Achieve Federal-Grade M365 Security: Governing with Qualys SSPM and SCuBA

Qualys SaaS Security Posture Management SSPM introduces native support for the Secure Cloud Business Applications SCuBA compliance framework, bringing CISA's toughest M365 security benchmarks directly into your continuous posture monitoring workflow. Key Takeaways CISA’s Secure Cloud Business...

State-sponsored actors, better known as the friends you don’t want

State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months. Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. From logging and baselines to OT segmentation and suppl...

Reducing Cloud Chaos: Rapid7 Partners with ARMO to Deliver Cloud Runtime Security

Rapid7 has partnered with ARMO, a leader in cloud infrastructure and application security based on runtime data, to offer Cloud Runtime Security. The new offering, currently in beta, extends our vulnerability and exposure management solution, Exposure Command, into the moment where cloud risk...

What Is Continuous Threat Monitoring? A Full Guide

Relying on periodic security scans is like checking your rearview mirror once every ten miles on a busy highway. You get a snapshot of what’s behind you, but you miss the real-time dangers closing in. This reactive approach leaves dangerous gaps for attackers to exploit, keeping your security tea...

RedBench: A Universal Dataset for Comprehensive Red Teaming of Large Language Models

As large language models LLMs become integral to safety-critical applications, ensuring their robustness against adversarial prompts is paramount. However, existing red teaming datasets suffer from inconsistent risk categorizations, limited domain coverage, and outdated evaluations, hindering...

A Novel and Practical Universal Adversarial Perturbations against Deep Reinforcement Learning Based Intrusion Detection Systems

Intrusion Detection Systems IDS play a vital role in defending modern cyber physical systems against increasingly sophisticated cyber threats. Deep Reinforcement Learning-based IDS, have shown promise due to their adaptive and generalization capabilities. However, recent studies reveal their...

9 Key Areas to Monitor for Potential Security Threats

The old "castle-and-moat" approach to security is a thing of the past. Your organization's perimeter is no longer a single, defensible line; it's a distributed and porous collection of remote employees, cloud services, and third-party vendors. Every connection is a potential entry point, and your...

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency CISA and National Security Agency NSA, along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative...

EUVD-2004-2583

Malware in sbrugna...

Sentinel: SOTA Model to Protect against Prompt Injections

Large Language Models LLMs are increasingly powerful but remain vulnerable to prompt injection attacks, where malicious inputs cause the model to deviate from its intended instructions. This paper introduces Sentinel, a novel detection model, qualifire/prompt-injection-sentinel, based on the...

MADCAT: Combating Malware Detection under Concept Drift with Test-Time Adaptation

We present MADCAT, a self-supervised approach designed to address the concept drift problem in malware detection. MADCAT employs an encoder-decoder architecture and works by test-time training of the encoder on a small, balanced subset of the test-time data using a self-supervised objective. Duri...

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

The U.S. Cybersecurity and Infrastructure Security Agency CISA has issued Binding Operational Directive BOD 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications SCuBA secure configuration baselines. "Recent cybersecurity...

What are the impacts of FedRAMP® Rev. 5?

The FedRAMP PMO released the final Rev. 5 security control baselines and transition guidance for cloud service providers CSPs who have achieved authorization to operate ATO and those still in the planning stages. All CSPs should review the guidance as soon as possible and start developing a plan...

Using Service Control Policies to protect security baselines

Service Control Policies SCPs can be a great way to prevent actions from happening in AWS accounts. In this post, we will illustrate a specific use case of SCPs that protects the security baseline, or landing zone, configuration you’ve created for accounts...

Why FedRAMP High Authorization Can Ensure High Cybersecurity Maturity

The Federal Risk and Authorization Management Program FedRAMP is a U.S. government initiative that promotes the adoption of secure cloud services across the U.S. federal government by providing a standardized approach to security and risk assessment for cloud technologies. FedRAMP reduces...

CISA Requests for Comment on Microsoft 365 Security Configuration Baselines

CISA has issued requests for comment RFCs on eight Microsoft 365 security configuration baselines as part of the Secure Cloud Business Application SCuBA project to secure federal civilian executive branch agencies’ FCEB cloud environments. The baselines: • Build on and integrate previous security...

Defending critical infrastructure is imperative

The Cybersecurity Tech Accord’s upcoming webinar and the importance of public-private partnership Today, cyberattacks from increasingly sophisticated actors threaten organizations across every sector, and whether a Fortune 500 company or a local bakery, organizations of all sizes need to take ste...

CVE-2017-17833

A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution...

[Lynis v1.3.8] The Unix/Linux Hardening tool

Lynis is a security tool to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan ...

CVE-2004-2592

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service application crash via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines...