Aggregator
Vulnerability handling requirements for NIS2 compliance
In a previous blog post, we covered two foundational elements of the Network and Information Security (NIS2) Directive, software supply chain security and reporting requirements. In this blog, we take a closer look at the types of organizations impacted by NIS2 and the incident-handling requirements it outlines.
The post Vulnerability handling requirements for NIS2 compliance appeared first on Security Boulevard.
FFIEC Will Sunset the Cybersecurity Assessment Tool: Everything You Need to be Prepared
The Federal Financial Institutions Examination Council (FFIEC) has officially announced that its Cybersecurity Assessment Tool (CAT) will phase out by August 31, 2025. Launched in June 2015, the CAT has helped financial institutions assess and improve their cybersecurity posture. However, with cybersecurity threats constantly evolving, the FFIEC has decided it’s time to move on. This […]
The post FFIEC Will Sunset the Cybersecurity Assessment Tool: Everything You Need to be Prepared appeared first on Centraleyes.
The post FFIEC Will Sunset the Cybersecurity Assessment Tool: Everything You Need to be Prepared appeared first on Security Boulevard.
Targeted Iranian Attacks Against Iraqi Government Infrastructure
Key Findings Introduction Check Point Research (CPR) has been closely monitoring a campaign targeting the Iraqi government over the past few months. This campaign features a custom toolset and infrastructure for specific targets and uses a combination of techniques commonly associated with Iranian threat actors operating in the region. The toolset used in this targeted […]
The post Targeted Iranian Attacks Against Iraqi Government Infrastructure appeared first on Check Point Research.
RansomHub
Geopolitical Tensions Fuel Growth in Cross-Border Fraud
Geopolitical tensions have heightened cross-border fraud, with criminals exploiting technological advances and regulatory gaps between countries. Shilpa Arora, head of anti-financial crime products at ACAMS, discusses ways banks can tackle cross-border fraud schemes.
Bashing Windows Bugs, Take 2: Microsoft Restores Nixed Fixes
Microsoft has issued a slew of software updates to patch numerous flaws, including three zero-day vulnerabilities that are already being exploited via in-the-wild attacks. Another fix addresses a prior update that inadvertently reintroduced vulnerable components to Windows 10.
Mental Health Records Database Found Exposed on Web
An AI-powered virtual care provider's unsecured database allegedly exposed thousands of sensitive mental health and substance abuse treatment records between patients and their counselors on the internet - where they were available to anyone, said the security researcher who discovered the trove.
Palo Alto Networks security advisory (AV24-516)
Cisco security advisory (AV24-515)
USENIX Security ’23 – Differential Testing of Cross Deep Learning Framework APIs: Revealing Inconsistencies and Vulnerabilities
Authors/Presenters:Zizhuang Deng, Guozhu Meng, Kai Chen, Tong Liu, and Lu Xiang, Chunyang Chen
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security ’23 – Differential Testing of Cross Deep Learning Framework APIs: Revealing Inconsistencies and Vulnerabilities appeared first on Security Boulevard.