so

ETSI Open Source MANO announces OSM Release ELEVEN

ETSI Open Source MANO announces OSM Release ELEVEN

Sophia Antipolis, 7 December 2021

ETSI is pleased to announce OSM Release ELEVEN. Committed since its foundation to the alignment with ETSI standardization work, this release completes the adoption of two new ETSI NFV specifications, ETSI GS NFV-SOL004 and ETSI GS NFV-SOL007 for package formats. Standards adoption is part of the OSM vision to enable interoperability and a large and healthy NFV ecosystem. In addition, Release ELEVEN includes significant functional extensions in areas such as interoperability with public clouds, interaction with cloud-native environments and integration of network functions of different natures.

Read More...




so

PKI Consortium signs MoU with ETSI

PKI Consortium signs MoU with ETSI

Sophia Antipolis, 1 February 2022

On 26 January PKI Consortium and ETSI signed a Memorandum of Understanding (MoU) to structure and strengthen the relationship between both organizations and foster a closer relationship.

Read More...




so

ETSI unveils 2022 Fellows rewarding outstanding personal contribution

ETSI unveils 2022 Fellows rewarding outstanding personal contribution

Sophia Antipolis, 6 April 2022

ETSI is pleased to unveil its 2022 ETSI Fellows. The Award committee, composed of the GA Chair and Vice-Chairs, the Board Chair and the ETSI Director-General, unanimously nominated Dr. Diego López, Dr. Günter Kleindl, Mr. Larry Taylor and Mr. Lindsay Cornell as ETSI Fellows for their outstanding personal contributions to the organization.

Read More...




so

ETSI launches a new open-source group: TeraFlowSDN

ETSI launches a new open-source group: TeraFlowSDN

Supporting autonomous networks and cybersecurity use cases

Sophia Antipolis, 31 May 2022

Today, ETSI is pleased to announce the creation of a new open-source group called TeraFlowSDN. Based upon the results of the European Union-funded TeraFlow 5G PPP research project, this new group hosted by ETSI will provide a toolbox for rapid prototyping and experimentation with innovative network technologies and use cases.

Read More...




so

ECSO and ETSI renew Memorandum of Understanding

ECSO and ETSI renew Memorandum of Understanding

Sophia Antipolis, 10 June 2022

ECSO and ETSI are pleased to strengthen their relationship and foster a close co-operation in the field of cybersecurity and standardization.

Read More...




so

ETSI welcomes the strengthened role for NSOs in the decision-making process of European standards

ETSI welcomes the strengthened role for NSOs in the decision-making process of European standards

Sophia Antipolis, 19 October 2022

The EU member states' ambassadors today endorsed the final compromise text of the Amendment to regulation 1025/2012 with regard to the decisions of European standardization organizations concerning European standards and European standardization deliverables.

Read More...




so

ETSI Top 10 Webinars in 2022 Starring: Cybersecurity, AI, IPv6, MEC, Open Source MANO and more

Sophia Antipolis, 20 December 2022

As 2022 comes to an end, we have selected for you our most popular webinars of the year. If you missed them, listen to the recorded presentations and their Q&A sessions, deep dive into the Cyber resilience Act and AI Act, IPv6, Multi-access Edge Computing, Open Source MANO and much more.

Read More...




so

ETSI to transform the standards development landscape with Software Development Groups

Sophia Antipolis, 2 February 2023

ETSI, the organization for globally applicable standards for information and communication technology (ICT), has adopted a new instrument, Software Development Groups (SDGs). This game-changing move will help ETSI adapt to the ever-evolving landscape of technology and standards development. Developing software to accompany standards will accelerate the standardization process, providing faster feedback loops and improving the quality of standards.

Read More...




so

ETSI launches second release of TeraFlowSDN, its open source Cloud-Native SDN Orchestrator and Controller for transport networks

Sophia Antipolis, 2 February 2023

ETSI Open Source Group TeraFlowSDN has just announced the 2nd release of TeraFlowSDN controller, an innovative and robust SDN orchestrator and controller.

Read More...




so

ETSI Multi-access Edge Computing Consolidates Phase 3 Work

Leading to more effective and fruitful cross organization collaboration

Sophia Antipolis, 14 February 2023

In the last three months, ETSI ISG MEC has released its final Phase 2 specification (GS MEC 015, on Traffic Management APIs) and made significant progress on Phase 3 with the release of a number of important specifications, including the MEC Federation Enablement APIs (GS MEC 040): in particular, this specification is critical for supporting the requirements received from GSMA OPG (Operator Platform Group) to enable inter-MEC system communication and allow 5G operators to collaborate among themselves, with service cloud providers and with other stakeholders. 

Read More...




so

ETSI launches First Software Development Group

Sophia Antipolis, 25 July 2023

ETSI is proud to announce the establishment of its first Software Development Group, called OpenSlice. With this group, ETSI positions itself as a focal point for development and experimentation with network slicing.

Read More...




so

ETSI Open Source MANO announces Release FOURTEEN providing a new scalable architecture for service assurance

Sophia Antipolis, 26 July 2023

The ETSI Open Source MANO community is proud to announce OSM Release FOURTEEN. Release FOURTEEN is a Long-Term-Support (LTS) release of ETSI OSM, providing two years of continuous support with bug fixes and security patches, and including significant improvements in many key areas.

Read More...




so

Linux Foundation and ETSI Further Collaborate to Drive Harmonization Across Open Source and Open Standards

BILBAO, SpainOpen Source Summit Europe, 19 September 2023

The Linux Foundation, the nonprofit organization focused on fostering innovation through open source, and ETSI, the independent organization providing global standards for ICT services across all sectors of industry, today announced expanded collaboration. While the two organizations have been working together for years, the 2019 formal Memorandum of Understanding (MOU)  recently has been updated and expanded.

Read More...




so

ETSI releases standard for IT solution providers to comply with EU regulation on electronic signatures in email messages

Sophia Antipolis, 20 September 2023

ETSI has published a new standard on “Requirements for trust service providers issuing publicly trusted S/MIME certificates” (ETSI TS 119 411-6 ) helping Trust Service Providers comply with new standards for S/MIME certificates that are enforced since 1 September 2023. Secure MIME (S/MIME) certificates are used to sign, verify, encrypt, and decrypt email messages. 

Read More...




so

ETSI Announces New Software Development Group for Common API Framework

Sophia Antipolis, 9 November 2023

ETSI is delighted to announce the establishment of a new Software Development Group, called OpenCAPIF. OpenCAPIF is developing an open-source Common API Framework, as defined by 3GPP, allowing for secure and consistent exposure and use of APIs.

Read More...




so

ETSI Open Source MANO announces Release FIFTEEN, leaner and easier to maintain

Sophia Antipolis, 21 December 2023

The ETSI Open Source MANO community is proud to announce OSM Release FIFTEEN, meeting the well-established cadence of two releases per year. The OSM community delivers one Long Term Support (LTS) and one regular release every year, to ensure the OSM user base is provided with continuous innovations and production-ready stability.

Read More...




so

ETSI unveils 2024 Fellows rewarding outstanding personal contribution

Sophia Antipolis, 18 April 2024

ETSI is pleased to unveil its 2024 ETSI Fellows who were announced at the 83rd ETSI General Assembly on 16 April 2024.
The Award Committee, composed of the GA Chair and Vice-Chairs, the Board Chair and the ETSI Director-General, unanimously named Dr. Howard Benn, Mr. Philippe Magneron, Dr. Matthias Schneider, Mrs. Isabelle Valet Harper and Mr. Dirk Weiler, as ETSI Fellows 2024 for their outstanding personal contributions to the organization.

Read More...




so

ETSI Open Source MANO announces Release SIXTEEN, enabling cloud-native orchestration of cloud infrastructure and applications

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...




so

New York: Tanya Taylor - From McGill to Madison Avenue

Starts: Wed, 13 Nov 2024 20:00:00 -0500
11/13/2024 06:00:00PM
Location: New York, U. S. A.




so

MAA Ottawa: November Alumni Social

Starts: Tue, 19 Nov 2024 20:30:00 -0500
11/19/2024 05:30:00PM
Location: Ottawa, Canada




so

MAA Netherlands - Meet and Greet Alumni Social

Starts: Wed, 20 Nov 2024 19:00:00 -0500
11/20/2024 07:00:00PM
Location: Amsterdam, Netherlands




so

MAA South Korea: Annual Networking Event

Starts: Sat, 23 Nov 2024 18:30:00 -0500
11/23/2024 06:30:00PM
Location: Seoul, Korea (south)




so

McGill Society of Montreal Holiday Social

Starts: Mon, 25 Nov 2024 20:00:00 -0500
11/25/2024 05:30:00PM
Location: Montreal, Canada




so

MAA of Brome-Missisquoi Holiday Season Gathering

Starts: Sat, 30 Nov 2024 20:00:00 -0500
11/30/2024 05:00:00PM
Location: Lac-Brome (Knowlton), Canada




so

McGill Society of Hong Kong Year End Holiday Dinner

Starts: Tue, 03 Dec 2024 19:30:00 -0500
12/03/2024 07:30:00PM
Location: Happy Valley, Hong Kong (china)




so

WLP Vancouver Holiday Social & Networking Event with Martha Piper!

Starts: Wed, 11 Dec 2024 19:00:00 -0500
12/11/2024 05:00:00PM
Location: Vancouver, Canada




so

Civil War: The Southern Perspective

The Civil War began with a largely symbolic battle at Fort Sumter, a battle in which the only fatality was a (southern) horse.




so

Somewhere in the Nadir of African American History, 1890-1920

New essay by Glenda Gilmore just added to Freedom's Story: Teaching African American Literature and History, TeacherServe from the National Humanities Center.




so

OSC Staff Notice 11-737 (Revised) – Securities Advisory Committee – Vacancies

The Securities Advisory Committee (“SAC”) is a committee of industry experts established by the Commission to advise it and its staff on a variety of matters including policy initiatives and capital markets trends.




so

Associate Research Fellow / Research Fellow

Job Summary The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as an Associate Research Fellow or Research Fellow. This is a two-year, renewable, exempt appointment based at IFPRI’s Washington, DC Office.  The ideal candidate will have demonstrated aptitude with modeling water resources and hydrologic systems at multiple scales, experience in developing and operating modeling suites that link biophysical and economic models, and interest/experience in the analysis of risk and uncertainty. The successful candidate will work on interdisciplinary teams to conduct research, produce high-impact publications and disseminate knowledge that (for example): assists national level policy-making units confront the challenges posed by climate change and water constraints; fosters regional strategies for resilient growth and development in a context of climate change; works with CGIAR partners on research and/or model development, particularly in IWMI; and assists key agri-food system actors in low- and middle-income countries (LMICs) and other constituencies in the formation of investment plans in water resources, including in relation to food and energy. Specific areas of research are expected to be developed in accordance with the intersection of the interests and skills of the successful candidate and the objectives of the Foresight and Policy Modeling Unit. It is anticipated that about 80 percent of the job will be dedicated to applied research, and the remaining 20 percent will be allocated to capacity-building, policy engagement, and outreach activities supporting evidence-based decision-making. Essential Duties  Specific duties include but are not limited to:  ·          Lead development, maintenance, and improvement of IFPRI’s water data and modeling systems compatible with global (IMPACT) and national levels (RIAPA). ·          Contribute to scenario development, modeling and analytics supporting a variety of foresight-related research projects. ·          Lead focused studies on water-related issues relevant for food system transformation globally and in LMICs. ·          Work with other modelers in the Foresight and Policy Modeling unit to maintain and improve water modeling components of established modeling frameworks. ·          Conduct research in the service of the CGIAR’s mission to advance positive transformation of food, land, and water systems. ·          Support efforts to strengthen the capacity of partner organizations and networks to conduct scholarly research and communicate evidence-based policy recommendations. ·          Prepare project reports, research papers, presentations, and peer-reviewed journal articles in collaboration with CGIAR researchers, other collaborators, and partners. ·          Regularly communicate research outputs via policy seminars, policy briefs, and peer-reviewed publications to a broad spectrum of stakeholders, including researchers, academics, policymakers, and government officials. ·          The successful candidate will work with a multi-disciplinary and multi-cultural team of researchers and is expected to engage in a broad range of research projects and activities consistent with the research program of the Foresight and Policy Modeling Unit. Required Qualifications ·          PhD in Water Resources Engineering, Hydrology, or closely related field ·          Significant expertise in using water resources systems and hydrologic models and experience or interest to link these to economic and other simulation models at global, regional and national levels to evaluate policies related to food, land, and water systems. ·          Demonstrated capabilities in quantitative analysis and ability to use spatial data and methods in innovative and policy-relevant ways to examine water resource management issues in the context of climate change and other major drivers. ·          Ability or willingness to work in the GAMS modeling environment and code, other math/statistical programming languages, and GIS. ·          Experience using river basin modeling tools, (e.g. Mike Hydro Basin, WEAP, and Riverware). ·          Strong interpersonal skills and ability to work well both with a team and independently. ·          Ability to work in a dynamic environment, take initiatives to resolve issues and effectively work with minimal supervision. ·          Excellent written and verbal communication skills in English. ·          Willingness to travel extensively (including internationally) as required. Preferred Qualifications ·          Ability to work in Python. ·          Relevant research experience as applied to LMIC country contexts in Africa, Asia, and/or Latin America. ·          Demonstrated ability to produce high-quality written reports, oral presentations, blog posts, and/or other forms of written and oral communications associated with scholarly research outputs. Additional requirements at the Research Fellow level ·          At least 3 years of post-PhD experience relevant to the job and demonstrated fundraising experience. ·          Strong publication record in peer-reviewed journals. ·          Major external recognition within professional peer network based on publications and other leadership activities. ·          Demonstrated leadership skills and successful experience building and managing teams. Physical Demand & Work environment ·          Employee will sit in an upright position for a long period of time ·          Employee will lift between 0-10 pounds. ·          Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range :  The expected salary range for this job requisition is between $85,600 - $107,000. In determining your salary, we will consider your experience and other job-related factors. Benefits : IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits  can be found on our website . Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.    




so

Assessing social media impact – a workshop at ScienceOnline #scioimpact

Assessing social media impact was one of the workshop sessions at November’s SpotOn London conference,




so

Share your experiences to create some SpotOn social media tips for scientists!

It ain’t a party if you can’t join us Towards the end of April, SpotOn




so

The high, hidden social and environmental costs of food in Kenya




so

Agronomy & Policy Solutions for Implementation of the African Fertilizer and Soil Health Action Plan




so

Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates

Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.

Dive into six things that are top of mind for the week ending Oct. 25.

1 - CSA: How to prevent “shadow AI” 

As organizations scale up their AI adoption, they must closely track their AI assets to secure them and mitigate their cyber risk. This includes monitoring the usage of unapproved AI tools by employees — an issue known as “shadow AI.”

So how do you identify, manage and prevent shadow AI? You may find useful ideas in the Cloud Security Alliance’s new “AI Organizational Responsibilities: Governance, Risk Management, Compliance and Cultural Aspects” white paper.

The white paper covers shadow AI topics including:

  • Creating a comprehensive inventory of AI systems
  • Conducting gap analyses to spot discrepancies between approved and actual AI usage
  • Implementing ways to detect unauthorized AI wares
  • Establishing effective access controls
  • Deploying monitoring techniques

 

 

“By focusing on these key areas, organizations can significantly reduce the risks associated with shadow AI, ensuring that all AI systems align with organizational policies, security standards, and regulatory requirements,” the white paper reads.

For example, to create an inventory that offers the required visibility into AI assets, the document explains different elements each record should have, such as:

  • The asset’s description
  • Information about its AI models
  • Information about its data sets and data sources
  • Information about the tools used for its development and deployment
  • Detailed documentation about its lifecycle, regulatory compliance, ethical considerations and adherence to industry standards
  • Records of its access control mechanisms

Shadow AI is one of four topics covered in the publication, which also unpacks risk management; governance and compliance; and safety culture and training.

To get more details, read:

For more information about AI security issues, including shadow AI, check out these Tenable blogs:

2 - Best practices for secure software updates

The security and reliability of software updates took center stage in July when an errant update caused massive and unprecedented tech outages globally.

To help prevent such episodes, U.S. and Australian cyber agencies have published “Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers.

“It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements,” reads the 12-page document.

Although the guide is aimed primarily at commercial software vendors, its recommendations can be useful for any organization with software development teams that deploy updates internally.

 

 

The guide outlines key steps for a secure software development process, including planning; development and testing; internal rollout; and controlled rollout. It also addresses errors and emergency protocols.

“A safe software deployment process should be integrated with the organization’s SDLC, quality program, risk tolerance, and understanding of the customer’s environment and operations,” reads the guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Australian Cyber Security Centre.

To get more details, read:

For more information about secure software updates:

3 - Report: GenAI, attack variety, data security drive cyber strategies

What issues act as catalysts for organizations’ cybersecurity actions today? Hint: They’re fairly recent concerns. The promise and peril of generative AI ranks first. It’s closely followed by the ever growing variety of cyberattacks; and by the intensifying urgency to protect data.

That’s according to CompTIA’s “State of Cybersecurity 2025” report, based on a survey of almost 1,200 business and IT pros in North America and in parts of Europe and Asia. 

These three key factors, along with others like the scale of attacks, play a critical role in how organizations currently outline their cybersecurity game plans.

“Understanding these drivers is essential for organizations to develop proactive and adaptive cybersecurity strategies that address the evolving threat landscape and safeguard their digital assets,” reads a CompTIA blog about the report.

Organizations are eagerly trying to understand both how generative AI can help their cybersecurity programs and how this technology is being used by malicious actors to make cyberattacks harder to detect and prevent.

Meanwhile, concern about data protection has ballooned in the past couple of years. “As organizations become more data-driven, the need to protect sensitive information has never been more crucial,” reads the blog.

Not only are organizations focused on securing data at rest, in transit and in use, but they’re also creating foundational data-management practices, according to the report.

“The rise of AI has accelerated the need for robust data practices in order to properly train AI algorithms, and the demand for data science continues to be strong as businesses seek competitive differentiation,” the report reads.

To get more details, read:

For more information about data security posture management (DSPM) and preventing AI-powered attacks, check out these Tenable resources:

4 - CISA lists software dev practices most harmful for security

Recommended best practices abound in the cybersecurity world. However, CISA and the FBI are taking the opposite tack in their quest to improve the security of software products: They just released a list of the worst security practices that software manufacturers ought to avoid.

Titled “Product Security Bad Practices,” the document groups the “no-nos” into three main categories: product properties; security features; and organizational processes and policies.

“It’s 2024, and basic, preventable software defects continue to enable crippling attacks against hospitals, schools, and other critical infrastructure. This has to stop,” CISA Director Jen Easterly said in a statement.

“These product security bad practices pose unacceptable risks in this day and age, and yet are all too common,” she added.

 

 

Here are some of the worst practices detailed in the document, which is part of CISA’s “Secure by Design” effort:

  • Using programming languages considered “memory unsafe”
  • Including user-provided input in SQL query strings
  • Releasing a product with default passwords
  • Releasing a product with known and exploited vulnerabilities
  • Not using multi-factor authentication
  • Failing to disclose vulnerabilities in a timely manner

Although the guidance is aimed primarily at software makers whose products are used by critical infrastructure organizations, the recommendations apply to all software manufacturers.

If you’re interested in sharing your feedback with CISA and the FBI, you can submit comments about the document until December 16, 2024 on the Federal Register.

To get more details, check out:

For more information about how to develop secure software:

5 - New EU law focuses on cybersecurity of connected digital products

Makers of digital products — both software and hardware — that directly or indirectly connect to networks and to other devices will have to comply with specific cybersecurity safeguards in the European Union.

A newly adopted law known as the “Cyber Resilience Act” outlines cybersecurity requirements for the design, development, production and lifecycle maintenance of these types of products, including IoT wares such as connected cars.

 

 

For example, it specifies a number of “essential cybersecurity requirements” for these products, including that they:

  • Aren’t shipped with known exploitable vulnerabilities
  • Feature a “secure by default” configuration
  • Can fix their vulnerabilities via automatic software updates
  • Offer access protection via control mechanisms, such as authentication and identity management
  • Protect the data they store, transmit and process using, for example, at-rest and in-transit encryption

“The new regulation aims to fill the gaps, clarify the links, and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components (...) are made secure throughout the supply chain and throughout their lifecycle,” reads a statement from the EU’s European Council.

The law will “enter into force” after its publication in the EU’s official journal and will apply and be enforceable 36 months later, so most likely in October 2027 or November 2027. However, some of its provisions will be enforceable a year prior.

For more information and analysis about the EU’s Cyber Resilience Act:

VIDEO

The EU Cyber Resilience Act: A New Era for Business Engagement in Open Source Software (Linux Foundation) 

6 - UK cyber agency: CISOs must communicate better with boards

CISOs and boards of directors are struggling to understand each other, and this is increasing their organizations’ cyber risk, new research from the U.K.’s cyber agency has found.

For example, in one alarming finding, 80% of respondents, which included board members, CISOs and other cyber leaders in medium and large enterprises, confessed to being unsure of who is ultimately accountable for cybersecurity in their organizations.

“We found that in many organisations, the CISO (or equivalent role) thought that the Board was accountable, whilst the Board thought it was the CISO,” reads a blog about the research titled “How to talk to board members about cyber.

As a result, the U.K. National Cyber Security Centre (NCSC) has released new guidance aimed at helping CISOs better communicate with their organizations’ boards titled “Engaging with Boards to improve the management of cyber security risk.

“Cyber security is a strategic issue, which means you must engage with Boards on their terms and in their language to ensure the cyber risk is understood, managed and mitigated,” the document reads.

Here’s a small sampling of the advice:

  • Understand your audience, including who are the board’s members and their areas of expertise; and how the board works, such as its meeting formats and its committees.
  • Talk about cybersecurity in terms of risks, and outline these risks concretely and precisely, presenting them in a matter-of-fact way.
  • Don’t limit your communication with board members to formal board meetings. Look for opportunities to talk to them individually or in small groups outside of these board meetings.
  • Elevate the discussions so that you link cybersecurity with your organization’s business challenges, goals and context.
  • Aim to provide a holistic view, and avoid using technical jargon.
  • Aim to advise instead of to educate.




so

Cybersecurity Snapshot: CISA Warns of Global Spear-Phishing Threat, While OWASP Releases AI Security Resources

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 


Other CISA recommendations include:

  • Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
  • Educate users on how to spot suspicious emails
  • Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.

For more information about securing RDP tools:

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.



These are the new resources:

  • The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
    • preparation
    • detection and analysis
    • containment eradication and recovery
    • post-incident activity
  • The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
    • Generative AI security policies
    • Risk assessment and management processes
    • Training and awareness
    • Research and development
  • The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.


(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

  • SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
  • LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
  • ClearFake, another JavaScript downloader used for fake browser-update attacks
  • ZPHP, another JavaScript downloader used for fake software-update attacks
  • Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
  • CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
  • Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
  • Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
  • NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
  • Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:


VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

  • Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
  • Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
  • Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.


“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:




so

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

  1. 4Critical
  2. 82Important
  3. 1Moderate
  4. 0Low

Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild.

Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one rated moderate.

This month’s update includes patches for:

  • .NET and Visual Studio
  • Airlift.microsoft.com
  • Azure CycleCloud
  • Azure Database for PostgreSQL
  • LightGBM
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office Word
  • Microsoft PC Manager
  • Microsoft Virtual Hard Drive
  • Microsoft Windows DNS
  • Role: Windows Hyper-V
  • SQL Server
  • TorchGeo
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory Certificate Services
  • Windows CSC Service
  • Windows DWM Core Library
  • Windows Defender Application Control (WDAC)
  • Windows Kerberos
  • Windows Kernel
  • Windows NT OS Kernel
  • Windows NTLM
  • Windows Package Library Manager
  • Windows Registry
  • Windows SMB
  • Windows SMBv3 Client/Server
  • Windows Secure Kernel Mode
  • Windows Task Scheduler
  • Windows Telephony Service
  • Windows USB Video Driver
  • Windows Update Stack
  • Windows VMSwitch
  • Windows Win32 Kernel Subsystem

Remote code execution (RCE) vulnerabilities accounted for 58.6% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 29.9%.

Important

CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability

CVE-2024-43451 is a NTLM hash spoofing vulnerability in Microsoft Windows. It was assigned a CVSSv3 score of 6.5 and is rated as important. An attacker could exploit this flaw by convincing a user to open a specially crafted file. Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. According to Microsoft, CVE-2024-43451 was exploited in the wild as a zero-day. No further details about this vulnerability were available at the time this blog post was published.

This is the second NTLM spoofing vulnerability disclosed in 2024. Microsoft patched CVE-2024-30081 in its July Patch Tuesday release.

Important

CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability

CVE-2024-49039 is an EoP vulnerability in the Microsoft Windows Task Scheduler. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker with local access to a vulnerable system could exploit this vulnerability by running a specially crafted application. Successful exploitation would allow an attacker to access resources that would otherwise be unavailable to them as well as execute code, such as remote procedure call (RPC) functions.

According to Microsoft, CVE-2024-49039 was exploited in the wild as a zero-day. It was disclosed to Microsoft by an anonymous researcher along with Vlad Stolyarov and Bahare Sabouri of Google's Threat Analysis Group. At the time this blog post was published, no further details about in-the-wild exploitation were available.

Important

CVE-2024-49019 | Active Directory Certificate Services Elevation of Privilege Vulnerability

CVE-2024-49019 is an EoP vulnerability affecting Active Directory Certificate Services. It was assigned a CVSSv3 score of 7.8 and is rated as important. It was publicly disclosed prior to a patch being made available. According to Microsoft, successful exploitation would allow an attacker to gain administrator privileges. The advisory notes that “certificates created using a version 1 certificate template with Source of subject name set to ‘Supplied in the request’” are potentially impacted if the template has not been secured according to best practices. This vulnerability is assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. Microsoft’s advisory also includes several mitigation steps for securing certificate templates which we highly recommend reviewing.

Important

CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability

CVE-2024-49040 is a spoofing vulnerability affecting Microsoft Exchange Server 2016 and 2019. It was assigned a CVSSv3 score of 7.5 and rated as important. According to Microsoft, this vulnerability was publicly disclosed prior to a patch being made available. After applying the update, administrators should review the support article Exchange Server non-RFC compliant P2 FROM header detection. The supplemental guide notes that as part of a “secure by default” approach, the Exchange Server update for November will flag suspicious emails which may contain “malicious patterns in the P2 FROM header.” While this feature can be disabled, Microsoft strongly recommends leaving it enabled to provide further protection from phishing attempts and malicious emails.

Critical

CVE-2024-43639 | Windows Kerberos Remote Code Execution Vulnerability

CVE-2024-43639 is a critical RCE vulnerability affecting Windows Kerberos, an authentication protocol designed to verify user or host identities. It was assigned a CVSSv3 score of 9.8 and is rated as “Exploitation Less Likely.”

To exploit this vulnerability, an unauthenticated attacker needs to leverage a cryptographic protocol vulnerability in order to achieve RCE. No further details were provided by Microsoft about this vulnerability at the time this blog was published.

Important

29 CVEs | SQL Server Native Client Remote Code Execution Vulnerability

This month's release included 29 CVEs for RCEs affecting SQL Server Native Client. All of these CVEs received CVSSv3 scores of 8.8 and were rated as “Exploitation Less Likely.” Successful exploitation of these vulnerabilities can be achieved by convincing an authenticated user into connecting to a malicious SQL server database using an affected driver. A full list of the CVEs are included in the table below.

CVEDescriptionCVSSv3
CVE-2024-38255SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-43459SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-43462SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48993SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48994SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48995SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48996SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48997SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48998SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-48999SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49000SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49001SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49002SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49003SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49004SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49005SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49006SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49007SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49008SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49009SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49010SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49011SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49012SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49013SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49014SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49015SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49016SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49017SQL Server Native Client Remote Code Execution Vulnerability8.8
CVE-2024-49018SQL Server Native Client Remote Code Execution Vulnerability8.8
Important

CVE-2024-43602 | Azure CycleCloud Remote Code Execution Vulnerability

CVE-2024-43602 is a RCE vulnerability in Microsoft’s Azure CycleCloud, a tool that helps in managing and orchestrating High Performance Computing (HPC) environments in Azure. This flaw received the highest CVSSv3 score of the month, a 9.9 and was rated as important. A user with basic permissions could exploit CVE-2024-43602 by sending specially crafted requests to a vulnerable AzureCloud CycleCloud cluster to modify its configuration. Successful exploitation would result in the user gaining root permissions, which could then be used to execute commands on any cluster in the Azure CycleCloud as well as steal admin credentials.

Tenable Solutions

A list of all the plugins released for Microsoft’s November 2024 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.




so

Social Media for Science Outreach – A Case Study: Career changing and pseudonyms

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case




so

Social Media for Science Outreach – A Case Study: Marine Science & Conservation Outreach

A twitter TeachIn about marine protected areas, hosted by @RJ_Dunlap on 4/8/2013




so

Social Media for Science Outreach – A Case Study: The Beagle Project, Galapagos Live & ISS Wave

Selected responses categorized into 'helped', 'helped and harmed' and 'harmed'.




so

Social Media for Science Outreach – A Case Study: AntarcticGlaciers.org

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case




so

Social Media for Science Outreach – A Case Study: Chemicals Are Your Friends

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case




so

Social Media for Science Outreach – A Case Study: National Science Foundation-funded IGERT project team

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case




so

Social Media for Science Outreach – A Case Study: TEDMED Great Challenges

To tie in with this month’s SoNYC birthday celebrations, we are hosting a collection of case




so

Social Media for Science Outreach – A Case Study: Lessons From a Campaign Twitter Account

James King is a geomorphologist interested in exploring the processes that govern sediment transport and




so

OSC seeks applications for the Registrant Advisory Committee

TORONTO – The Ontario Securities Commission (OSC) is inviting applications for membership on its Registrant Advisory Committee (RAC or the Committee).




so

Capital Markets Tribunal seeks applications for the Securities Proceedings Advisory Committee

TORONTO – The Capital Markets Tribunal is seeking applications for membership to the Securities Proceedings Advisory Committee (SPAC).




so

CSA provides update on binding dispute resolution

TORONTO – The Canadian Securities Administrators (CSA) is providing an update to interested parties on the status of its work to introduce binding authority for an independent dispute resolution service.




so

SpotOn London 2012: My not-so-secret-anymore double life: Juggling research and science communication

Dr Anne Osterrieder is a Research and Science Communication Fellow in Plant Cell Biology at the Department of




so

SpotOn London 2013 Storify: The Dark Art of Dark Social: Email, the antisocial medium which will not die

Here is a Storify collecting the online conversations from the, “The Dark Art of Dark