Unpacking CISA’s AI guidelines
CISA’s late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both federal and vendor cybersecurity infrastructure in the federal marketplace.....»»
You"re not wearing Vision Pro wrong and Apple isn"t hiding anything
Apple Vision Pro, the spatial computer you wear on your face, can hurt sometimes but Apple has provided clear guidelines.....»»
App Store guidelines now allow game emulators; music apps in the EU can take users to an external website
After the EU commission fined Apple $2 billion and announced that it’s not satisfied with the changes the company made to comply with the Digital Markets Act (DMA), Apple on Friday updated the App Store guidelines again. This time, the company is m.....»»
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV ca.....»»
Chicago ranked 2nd for worst air pollution in 2023 among major US cities, global report says
Chicago ranked second among major U.S. cities with the worst air pollution in 2023, its average annual concentration of dangerous fine particulate matter almost three times global guidelines, according to a recent report. Even as national standards h.....»»
CISA: Here’s how you can foil DDoS attacks
In light of the rise of “DDoS hacktivism” and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance of how governmental ent.....»»
Only 13% of medical devices support endpoint protection agents
63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability, acc.....»»
New research urges a rethink on how we view the value of our fruit and vegetables
Researchers have developed an innovative tool that aims to bridge the gap between nutritional guidelines and consumers' shopping habits, making it easier for everyday Australians to make healthy purchase decisions......»»
Google’s new bulk sender guidelines spell trouble for B2B
Google’s new bulk sender guidelines spell trouble for B2B.....»»
Security Bite: Hackers breach CISA, forcing the agency to take some systems offline
The Cybersecurity and Infrastructure Security Agency (CISA) says two systems were hacked in February through vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had critical ties to U.S. infrast.....»»
Sentra Jagger provides real-time security insights and AI-assisted remediation guidelines
Sentra announced Sentra Jagger, a Large Language Model (LLM)-assistant for cloud data security. This new capability enhances the functionality of Sentra’s core Data Security Posture Management (DSPM) and Data Detection and Response (DDR) platfo.....»»
Integrating software supply chain security in DevSecOps CI/CD pipelines
NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides ac.....»»
The cultural evolution of collective property rights for sustainable resource governance
Community-based natural resource management has been dominated for several decades by the design principles of Nobel Prize laureate Elinor Ostrom. These principles provide guidelines for improving the governance of resource systems, from small-scale.....»»
CVE Prioritizer: Open-source tool to prioritize vulnerability patching
CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effec.....»»
Apple reinstates Epic’s developer account, ‘Epic Games Store’ launching in the EU this year
Despite Tim Sweeney’s vocal opposition to Apple’s new third-party app marketplace guidelines in the European Union, Epic Games is planning to launch its own store on iPhone later this year. The company teased its plans last month, and has shared.....»»
Despite Apple’s rule changes, Microsoft says it’s not planning an Xbox Cloud Gaming app for iOS
Most of Apple’s recently-announced App Store changes are exclusively for iPhone users in the European Union, but there’s one exception. Apple also announced last month that it is relaxing its App Store Guidelines for cloud gaming apps worldwide.....»»
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Ab.....»»
Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)
Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding.....»»
China to help NEV industry respond to foreign trade restrictions
China has issued guidelines encouraging automakers to set up R&D and after-sales service centers abroad, to collaborate with foreign partners in building supply chains, and to work more closely with shipping companies on transportation logistics......»»
Exploring NIST Cybersecurity Framework 2.0
In this Help Net Security video, Dan Erel, VP of Security at SeeMetrics, discusses NIST Cybersecurity Framework (CSF) 2.0. NIST CSF is based on existing standards, guidelines, and practices for organizations to manage and reduce cybersecurity risk be.....»»
Unpacking the challenges of AI cybersecurity
As organizations handle increasing amounts of data daily, AI offers advanced capabilities that would be harder to achieve with traditional methods. In this Help Net Security video, Tyler Young, CISO at BigID, explores AI’s challenges, triumphs,.....»»