ETSI Multi-access Edge Computing group reaches 100 members confirming attractiveness of the group

Sophia Antipolis, 31 March 2020

Strategy Analytics believes that 59% of all IoT deployments will be processing data using edge computing of some form by 2025. Furthermore, a survey from ResearchAndMarkets predicts that mobile edge computing as a service market will reach $73M by 2024, driven by enterprise hosted deployments. No wonder that ISG MEC - one of ETSI’s most dynamic Industry Specification Groups - keeps growing and has now welcomed its 100^th member with Mitsubishi Electric R&D Centre Europe.

Read More...

ETSI releases White Paper on the role of standards for ICT to mitigate the impact of a pandemic

Sophia Antipolis, 28 May 2020

Today, ETSI unveils a new white paper, written by the officials of the ETSI EP eHealth group, highlighting the role of standards developing organizations (SDOs) in developing standards for ICT to mitigate the impact of a pandemic. COVID-19 is not a mild pandemic, it is a serious, often lethal, health condition, the impact of which is seriously detrimental to social and economic life across the world. The ETSI paper acts to identify a "call to arms" to standards bodies and their constituent members to ensure that when the next pandemic arrives, we can rely on greater harmonization of the supply chain.

Read More...

ETSI publishes new work programme, keeping up the pace of ongoing activities

Sophia Antipolis, 22 June 2020

ETSI is pleased to release its 2020-2021 work programme.

In ETSI we are constantly exploring new ways to make the development of standards faster and more efficient. Our FORGE platform, for example, gives developers free access to open-source code produced by our members. And as we have already seen this year, the need for effective virtual collaboration between individuals and teams has never been keener.

Read More...

Sophia Antipolis, 26 August 2020

The ETSI IP6 Industry Specification Group has just released a White Paper on the lessons learned from IPv6 best practices, use cases, benefits and deployment challenges. This White Paper puts forward recommendations to ease the adoption of IPv6 and to motivate the industry for the upcoming large-scale deployment of IoT, 4G/5G, IoT Cloud Computing benefiting from the restoration of the end to-end model.

Read More...

ETSI virtual conference on boosting the impact of research & innovation through standardization

Sophia Antipolis, 6 November 2020

Standardized commercial products and services substantially contribute to the overall global economy and quality of life of citizens around the world.

Join ETSI and TelecomTV for a two-day virtual conference focused on the Research Innovation Standards Ecosystem and Research Opportunities in Standards.

The virtual event will take place on 24 and 25 November, and each of the two days will comprise multiple sessions, including presentations and panel discussions followed by LIVE Q&A sessions where you'll be able to interact and ask your questions to the experts.

Read More...

ETSI unveils its Report comparing worldwide COVID-19 contact-tracing systems – a first step toward interoperability

Sophia Antipolis, 2 February 2021

The COVID-19 pandemic has stretched the planet’s health systems to their limits and tested the measures adopted to alleviate difficulties. Contact tracking or tracing to identify infected people has been one such example. However, contact tracing based on interviews with identified or suspected patients presents known weaknesses from previous pandemics. Turning to digital means in a world where global mobility is the rule was therefore of the essence.

Read More...

ETSI Announces First Specification for Smart Contracts

 Sophia Antipolis, 18 January 2022

ETSI has just released GS PDL 011 the first in a series of specifications that are concerned with the implementation of permissioned distributed ledgers (PDL). This and following specifications will help with the realisation of the numerous operational and security advantages of a decentralised approach to the recording of transactions, while simultaneously being both inexpensive to perform and inherently scalable.

Read More...

ETSI flagship event Security Conference attracts nearly 200 attendees onsite

Sophia Antipolis, 7 October 2022

The sun was shining this week on one of ETSI’ s flagship events, the Security Conference, where the number of participants onsite reached nearly 200 attendees, from 27 countries.

Read More...

ETSI’s Activities in Artificial Intelligence: Read our New White Paper

Sophia Antipolis, 21 December 2022

ETSI has a long history of developing standards in the field of artificial intelligence (AI) and systems that use and support AI. Today ETSI is pleased to release a new White Paper developed by a variety of members and experts. They include companies from telecom and network communication sectors, from large and small and medium enterprises, based either in Europe, Asia or America.

This White Paper entitled ETSI Activities in the field of Artificial Intelligence supports all stakeholders and summarizes ongoing effort in ETSI and planned future activities. It also includes an analysis on how ETSI deliverables may support current policy initiatives in the field of artificial intelligence.  A section of the document outlines ETSI activities of relevance to address Societal Challenges in AI while another addresses the involvement of the European Research Community.

Read More...

Sophia Antipolis, 17 October 2023

As the second term of the Industry Specification Group Securing AI (ISG SAI) is scheduled to conclude in Q4 2023, and in line with ETSI's commitment to AI and SAI, the group has suggested the closure of ISG SAI, with its activity transferred to  a new ETSI Technical Committee, TC SAI.

Read More...

This document is only available in PDF format.

This document is only available in PDF format.

The Development Strategies and Governance (DSG) Unit within the Transformation Strategies Department of the International Food Policy Research Institute (IFPRI) seeks a Research Unit Contracts & Grants Manager I, who will be responsible for financial management which includes budgetary responsibilities, cost monitoring and control, and financial analysis and reporting, contracts administration which includes proposal preparation and submission and the administration of the Unit’s special projects. Other responsibilities include supervising Unit Admin Support staff, serving as liaison with finance and administration as well as the Director General’s office; drafting correspondence for the Unit director and communication with external contacts (donors, clients, collaborators, sub-contractors and auditors); and service as active member on various standing and ad-hoc committees, as well as work with Project Managers in management of budgets, contracts, deliverables, invoices and other payment documents. This position is a 2-year, renewable appointment based in Washington, DC.   Essential Duties: Specific duties and responsibilities include but are not limited to: Providing technical support in proposal preparation, reviewing contracts to ensure they reflect the provisions negotiated, and monitoring performance of contracts and submission of specified deliverables.  Drafting, negotiating and monitoring consultant collaborative agreements, serve as liaison between program collaborators and finance/administrative issues, review monthly financial reports, and provide financial analysis reports on projects.  Preparing the divisional budgets and monitoring expense budgets Coordinating the drafting of project/program budgets; review of accounting transactions.  Developing spreadsheets & maintaining financial information for planning & reference. Drafting routine correspondence regarding contracts or project/program finances. Assisting in financial audits Coordinating financial and operational activities for field offices Ensuring the smooth operation of the program’s day-to-day activities; coordinate seminars and workshops, manage logistical arrangements on seminars/workshops. Liaising with IFPRI HR Services, Facilities and IT department for related issues and needs. Preparing administrative and operational procedures for the division and approves timesheets Maintaining division files Supervising administrative support staff Other tasks as assigned. Required Qualifications:  Bachelor’s degree plus ten years of relevant experience, or associate’s degree plus twelve years of relevant experience.   Two year of management experience Experience in developing, monitoring and managing budgets and contracts. Experience in coordinating budget processes, reviewing accounting transactions, developing financial projections and reports. Solid composition, grammar and proof-reading skills, with the ability to compose correspondence and reports; excellent written and oral English communications skills. Proficient in Microsoft Office; word processing & spreadsheet programs required. Ability to handle multiple tasks & prioritize tasks with minimal supervision in a fast-paced environment. Demonstrated experience and comfort working with multiple program managers simultaneously.  Ability to prioritize and coordinate tasks in such an environment. Demonstrated flexibility to adjust to multiple individual work styles.  Attention to detail and ability to work within a team in a multicultural environment.   Preferred Qualifications: Familiarity with IFPRI’s operational systems (finance, accounting, etc.) and the CGIAR system is highly desirable.  Proficiency in a second language of the U.N. system Demonstrated proficiency with MS Office, especially Microsoft Word, Outlook, Excel, and PowerPoint required, and demonstrated proficiency with financial management and administrative software applications such as Costpoint, OnBase, Deltek, and/or other applications. Physical Demand & Work environment: Employee will sit in an upright position for a long period of time  Employee will lift between 0-10 pounds.  Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range: The expected salary range for this job requisition is between $85,600- $104,900. In determining your salary, we will consider your experience and other job-related factors.  Benefits: IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits can be found on our website. Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Assessing social media impact was one of the workshop sessions at November’s SpotOn London conference,

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

• Creating a comprehensive inventory of AI systems
• Conducting gap analyses to spot discrepancies between approved and actual AI usage
• Implementing ways to detect unauthorized AI wares
• Establishing effective access controls
• Deploying monitoring techniques

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

• The asset’s description
• Information about its AI models
• Information about its data sets and data sources
• Information about the tools used for its development and deployment
• Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
• Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

• The full “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper
• A complementary slide presentation
• The CSA blog “Shadow AI Prevention: Safeguarding Your Organization’s AI Landscape”

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

• “Do You Think You Have No AI Exposures? Think Again”
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood”
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach”
• “6 Best Practices for Implementing AI Securely and Ethically”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.”

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

• The “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers” guide
• The CISA alert “CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes”

For more information about secure software updates:

• “Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design” (Tenable)
• “The critical importance of robust release processes” (Cloud Native Computing Foundation)
• “Software Deployment Security: Risks and Best Practices” (DevOps.com)
• “Software Updates, A Double-Edged Sword for Cybersecurity Professionals” (Infosecurity)
• “DevOps Best Practices for Faster and More Reliable Software Delivery” (DevOps.com)

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

• The report’s announcement “Cybersecurity success hinges on full organizational support, new CompTIA report asserts”
• CompTIA’s blogs “Today’s top drivers for cybersecurity strategy” and “Cybersecurity’s maturity: CompTIA’s State of Cybersecurity 2025 report”
• The full “State of Cybersecurity 2025” report

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” (on-demand webinar)
• “The Data-Factor: Why Integrating DSPM Is Key to Your CNAPP Strategy” (blog)
• “Mitigating AI-Related Security Risks” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

• Using programming languages considered “memory unsafe”
• Including user-provided input in SQL query strings
• Releasing a product with default passwords
• Releasing a product with known and exploited vulnerabilities
• Not using multi-factor authentication
• Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

• CISA’s announcement “CISA and FBI Release Product Security Bad Practices for Public Comment”
• The full document “Product Security Bad Practices”

For more information about how to develop secure software:

• “Tenable Partners with CISA to Enhance Secure By Design Practices” (Tenable)
• “Ensuring Application Security from Design to Operation with DevSecOps” (DevOps.com)
• “What is application security?” (TechTarget)
• “Guidelines for Software Development (Australian Cyber Security Centre)

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

• Aren’t shipped with known exploitable vulnerabilities
• Feature a “secure by default” configuration
• Can fix their vulnerabilities via automatic software updates
• Offer access protection via control mechanisms, such as authentication and identity management
• Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

• “Cyber Resilience Act Requirements Standards Mapping” (ENISA)
• “The Cyber Resilience Act, an Accidental European Alien Torts Statute?” (Lawfare)
• “EU Cybersecurity Regulation Adopted, Impacts Connected Products” (National Law Review)
• “Open source foundations unite on common standards for EU’s Cyber Resilience Act” (TechCrunch)
• “The Cyber Resilience Act: A New Era for Mobile App Developers” (DevOps.com)

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.”

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.”

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

• Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
• Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
• Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
• Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
• Aim to provide a holistic view, and avoid using technical jargon.
• Aim to advise instead of to educate.

In preparation for this year’s SpotOn London 2013 workshop, Interdisciplinary research: what can scientists, humanists

Article PDF (download)

استمرت المواجهة في السودان بين القوات المسلحة السودانية وقوات الدعم السريع لعدة أشهر قبل أن تتصاعد إلى نزاع مسلح في 15 أبريل 2023. بالإضافة ة إلى جانب الكارثة الإنسانية، عطل النزاع العديد من الخدمات العامة مثل الكهرباء والمياه والخدمات الصحية والخدمات المصرفية، بينما تعطل أيضا الوصول إلى الأسواق، مما أدى إلى ندرة كبيرة في السلع والخدمات. وقد دمر الصراع البنية التحتية الرئيسية، وقيد التجارة المحلية والدولية وعطل أنشطة الإنتاج وسلاسل الموردين.

دخل النزاع المسلح بين القوات المسلحة السودانية وقوات الدعم السريع في السودان شهره السادس منذ اندلاعه في 15 أبريل 2023، دون أي مؤشرات على انتهائه قريبا. تسببت الحرب في كارثة إنسانية حادة، دمرت البنية التحتية الرئيسية، وقيدت أنشطة التجارة والإنتاج. علاوة على ذلك، أدى ذلك إلى تعطيل الوصول إلى المرافق العامة والخدمات المالية والأسواق، مما أدى إلى ندرة كبيرة في السلع والخدمات. في هذه الورقة، نستخدم إطار نمذجة مضاعف مصفوفة المحاسبة الاجتماعية لتقييم الآثار الاقتصادية على مستوى الاقتصاد لهذه الاضطرابات في النشاط الاقتصادي والموارد الإنتاجية وسبل العيش.

The IDB-funded PFPAS program has provided an important financial injection into Nicaragua’s agricultural research system during 2013–2018. The program has made important strides in rehabilitating some of INTA’s run-down research infrastructure, in offering degree and short-term training to research staff, and in strengthening linkages between agricultural research and producers.

En el Perú, se estima que hay aproximadamente 6 millones de personas que migraron internamente en algún momento de su vida. Esto equivale al 20.3% de la población, siendo su mayoría originaria de la serranía peruana. Aunque Lima es el principal polo de atracción, en los últimos años, se ha observado un aumento en la migración hacia las regiones de Madre de Dios, Tacna, Arequipa y Moquegua (INEI, 2022). Entre el 2002 y 2007, Madre de Dios fue el departamento que tuvo la mayor cantidad de migrantes con un saldo migratorio neto de 14,8% (Yamada, 2012).

Growing consensus in the scientific community indicates that higher temperatures and changing precipitation levels resulting from climate change will depress crop yields in many countries over the coming decades. This is particularly true in low-income countries, where adaptive capacity is low. Many African countries are particularly vulnerable to climate change because their economies largely depend on climate-sensitive agricultural production.

Numerous studies indicate that agricultural production is sensitive to climate variability, and lack of infrastructure in developing countries increases vulnerability to extreme climate events. In Ethiopia, the historical climate record indicates frequent droughts and floods, which can devastate agricultural production and existing infrastructure. Too much precipitation can flood crops, rot or suffocate roots, and wash out roads, creating similar economic conditions to those resulting from drought.

Mechanization service providers in Myanmar were originally interviewed by telephone in early May 2020 in order to determine how their businesses were being affected by COVID-19 related restrictions. The results of that survey were published in Myanmar Strategy Support Program Policy Note 07. To trace the continuing impact of the COVID-19 pandemic on their economic activities, a second phone survey of mechanization service providers was done in mid-June 2020. This Policy Note reports on the results of this second survey.

Tenable®, the exposure management company, today announced the release of AI Aware, advanced detection capabilities designed to rapidly surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management, the world’s #1 vulnerability management solution. Tenable AI Aware provides exposure insight into AI applications, libraries and plugins so organizations can confidently expose and close AI risk, without inhibiting business operations.

The rapid development and adoption of AI technologies in the past two years has introduced major cybersecurity and compliance risks that organizations must proactively address without established best practices. As a result, cybersecurity teams face significant AI-related challenges, such as vulnerability detection and remediation, containing data leakage and reining in unauthorized AI use. 

According to recent Tenable Research, more than one-third of security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes. In fact, during a 75-day period between late June and early September, Tenable found over 9 million instances of AI applications on more than 1 million hosts. The cybersecurity risk of unfettered AI usage is compounded by the increasing volume of AI vulnerabilities. Tenable Research has found and disclosed several vulnerabilities in AI solutions, including in Microsoft Copilot, Flowise, Langflow, among others.

With AI Aware, Tenable transforms proactive security for AI solutions. Tenable AI Aware uniquely leverages agents, passive network monitoring, dynamic application security testing and distributed scan engines to detect approved and unapproved AI software, libraries and browser plugins, along with associated vulnerabilities, thereby mitigating risks of exploitation, data leakage and unauthorized resource consumption. The combined depth of these multiple assessment methods delivers the most complete detection of AI in the modern ecosystem. 

[Watch the Tenable AI Aware product demo video here.]

“In an effort to keep pace with the sea change introduced by AI, organizations around the world ran full speed ahead, potentially bypassing countless cybersecurity, privacy and compliance red flags,” said Shai Morag, chief product officer, Tenable. “Perhaps more so than with any other new technology we’ve seen, there are many risk factors to consider, especially with rushed development and deployment. Tenable AI Aware empowers organizations to deploy AI confidently, ensuring their security measures keep pace with the rapid evolution of AI technologies.”

In addition to AI software and vulnerability detection, key AI Aware features available in Tenable Vulnerability Management, Tenable Security Center and Tenable One include:

• Dashboard Views provide a snapshot of the most common AI software discovered in the ecosystem, top assets with vulnerabilities related to AI and the most common communication ports leveraged by AI technologies. 
• Shadow Software Development Detection illuminates the unexpected existence of the building blocks of AI development in the environment, enabling businesses to align initiatives with organizational best practices.
• Filter Findings for AI Detections enable teams to focus on AI-related findings when reviewing vulnerability assessment results. Combined with the power of Tenable Vulnerability Prioritization Rating (VPR), teams can effectively assess and prioritize vulnerabilities introduced by AI packages and libraries. 
• Asset-Centric AI-Inventory provides a complete inventory of AI-related packages, libraries and browser plugins while reviewing the detailed profile of an asset. 

Join the upcoming Tenable webinar titled, "Mitigating AI-Related Security Risks: Insights and Strategies with Tenable AI Aware" on October 9, 2024 at 11:00 am ET, by registering here.

More information on Tenable AI Aware is available at: https://www.tenable.com/products/vulnerability-management/ai-aware 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, Inc. the exposure management company, today announced that Bank of Yokohama, one of the largest of the major regional banks in Japan, has chosen Tenable Identity Exposure to protect its Active Directory and enhance the bank’s ability to protect its internal systems from cyber threats.

Bank of Yokohama, based in Kanagawa Prefecture and Tokyo Metropolitan, is committed to enhancing industry security standards. In 2023, it collaborated with 19 other regional banks to establish CMS-CSIRT, an organization providing mutual cybersecurity support. Unlike megabanks, regional banks often face resource and budget constraints, making such collaborative efforts crucial for implementing effective security programs.

As part of its objectives for FY 2023, the Bank of Yokohama wanted to improve Active Directory (AD) security as it’s the most crucial system in the bank’s intranet. Previously, the bank only applied security patches periodically without any tool or system to detect Active Directory misconfigurations or attacks. Given the evolving threat landscape and rise of attacks involving an identity breach, enhancing the security of Active Directory became a top priority.

“Attackers who have infiltrated an organization's internal system or who wield ransomware and other malware, almost always make a beeline for Active Directory,” said Mr. Akihiro Fushimi, Leader, Concordia Financial Group ICT Governance Department, Security Governance Section and Bank of Yokohama ICT Planning & Promotion Department, Security Governance Section. “They steal user account privileges and elevate them via Active Directory, to enable them to access important data. So, securing Active Directory was an area that we wanted to invest in.”

Bank of Yokohama already used Tenable Security Center for vulnerability management and trusted Tenable's reliability. Selecting Tenable Identity Exposure was an easy decision, with its fast, agentless feature ensuring a seamless deployment process.

The deployment of Tenable Identity Exposure provided the Bank of Yokohama with an in-depth view of its Active Directory. The bank can now accurately identify every AD account, including dormant accounts and machine identities, and understand the potential risks of exploitation by malicious actors due to the multi-functional capabilities of Active Directory. Tenable Identity Exposure detects many of the techniques used in cyber attacks to gain elevated privileges and enable lateral movement, including DCShadow, Brute Force, Password Spraying, Golden Ticket and more.

“Previously, we were under the impression that all we needed to do was to apply patches and manage accounts. Now, with the deployment of Tenable Identity Exposure, we are physically able to see the risk of exploitation. This, I believe, is the positive impact of deploying Tenable Identity Exposure. Its alert functions are comprehensive—it detects vulnerabilities as well as misconfigurations,” said Mr. Shinnosuke Shimada, Bank of Yokohama ICT Planning & Promotion Department, Security, Governance Section.

“Many organizations struggle to maintain proper Active Directory security as their domains grow more complex, often leaving flaws undetected until a major incident occurs. Given the high-profile attacks involving AD in recent years, it's crucial to prioritize AD security within the overall cybersecurity strategy,” said Naoya Kishima, Country Manager, Tenable Japan. “Bank of Yokohama recognizes this need, and we're pleased to support them in their security journey.”

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

Media contact
Tenable PR
tenablepr@tenable.com 

Tenable Research delivers world class exposure intelligence, data science insights, zero day research and security advisories. Our Security Response Team (SRT) in Tenable Research tracks threat and vulnerability intelligence feeds to make sure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to dig into technical details and author white papers, blogs, and additional communications to ensure stakeholders are fully informed of the latest cyber risks and threats. The SRT provides breakdowns for the latest critical vulnerabilities on the Tenable blog.

When security events rise to the level of taking immediate action, Tenable - leveraging SRT intelligence -  notifies customers proactively to provide exposure information, current threat details and how to use Tenable products and capabilities to accelerate remediation.

This dashboard contains indicator style components to highlight any vulnerabilities related to the Tenable Research Advisories where Tenable issues customer guidance that immediate remediation was of paramount importance to all affected organizations. Tenable recommends addressing missing patches as identified in the dashboard components. 

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Security Industry Trends.

The dashboard requirements are: 

• Tenable.sc 6.2.0
• Nessus 10.6.1

The following components are included in this dashboard are:

Research Advisories - Citrix NetScaler ADC and NetScaler Gateway: In August 2023, Mandiant identified a zero-day exploitation impacting NetScaler ADC and NetScaler Gateway appliances. When NetScaler ADC or NetScaler Gateway is configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server, an unauthenticated attacker could exploit the device in order to hijack an existing authenticated session. Depending on the permissions of the account they have hijacked, this could allow the attacker to gain additional access within a target environment and collect other account credentials. Successful exploitation allows the attacker to bypass multi factor authentication (MFA) requirements.

Research Advisories - curl Heap Overflow and Cookie Injection: On October 3, an open-source developer and maintainer of curl, took to X (formerly Twitter) to announce that a new high severity CVE would be fixed in curl 8.4.0. The developer noted that the release would be ahead of schedule and released on October 11, indicating in a reply to the twitter thread that this is 'the worst security problem found in curl in a long time.' 

Research Advisories - MOVEit: The CL0P Ransomware Group, also known as TA505, has exploited zero-day vulnerabilities across a series of file transfer solutions since December 2020. File transfer solutions often contain sensitive information from a variety of organizations. This stolen information is used to extort victims to pay ransom demands. In 2023, CL0P claimed credit for the exploitation of vulnerabilities in both Fortra’s GoAnywhere Managed File Transfer (MFT) and Progress Software’s MOVEit Transfer solutions. 

Research Advisories - log4shell: This matrix alerts organizations to potential concerns regarding the Log4j vulnerability. Displayed are the vulnerabilities that are directly associated with the log4shell CVEs (CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-4104, and CVE-2021-45105) and Log4j installations. 

Research Advisories - CISA Alerts AA22-011A and AA22-047A: On November 3rd, 2021, Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, and on Jan 11, 2022 CISA issued an alert (AA22-011A) warning of increased risk to U.S. critical infrastructure.  A total of 18 CVEs can be associated with this alert.  Hosts and Vulnerabilities identified and mitigated are displayed using the referenced CVE. 

Research Advisories - PrintNightmare: On July 1, Microsoft released an advisory for CVE-2021-34527. This advisory was released in response to public reports about a proof-of-concept (PoC) exploit for CVE-2021-1675, a similar vulnerability in the Windows Print Spooler. To help clear up confusion about the vulnerability, Microsoft updated its advisory for CVE-2021-1675 to clarify that it is similar but distinct from CVE-2021-34527. On July 6, Microsoft updated its advisory to announce the availability of out-of-band patches for CVE-2021-34527, a critical vulnerability in its Windows Print Spooler that researchers are calling PrintNightmare. This remote code execution (RCE) vulnerability affects all versions of Microsoft Windows. 

Research Advisories - MS Exchange ProxyLogon: On March 2, 2021 Microsoft released several critical security updates for zero-day Microsoft Exchange Server vulnerabilities, and reported that the exploits are actively being exploited by threat actors. Within a single week thousands of organizations world-wide have fallen victim. Tenable released several plugins for Exchange Server 2010, 2013, 2016 and 2019, which can be used to determine which Exchange Server systems are vulnerable in your environment.