Multiple regional conflicts, such as Russia’s continued invasion of Ukraine and the Israel-Hamas conflict, have resulted in a surge in cyberattacks and hacktivist activities, according to Trellix. AI-driven ransomware boosts cybercrime tactics The research examines an increasingly complex ransomware ecosystem where groups have adopted advanced tools with embedded AI to spread ransomware. Trellix telemetry reveals China-affiliated threat actor groups remain a prevalent source of nation-state advanced persistent threat (APT) activities, with Mustang Panda generating more … More →
The post AI-based tools designed for criminal activity are in high demand appeared first on Help Net Security.
In this Help Net Security video, Gourav Nagar, Director of Information Security at Bill, discusses modernizing incident response in the era of AI and the cloud: Why this issue is important for organizations looking to stay ahead of rapidly evolving cyber threats. How to adapt traditional incident response processes for cloud-native and AI-driven environments. How to leverage automation and orchestration in incident response while maintaining human oversight. Strategies for cultivating a security-first culture and improving … More →
The post Modernizing incident response in the AI era appeared first on Help Net Security.
Here’s a look at the most interesting products from the past month, featuring releases from: Absolute, Arkose Labs, Atakama, BlackFog, Eurotech, HiddenLayer, Hornetsecurity, Nirmata, Radware, Rakuten Viber, Symbiotic Security, Tanium, and Vectra AI. Tanium Cloud Workloads provides visibility and protection for containerized environments As part of the Tanium platform, Tanium Cloud Workloads reduces the risks associated with container deployments by identifying vulnerabilities and configuration issues in container images before they reach deployment. Atakama introduces DNS … More →
The post Infosec products of the month: November 2024 appeared first on Help Net Security.
MITRE 分享了今年最常见和最危险的 25 个软件弱点列表,其中包含 2023 年 6 月至 2024 年 6 月期间披露的 31,000 多个漏洞。
软件弱点是指在软件代码、架构、实现、或设计时,攻击者可以利用它们来破坏运行易受攻击软件的系统,从而获得对受影响设备的控制权并访问敏感数据或触发拒绝服务攻击。
MITRE 表示:“这些漏洞通常很容易发现和利用,但可能会导致可利用的漏洞,使对手能够完全接管系统、窃取数据或阻止应用程序运行。”
揭示这些漏洞的根本原因可以为投资、政策和实践提供强有力的指导,以从一开始就防止这些漏洞的发生,从而使行业和政府利益相关者受益。
为了创建今年的排名,MITRE 在分析了 31,770 个 CVE 记录中的漏洞后,根据其严重性和频率对每个漏洞进行了评分,这些漏洞“将受益于重新映射分析”并在 2023 年和 2024 年报告,重点关注添加到 CISA 已知漏洞的安全漏洞被利用的 KEV 目录。
这份年度清单确定了攻击者经常利用的最关键的软件漏洞来危害系统、窃取敏感数据或破坏基本服务, CISA 强烈鼓励企业审查此列表并使用它来告知其软件安全策略。优先考虑开发和采购流程中的这些弱点有助于防止软件生命周期核心的漏洞。
CISA 还定期发布“设计安全”提醒,重点显示广为人知且已记录的漏洞,尽管有可用且有效的缓解措施,但这些漏洞尚未从软件中消除,其中一些是为了应对持续的恶意活动而发布的。
5 月和 3 月,网络安全机构又发布了两个“设计安全”提醒,敦促技术高管和软件开发人员防止其产品和代码中的路径遍历和 SQL 注入 (SQLi) 漏洞。
上周,FBI、NSA 和网络安全机构发布了去年 15 个经常被利用的安全漏洞清单,表示攻击者主要针对零日漏洞(已披露但尚未修补的安全漏洞) )。
到 2023 年,大多数最常被利用的漏洞最初都被作为零日漏洞利用,这比 2022 年有所增加,当时只有不到一半的最常被利用的漏洞被作为零日漏洞利用。