January 2024

New YouTube Video Series: Hacker Tools Origin Stories, (Thu, Jan 11th)

Jan 11, 2024

I remembered that I should have mentioned this in today&#39;s podcast, so here it goes as a quick post. The amazing Mark Baggett stepped away from his Python console and started a new series of YouTube videos about the origin stories of various hacker tools. The first one he covers is Security Onion. These videos interview the creators of the tools to learn more about why and how they were created.
http://news.poseidon-us.com/T1FNjY

5 steps for building an adaptable, dynamic zero trust architecture within federal agencies

Jan 10, 2024

: Shield Icon of Cyber Security Digital Data, Technology Global Network Digital Data Protection, Future Abstract Background Concept. 3D Rendering

At its core, a zero-trust architecture (ZTA) follows one guiding principle: Trust no one. Unlike conventional models, where anything inside the network perimeter is trusted, ZTA considers all users and systems as potential threats. This means verifying every access attempt, regardless of whether the attempt originates inside or outside the network.
http://news.poseidon-us.com/T1D0Fp

Top LLM vulnerabilities and how to mitigate the associated risk

Jan 10, 2024

As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress should grind to a halt: Exploring AI is essential to staying competitive, meaning CISOs are under intense pressure to understand and address emerging AI threats. While the AI threat landscape changes every day, there are a handful of LLM vulnerabilities that we know pose significant risk to enterprise operations today. If … More → The post Top LLM vulnerabilities and how to mitigate the associated risk appeared first on Help Net Security.
http://news.poseidon-us.com/T1BqhK

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals

Jan 10, 2024

Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. Angelina Tsuboi, the developer of Fly Catcher, is an enthusiastic pilot, cybersecurity researcher, and tinkerer. She was driven to embark on a project that merged these three distinct interests to address a significant issue in aviation radar systems. Intrigued by the ADS-B system, initially used for basic plane spotting and tracking, Tsuboi looked more … More → The post Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals appeared first on Help Net Security.
http://news.poseidon-us.com/T1BqhH

The power of basics in 2024’s cybersecurity strategies

Jan 10, 2024

In this Help Net Security video, Nick Carroll, Cyber Incident Response Manager at Raytheon, discusses how while organizations will be challenged to strengthen their defenses faster than cyber threats are evolving, this ‘come from behind’ rush to keep pace with attackers can often lead to the harmful practice of organizations skipping the foundational basics of cyber defense and failing to establish a general sense of cyber awareness within the business. The post The power of basics in 2024’s cybersecurity strategies appeared first on Help Net Security.
http://news.poseidon-us.com/T1BqfJ

Researchers develop technique to prevent software bugs

Jan 10, 2024

A team of computer scientists led by the University of Massachusetts Amherst recently announced a new method for automatically generating whole proofs that can be used to prevent software bugs and verify that the underlying code is correct. This new method, called Baldur, leverages the artificial intelligence power of LLMs, and, when combined with the tool Thor, yields efficacy of nearly 66%. “Software bugs have a profound impact on society today. They range from annoying … More → The post Researchers develop technique to prevent software bugs appeared first on Help Net Security.
http://news.poseidon-us.com/T1BqZN

What a cybersecurity company thinks of the new DoD cybersecurity rule

Jan 9, 2024

: cybersecurity concept Global security network technology, encryption with padlock icon on virtual interface, protection of personal data on the Internet online and protection against hacker attacks.

Industry and government alike have been pondering the new proposed rule on vendor cybersecurity that was published just a couple of weeks ago. The Defense Department wants to finally get its Cybersecurity Maturity Model Certification program off the ground. It would impose new requirements on contractors. For one industry view, the Federal Drive with Tom Temin spoke with the Chief Technology Officer at Fortinet Federal, Felipe Fernandez.
http://news.poseidon-us.com/T19NTt

Zyxel unveils new cloud-managed switches for small businesses and professional home users

Jan 9, 2024

Zyxel Networks launched the XMG1915 series – a family of smart managed switches designed to provide small businesses and professional home users (prosumers) with the throughput and versatility needed to support today’s high bandwidth applications and services. With the growth in hybrid and home working, high-definition video content, and the use of cloud services, small businesses (SBs) and prosumers need much higher throughput capabilities on the network. In addition, increased Power over Ethernet (PoE) budgets … More → The post Zyxel unveils new cloud-managed switches for small businesses and professional home users appeared first on Help Net Security.
http://news.poseidon-us.com/T189Kj

Securing AI systems against evasion, poisoning, and abuse

Jan 9, 2024

Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible defense against this. In their latest publication, NIST researchers and their partners highlight these AI and machine learning vulnerabilities. Taxonomy of attacks on Generative AI systems Understanding potential attacks on AI systems The publication, “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations (NIST.AI.100-2),” is a key component of NIST’s broader initiative to … More → The post Securing AI systems against evasion, poisoning, and abuse appeared first on Help Net Security.
http://news.poseidon-us.com/T17YFF

Accelerate essential cyber hygiene for your small business

Jan 9, 2024

Think you’re too small to experience a cyber attack? That’s not the case. In fact, cyber threat actors (CTAs) are increasingly setting their sights on small businesses. If successful, their attack attempts can be devastating. Fortunately, the Center for Internet Security released the “CIS Implementation Guide for Small- and Medium-Sized Enterprises.” It’s designed to help your small business rapidly adopt Implementation Group 1 (IG1), a subset of the CIS Critical Security Controls (CIS Controls). Let’s … More → The post Accelerate essential cyber hygiene for your small business appeared first on Help Net Security.
http://news.poseidon-us.com/T17YCZ