網路安全快照: 随着 OpenSSF 发布安全软件原则,CISA 呼吁软件制造商使用内存安全语言
CISA is urging developers to stamp out memory vulnerabilities with memory safe programming languages. Meanwhile, the OpenSSF published 10 key principles for secure software development. Plus, malware used in fake browser-update attacks ballooned in Q3. In addition, a new program aims to boost the cy...
網路安全快照: 美国,英国政府就如何构建安全的 AI 系统提供建议
Looking for guidance on developing AI systems that are safe and compliant? Check out new best practices from the U.S. and U.K. cyber agencies. Plus, a new survey shows generative AI adoption is booming, but security and privacy concerns remain. In addition, CISA is warning municipal water plants abo...
網路安全快照: 美国Gov’t Revises, Seeks Input on Security Assessment Questionnaire for Software Vendors
Uncle Sam wants your input on the latest version of the “Secure Software Development Attestation Form” that federal agencies will use to assess the security of software vendors. Plus, it’s warning cyber teams about the threats from the Rhysida and Scattered Spider cybercrime groups. In addition, the...
網路安全快照: Are SBOMs on Your Supply Chain Security Radar Screen? Check Out New Recommendations from CISA and NSA
The SBOM concept is still half-baked, but CISA and NSA want to help change that with new best practices for software vendors, developers and buyers. Plus, there’s new guidance about the Royal ransomware gang – as ransomware attacks grow. In addition, Google highlights a new typosquatting trend impac...
網路安全快照: Critical Infrastructure Security in the Spotlight in November
It’s “Critical Infrastructure Security and Resilience Month” – check out new resources from the U.S. government to better protect these essential organizations. Plus, the U.K.’s cyber agency is offering fresh guidance for mitigating the quantum computing threat. In addition, do you need a generative...
網路安全快照: Why Organizations Struggle to Prevent Attacks and How They Can Do Better
Find out the top people, process and technology challenges hurting cybersecurity teams identified in a commissioned study by Forrester Consulting on behalf of Tenable....
網路安全快照: GenAI Drives Broader Use of Artificial Intelligence Tech for Cyber
Check out how organizations’ enthusiasm over generative AI is fueling artificial intelligence adoption for cybersecurity. Plus, how CISA plans to revamp the U.S. government’s cyber incident response plan. In addition, learn about a new set of best practices for protecting cloud backups. Also, why bo...
網路安全快照: SANS 提供了最大程度利用较小 OT 安全预算的技巧
A SANS Institute survey found that budgets for ICS/OT security have shrunk, and advises on how to do more with less. Plus, hiring managers boost starting salaries to recruit stellar cyber pros. In addition, CISA’s Cybersecurity Awareness Month campaign challenges tech vendors to build safer products...
網路安全快照: 随着网络威胁加剧,CISO 们预算捉襟见肘
After double-digit growth in the past two years, cybersecurity budgets expanded more modestly in 2023. Plus, a survey offers an inside look at how organizations are grappling with cyber challenges. In addition, the U.S. and Japan warn about a China-linked group that’s stealthily compromising network...
網路安全快照: DHS 跟踪勒索软件新趋势,因为攻击推高了网络保险赔偿金额,抢夺变体会触发警报
Check out the new ransomware trends documented by DHS, as well as a joint CISA-FBI alert about the Snatch ransomware. Plus, find out what CISA has in store for its Known Exploited Vulnerabilities catalog. Furthermore, don’t miss new source-code management tips from the OpenSSF. And much more!...
網路安全快照: 获取有关 Deepfake 威胁、开源风险、AI 系统安全和勒索软件团伙的最新信息
Tasked with securing your org’s new AI systems? Check out a new Google paper with tips and best practices. Plus, open source security experts huddled at a conference this week – find out what they talked about. Also, Uncle Sam says it’s time to prep for deepfake attacks. And much more!...
網路安全快照: Cyber Pros Taxed by Overwork, Understaffing and Lack of Support, as Stress Takes a Toll
Life is getting harder for cybersecurity pros, but there are ways to improve working conditions. Check out what a study found. Meanwhile, there’s a new, free attack-emulation tool for OT security teams. Plus, the U.S. government is alerting about exploits to CVE-2022-47966 and CVE-2022-42475. We als...