Customers globally are requesting – and often requiring – SaaS providers to demonstrate their commitment to security, availability, confidentiality, and privacy. While attaining global security certifications has become table-stakes for many to do business, it’s no easy feat. Many organizations struggle to keep pace with this resource- and time-intensive process. As the … [Read more...] about Announcing the public availability of the Cisco Cloud Controls Framework (CCF)
Framework
Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework
The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, … [Read more...] about Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework
Q&A on the MITRE D3FEND Framework
Everyone in the security community is familiar with the ATT&CK framework developed by MITRE. ATT&CK, which stands for Adversary, Tactics, Techniques, and Common Knowledge, is a comprehensive knowledge base of adversary behaviors used by threat actors across the threat lifecycle. While ATT&CK takes on the perspective of the adversary, there was no documented set of … [Read more...] about Q&A on the MITRE D3FEND Framework
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the … [Read more...] about Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers
Cisco Secure: Supporting NIST Cybersecurity Framework
Extending the alignment to include more Cisco products Why should you care? With so many security frameworks, it can be difficult to know where to start from. While many organizations are challenged with managing and improving their cybersecurity programs against the dynamic threat landscape, it’s not easy to pick one framework over another. So where do they start from – ISACA … [Read more...] about Cisco Secure: Supporting NIST Cybersecurity Framework
A Framework for Continuous Security
This is part one of a four-part blog series about DevSecOps. Technology is at the core of business today. Maintaining the resiliency of critical data, assets, systems, and the network is mission-critical; crucial to meeting business goals. As a result, development operations (DevOps) professionals must continuously improve the overall resilience —along with the security posture … [Read more...] about A Framework for Continuous Security
New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in … [Read more...] about New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
North Korean Hackers Spotted Using New Multi-Platform Malware Framework
Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors' … [Read more...] about North Korean Hackers Spotted Using New Multi-Platform Malware Framework