering non-invasive diagnostic biomarkers and understanding the pathogenesis of endometriosis: a systematic review and meta-analysis  Journal of Translational Medicine

A chemical proteomics approach for global mapping of functional lysines on cell surface of living cell  Nature.com

Application of Proteomics in Cancer: Recent Trends and Approaches for Biomarkers Discovery  Frontiers

Daily Sidewalk and Parking Lane Closures at N. Clark Street between W. Roscoe Street and approx. 250ft south for substation wall construction.

New Dates, Daily Sidewalk and Parking Lane Closures at N. Clark Street between W. Roscoe Street and approx. 250ft south for Substation Wall Construction.

In alignment with its ongoing commitment to bringing equity and inclusion to all aspects of its decision-making, the Chicago Transit Authority (CTA) announced today it will be seeking new applicants to join the agency’s Americans with Disabilities Act (ADA) Advisory Committee.

Today on the show, how we got from mealy, nasty apples to apples that taste delicious. The story starts with a breeder who discovered a miracle apple. But discovering that apple wasn't enough.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

You might have seen ads for online banking services that seem to offer a lot of great stuff — accounts you can open in minutes and without a minimum balance or monthly fees. The ads seem to say: "These aren't your parents' boring old banks." But the truth is: Even though they might resemble banks, they aren't.

These "bank-like" companies are a type of "fintech" or financial technology company. And this is a story about the potential risks of putting your money into these apps.

Banks go through a whole regulatory gauntlet in order to exist. But, in the past several years, there has been a rise in fintechs that skirt regulations. And many of these pose a real threat to even the most savvy of depositors.

When a little known tech company filed for bankruptcy a few months ago, thousands of people couldn't access the millions of dollars they saved. On today's show, we meet some of the people affected and learn what the fintech industry reveals about banking regulation.

Today's show was hosted by Erika Beras and Sally Helm. It was produced by Sam Yellowhorse Kesler and Sofia Shchukina with help from James Sneed. It was edited by Jess Jiang and fact-checked by Kevin Volkl. It was engineered by Valentina Rodríguez Sánchez with help from James Willetts. Alex Goldmark is our executive producer.

Help support Planet Money and hear our bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy