security architecture Archives - Cyber Security Minute

Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

Issued by: Security Week

Building on the cybersecurity executive order signed by President Joe Biden in May 2021, a memorandum from the OMB requires federal agencies to comply with NIST guidance — for secure software development and supply chain security — when using third-party software. In order to ensure compliance, agencies will have to at least obtain a self-attestation…

Network Security

US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Issued by: Security Week

A general-purpose document titled Open Radio Access Network Security Considerations, the guidance is based on current knowledge and recommended practices and should apply to a variety of industries. “Open RAN is the industry term for the evolution of traditional RAN architecture to open interoperable interfaces, virtualization, and big data and AI-enabled intelligence,” the document reads….

Network Security

CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography

Issued by: Security Week

The National Institute of Standards and Technology (NIST) is expected to publish the standard in 2024, but CISA urges stakeholders to prepare in advance, citing potential risks from quantum computing to the entire critical infrastructure. Quantum computers use qubits, or ‘quantum bits’, to deliver higher computing power and speed in certain scenarios, including solving mathematical…

Network Security

Many Industrial Firms Say Cybersecurity Systems Cause Problems to Operations

Issued by: Security Week

Kaspersky reported recently that it only saw a small increase in the percentage of industrial control system (ICS) computers targeted in 2021, compared to the previous year. However, of the more than 300 respondents who took part in the latest survey, half reported seeing an increase in security incidents affecting ICS or other operational technology…

Network Security

SecurityWeek to Host 2022 Attack Surface Management Summit Today

Issued by: Security Week

SecurityWeek will host its 2022 Attack Surface Management Summit, Presented by Randori, as a fully immersive virtual event today. With the pandemic-induced digital transformation underway, security teams are turning to Attack Surface Management (ASM) tools to continuously discover, inventory, classify, prioritize, and monitor digital assets for signs of weaknesses. In this special virtual summit and…

Application Security

Meshed Cybersecurity Platforms Enable Complex Business Environments

Issued by: Security Week

Cybersecurity deployments have become as complex as the networks they are trying to protect. And that’s not a good thing. The demands of digital acceleration have forced organizations to quickly adopt new technologies and expand their networks. And far too often, security is applied as an afterthought. As a result, according to IBM, enterprises have…

Application Security, Cloud Security, Network Security

Recorded Future Acquires SecurityTrails in $65M Deal

Issued by: Security Week

With this transaction, Somerville, Mass.-based Recorded Future gets a direct entry into the competitive continuous Attack Surface Management (ASM) business and new technology to help organizations with real-time visibility into networks and servers exposed to malicious actors. The $65 million deal comes less than a year after Recorded Future announced an early-stage investment in SecurityTrails…

Vulnerabilities

Corellium Lands $25 Million Investment for Virtualization Tech

Issued by: Security Week

Corellium, a Florida-based company with its roots in the iPhone jailbreaking community, said the $25 million Series A also included investments from Cisco investments and other strategic investors. Corellium LogoThe money comes exactly a year after a federal judge dismissed Apple’s copyright lawsuit against Corellium and the two sides reached a settlement on another matter…

Malware & Threats

‘Sabbath’ Ransomware Operators Target Critical Infrastructure

Issued by: Security Week

According to a warning from Mandiant, the group previously operated under the names of Arcane and Eruption and was observed last year deploying the ROLLCOAST ransomware. In October 2021, the group created the public naming-and-shaming site 54BB47h (Sabbath), one month after a post was discovered where the malware group announced it was looking for partners…

Network Security

CISA Opens IPv6 Guidance to Public Feedback

Issued by: Security Week

Named IPv6 Considerations for TIC 3.0, the document was issued in line with Office of Management and Budget (OMB) Memorandum 21-07, which mandates CISA to enhance the Trusted Internet Connections (TIC) program to ensure Internet Protocol version 6 (IPv6) is implemented within federal IT systems. The new IPv6 guidance is meant to provide information on…