Cloud Security Alliance News Clipping Site

Tag: threat assessment

  • Hacker News: Listen to the whispers: web timing attacks that work

    by

    system automation
    in

    Source URL: https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work Source: Hacker News Title: Listen to the whispers: web timing attacks that work Feedly Summary: Comments AI Summary and Description: Yes **Summary:** This text introduces novel web timing attack techniques capable of breaching server security by exposing hidden vulnerabilities, misconfigurations, and attack surfaces more effectively than previous methods. It emphasizes the practical…

  • Slashdot: Chinese Attackers Accessed Canadian Government Networks For Five Years

    by

    system automation
    in

    Source URL: https://news.slashdot.org/story/24/10/31/1956250/chinese-attackers-accessed-canadian-government-networks-for-five-years?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Chinese Attackers Accessed Canadian Government Networks For Five Years Feedly Summary: AI Summary and Description: Yes Summary: Canada’s Communications Security Establishment (CSE) has reported a sustained cyber campaign by China targeting Canadian government and private sectors, emphasizing the severity of the threats. The report identifies espionage and intellectual property…

  • CSA: FedRAMP & Compliance as Code: Insights from the OMB

    by

    system automation
    in

    Source URL: https://cloudsecurityalliance.org/articles/fedramp-loves-compliance-as-code-insights-from-the-omb-s-recent-memo Source: CSA Title: FedRAMP & Compliance as Code: Insights from the OMB Feedly Summary: AI Summary and Description: Yes Summary: The recent memorandum from the Office of Management and Budget (OMB) aims to modernize the Federal Risk and Authorization Management Program (FedRAMP), enhancing cloud security across the Federal government. Key highlights include…

  • The Register: Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/09/23/splinter_red_team_tool/ Source: The Register Title: Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town Feedly Summary: No malware crew linked to this latest red-teaming tool yet Attackers are using Splinter, a new post-exploitation tool, to wreak havoc in victims’ IT environments after initial infiltration, utilizing capabilities such as executing Windows commands,…