August 28, 2024 at 10:03AM The rise of generative AI and large language models bring real security risks, from exposing data to malicious attacks. The rapid adoption of AI introduces new risks, but the opaque nature of AI models makes identifying and managing these risks challenging. Implementing an AI security framework and following key strategies … Read more
August 8, 2024 at 07:45AM The article discusses the importance of Automated Security Validation (ASV) in cybersecurity strategies. It highlights ASV’s capabilities to provide a comprehensive view, prioritize vulnerabilities, scale across organizations, and align with regulatory frameworks. Additionally, it emphasizes the need to integrate ASV with the Continuous Threat Exposure Management (CTEM) framework to maximize … Read more
April 11, 2024 at 04:41PM Red team exercises play a vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks. Regular testing and improvement are needed to counter evolving threats effectively. Different types of exercises such as external red teaming, assumed breach, and purple teaming have distinct … Read more
February 12, 2024 at 06:27AM The U.S. CISA and OpenSSF are collaborating to establish the Principles for Package Repository Security, a framework aiming to enhance security in open-source software ecosystems. It outlines four security maturity levels and emphasizes the importance of continual security improvements. This development addresses growing security concerns related to open-source software in … Read more
December 13, 2023 at 10:48AM MITRE, in collaboration with the cybersecurity community and the industrial sector, has developed EMB3D, a threat model tailored for embedded devices in critical infrastructure. With a focus on mitigating threats, EMB3D provides a knowledge base and mappings to device properties while offering technical mitigations. It aims to enhance device security … Read more