Dragos announces partnership with Cisco

In a blog released yesterday, Dragos announced that they are partnering with Cisco to provide industrial network defenders with a unified IT and OT cybersecurity solution that will make industrial networks more secure and resilient.

The Dragos Platform will integrate with Cisco Adaptive Security Appliance (ASA) firewalls, enabling joint customers to proactively prevent unknown cybersecurity threats that impact both IT and OT environment.

This technology integration aims to allow defenders to have asset visibility across IT and OT networks, to identify risks, reduce attack paths, and secure a wider range of environments. The partnership addresses increasing demand for security teams to have a broader view of the entire network, including IT and OT, where they often have limited visibility. Similarly, threats to ICS are increasing in frequency and sophistication, so it is important to provide analysts with improved, complete situational awareness and decision-making support.

Together, this solution protects OT assets from potential threats, segments industrial networks, and builds compliance towards a variety of industrial standards, regulations, and guidelines such as NERC-CIP, ISA/IEC 62443, CFATS, and ANSI/AWWA G430.

By leveraging integrated technology from Cisco and Dragos, defenders can ensure they have maximum visibility across both IT and OT networks, improving overall threat detection, response, and mitigation time when an adverse event does occur, and speed and efficacy are necessary to ensure effectiveness is sustained.

 

The post Dragos announces partnership with Cisco appeared first on IT Security Guru.

LeakBase Announces Swachhata Platform Breached, 16 Million User PII Records Exposed

Yesterday, data breach notification website Leakbase said someone allegedly hacked the Swachhata Platform in India and stole 16 million user records.

Security researchers at CloudSEK , reported the news as they discovered a post by Leakbase sharing data samples containing personally identifiable information (PII), including email addresses, hashed passwords and user IDs.

Earlier this week, an advisory published by CloudSEK reported that 6GB of compromised data from the  Swachhata Platform – an initiative in association with the Ministry of Housing and Urban Affairs of India – is being shared via a popular file–hosting platform.

“[Leakbase is] previously known from providing reliable information and data breaches from companies around the world,” wrote CloudSEK. “[Threat actors on the platform] often operate for financial gain and conduct sales on their marketplace forum Leakbase.”

The platform in 2017 was at the center of a massive data breach at Taringa, a Reddit–like social network website for Latin American users.

Further to this, CloudSEK said Leakbase users often offer access to admin panels and servers of several content management systems (CMSs), allegedly gained via unauthorized means and sold for monetary profit.

“This information can be aggregated to further be sold as leads on cybercrime forums,” the company wrote.

In addition, the security experts said the data could be harvested by threat actors to conduct phishing, smishing and social engineering attacks.

In order to mitigate the impact of attacks like this, CloudSEK recommended system administrators to implement a strong password policy and enable multi–factor authentication (MFA) across logins.

It’s recommended that vulnerable and exploitable endpoints should be patched, and user account anomalies that could indicate possible account takeovers monitored regularly.

To conclude, CloudSEK said companies should monitor cybercrime forums to keep up with the latest tactics employed by threat actors.

It appears that the alleged data leak comes days after Optus was hit by a cyber–attack that exposed the data of at least 10,000 Australians.

The post LeakBase Announces Swachhata Platform Breached, 16 Million User PII Records Exposed appeared first on IT Security Guru.

The Linux Foundation Announces Keynote Speakers for Open Source Summit Europe 2022

Global visionaries headline the premier open source event in Europe to share on OSS adoption in Europe, driving the circular economy, finding inspiration through the pandemic, supply chain security and more. SAN FRANCISCO, August 4, 2022 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the keynote speakers for Open Source Summit…

Source

The post The Linux Foundation Announces Keynote Speakers for Open Source Summit Europe 2022 appeared first on Linux.com.

CREST membership body announces OWASP Verification Standard programme

CREST, the international not-for-profit, membership body representing the global cyber security industry, in consultation with the Open Web Application Security Project (OWASP), has launched the OWASP Verification Standard (OVS), a new quality assurance standard for the global application security industry. CREST OVS provides mobile and web app developers with greater security assurance and accredited organisations with enhanced access to the growing app development industry.

CREST OVS measures an organisation’s ability to execute and deliver assessments related to Level 1 and Level 2 of the OWASP Application Security Verification Standard (ASVS) and OWASP Mobile Application Security Verification Standard (MASVS). The ASVS and MASVS are OWASP projects which have been developed by the technical AppSec community to establish an open-source framework of security requirements needed to design, develop and test secure mobile and web applications.

“CREST OVS sets new standards in web and mobile application security to provide the buyers of application security assessment services with the highest level of assurance,” said Rowland Johnson, president of CREST. “The programme has a series of explicit requirements that are designed to assess and harness the capabilities of an organisation, along with the skills and competencies of its individual security testers.”

CREST says it has been working closely with governments, regulators and multinational organisations focused on improving application security and it is expected that there will be high demand for both CREST OVS Mobile and CREST OVS Apps accredited services.

By leveraging ASVS and MASVS, it means CREST is now formally supporting the open-source community to build and maintain global standards.  “Both CREST and OWASP are non-profit organisations and we share a vision of increasing collaboration and open standards across the industry to build and maintain global cyber security standards,” added, Johnson.

Andrew van der Stock, Executive Director of the OWASP Foundation said: “This is a positive move for worldwide corporate and government adoption of the ASVS and MASVS projects. While the OWASP Top 10 risks project has built vital awareness of the importance of Application Security, I am excited to see the move towards using standards such as ASVS and MASVS to help organisations improve their application security in a structured and comprehensive way.”

To apply for the OVS programme, companies need to be accredited to the CREST Penetration Testing discipline. Organisations must also demonstrate at corporate level that they can meet the program requirements to execute and deliver Level 1 and Level 2 ASVS and MASVS services.

In addition, all organisations will need to ensure that their teams have completed CREST’s Skilled Person Register and have each signed the CREST Code of Conduct. For more information on eligibility and how to become CREST OVS accredited, have a look at the OVS pages on the CREST website.

The post CREST membership body announces OWASP Verification Standard programme appeared first on IT Security Guru.

Cato Networks Announces New Data Loss Prevention Engine & SSE 360

Cato Networks, global SASE cloud provider, just announced the release of their new Data Loss Prevention (DLP) engine. Part of Cato’s SSE architecture, the DLP is meant to offer protection of data as well as prevention of loss of data across organisation software and applications. 

Historically, DLP has been considered complex and operationally complicated. With inaccuracies in traffic routing and a limited scope of protection, DLP left some issues to the wayside such as disruptions to daily organisational operations. 

Cato DLP, however, reportedly solves this issue. Consolidated within Cato SPACE (Single Pass Cloud Engine) architecture, the DLP can widely view and control all traffic at all times. Utilising machine learning for smarter data protection, Cato DLP streamlines what was once imperfect and largely unconsolidated.  

But that’s not all. Cato Networks has also announced their SSE 360 platform release, with which the DLP will be converged. Extending beyond typical SSE functionality, SSE 360 sets its sights on the optimisation, control, and visibility of internet traffic, WAN, and the entire cloud. 

CEO and co-founder of Cato Networks, Shlomo Kramer, noted: “Traditional SSE architectures alone are not enough to protect the enterprise. They have limited visibility and control over WAN traffic which drives the need for multiple networking and security architectures. What’s needed is one architecture that can provide visibility into and control over all traffic to all applications and resources from all endpoints. Cato SSE 360 is the first SSE solution to meet that challenge.” 

Here at IT Security Guru, we are looking forward to seeing Cato DLP and SSE 360 in action. 

The post Cato Networks Announces New Data Loss Prevention Engine & SSE 360 appeared first on IT Security Guru.

FBI Director Announces an Expected Onslaught of Digital Assaults Targeting Midterm Elections

The FBI is preparing for a wave of multilayered digital assaults and disinformation campaigns targeting the 2022 US midterm election process.

The perpetrators of these attacks are likely to be the state governments of China, Russia and Iran with the goal of sewing confusion and mistrust in the process.

Systematic influence operations “cause panic or lack of confidence in our election infrastructure,” FBI director Christopher Wray said during a cybersecurity conference at Fordham University in New York City on Tuesday.

To address this reality, the FBI is working closely with US Cyber Command to maintain an active stance against threats. Wray said that, when in “combat tempo” the two teams were in touch every two hours regardless of any new events.

This relationship creates a far more resilient elections security model but is facing a constantly evolving threat.

National Security Agency Director Gen. Paul Nakasone said that threat actors have shown a strong capacity for innovation and were constantly unveiling new weapons and new strategies.

“It went from just sort of sowing divisiveness and discord through social media, fake personas, that kind of thing, into a much more multidisciplinary type of threat,” Wray said.

 

The post FBI Director Announces an Expected Onslaught of Digital Assaults Targeting Midterm Elections appeared first on IT Security Guru.

SODA Foundation Announces 2022 Data & Storage Trends Survey

To address evolving Data and Storage needs throughout the industry, SODA Foundation, in partnership with Linux Foundation Research, is once again conducting a survey to provide insights into challenges, gaps, and trends for data and storage in the era of cloud native, edge, AI, and 5G. The results will serve to guide the SODA Foundation technical direction and ecosystem. With this survey, we seek to answer:

What are the data & storage challenges faced by end users?What are the key trends shaping the data & storage industry?Which open source data & storage projects are users interested in?What cloud strategies are being adopted by businesses?

Through new insights generated from the data and storage community, end users will be better equipped to make decisions, vendors can improve their products, and the SODA Foundation can establish new technical directions — and beyond!

Please participate now; we intend to close the survey in August.

Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be displayed in the final results. 

This survey should take no more than 15 minutes of your time. 

To take the 2022 SODA Foundation Data & Storage Trends Survey, click the button below in your choice of English, Chinese, and Japanese.

BONUS

As a thank you for participating in this research, once you have completed the survey, a code will be displayed on the confirmation page, which can be used for a 25% discount on any Linux Foundation training course or certification exam listed in our catalog: https://training.linuxfoundation.org/full-catalog/ 

PRIVACY

Your name and company name will not be displayed. Reviews are attributed to your role, company size, and industry. Responses will be subject to the Linux Foundation’s Privacy Policy, available at https://linuxfoundation.org/privacy. Please note that members of the SODA Foundation survey committee who are not LF employees will review the survey results. If you do not want them to have access to your name or email address in connection with the survey, please do not provide your name or email address.

VISIBILITY

We will summarize the survey data and share the learnings later this year on the SODA website. In addition, we will produce an in-depth survey report which will be shared with all survey participants.

ABOUT SODA FOUNDATION

The SODA Foundation is an open source project under the Linux Foundation that aims to foster an ecosystem of open source data management and storage software for data autonomy. SODA Foundation offers a neutral forum for cross-project collaboration and integration and provides end-users with quality end-to-end solutions. We intend to use this survey data to help guide the SODA Foundation and its surrounding ecosystem on important issues.

PARTNERS

We are grateful for the support of our many survey distribution partners, including:

China Electronics Standardization Institute (CESI)China Open Source Cloud League (COSCL)Chinese Software Developer Network (CSDN)Cloud Computing Innovation Council of India (CCICI)Cloud Native Computing Foundation (CNCF)Electronics For You (EFY)IEEE Bangalore SectionJapan Data Storage Forum (JDSF)Mulan ProjectOpen Infra Foundation (OIF)Storage Networking Industry Association (SNIA)

QUESTIONS

If you have questions regarding this survey, please email us at survey@sodafoundation.io or ask us on Slack at https://sodafoundation.io/slack/

Sign up for the SODA Newsletter at https://sodafoundation.io/

The post SODA Foundation Announces 2022 Data & Storage Trends Survey appeared first on Linux Foundation.

The post SODA Foundation Announces 2022 Data & Storage Trends Survey appeared first on Linux.com.

Open Mainframe Project Announces Schedule for the 3rd Annual Open Mainframe Summit on September 21-21 in Philadelphia, PA

 The first-ever in-person Summit will focus on security, training, AI, Linux on Z and Cloud Native  and will be accessible online for attendees around the world

SAN FRANCISCO, July 13, 2022 The Open Mainframe Project, an open source initiative that enables collaboration across the mainframe community to develop shared tool sets and resources, announces the schedule for the 3rd annual Open Mainframe Summit, which will be in-person in Philadelphia, PA, and streaming online for global attendees. This year’s theme focuses on security, which is top of mind for every company that uses mainframes.

Critical enterprise systems are more connected than ever, which means vulnerabilities have increased. In fact, according to The Essential Holistic Security Strategy, a recent report by Forrester Consulting, commissioned by Open Mainframe Project Silver Member BMC, 81 percent of organizations surveyed are prioritizing the integration of security functions and improving security detection and response.

This year will highlight security as it relates to all aspects of mainframes and beyond including cloud native services, automation, software supply chain management and more. The Summit will also highlight projects such as Zowe and COBOL, education and training topics that will offer seasoned professionals, developers, students and thought leaders an opportunity to share best practices and network with like-minded individuals.

Some of the security sessions include:

Integrate the Mainframe into Your Broader IT Security Strategy – Misty Decker, Director of Product Marketing, Micro FocusSafe Cloud Native Services in the World of Zero Trust – Alan Clark, Member of the CTO Office, SUSEManaging Open Source Vulnerabilities on Mainframe – Emre Tunar, Director of Software Engineering – Mainframe Security, BroadcomA Framework to Automate Cybersecurity Controls and Regulatory Controls on IBM zSystems and LinuxOne environments – Pradeep Parameshwaran, Lead Architect, Security and Compliance on IBM Z and LinuxONE

Additionally, David Wheeler, Open Source Supply Chain Security Director at the Linux Foundation, will also give a keynote.  

Other highlights include:

Customer Success Stories Incorporating Zowe in Their z/OS Transformation and Modernization Journeys – Joe Winchester, Senior Technical Staff Member, IBMMeet the Future of COBOL – Hartanto Ario Widjaya, Singapore Management University; Caitlin Mooney, Student Mentor, New Jersey Institute of Technology; Jade Walker, ZDP Trainee, M&T Bank; and Angie Rositilia Mejia, Student, East Carolina UniversityThe New Workforce: Integrating the Next Generation with the Greatest Generation – Spencer Hallman, Lead Product Manager, BMCHow to Monitor and Manage Mainframe and Storage Performance Metrics Utilizing Voice and OpenSource Software Tools – Justin Santer, Application Developer and Software Engineer; Vincent Terrone, Senior Enterprise Solutions Architect;  John Wolfgang, Senior Storage Systems Architect; and Len Santalucia, CTO, Vicom Infinity, A Converge CompanyZowe Reaches Orbit, Now What Mission Control (keynote) – Peter Wassel, Director of Product Management, DevOps and Open Mainframe; George DeCandio, Chief Technology Officer; BroadcomDemystified: Put Your Web App on the Zowe Desktop in a Flash – Robert Blum, Senior Software Developer, Phoenix Software InternationalMainframe Open Education – Fostering the Stewardship of Education Resources – Lauren Valenti, Director of Mainframe Education and Customer Engagement, Broadcom and Viviane De Padua Diogo Sanches, Skill and Enablement Leader, Kyndryl

See the full conference schedule here.

Open Mainframe Project would like to thank this year’s Open Mainframe Summit planning committee including Alan Clark, CTO Office and Director for Industry Initiatives, Emerging Standards and Open Source at SUSE; Donna Hudi, Chief Marketing Officer at Phoenix Software; Elizabeth K. Joseph, Developer Advocate at IBM; and Michael Bauer, Staff Product Owner at Broadcom, Inc.

Early bird pricing ($500 US) for in-person attendees ends on July 15. Registration for academia is $50 for in-person and $15 for a virtual pass. Register here.

Open Mainframe Summit is made possible thanks to Platinum Sponsors Broadcom Mainframe Software, IBM, and SUSE and Gold Sponsors BMC, Micro Focus and Vicom Infinity, a Converge Company. For information on becoming an event sponsor, click here by August 5. 

Members of the press who would like to request a press pass to attend should contact Maemalynn Meanor at maemalynn@linuxfoundation.org.

About the Open Mainframe Project

The Open Mainframe Project is intended to serve as a focal point for deployment and use of Linux and Open Source in a mainframe computing environment. With a vision of Open Source on the Mainframe as the standard for enterprise class systems and applications, the project’s mission is to build community and adoption of Open Source on the mainframe by eliminating barriers to Open Source adoption on the mainframe, demonstrating value of the mainframe on technical and business levels, and strengthening collaboration points and resources for the community to thrive. Learn more about the project at https://www.openmainframeproject.org.

About The Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

A

O

The post Open Mainframe Project Announces Schedule for the 3rd Annual Open Mainframe Summit on September 21-21 in Philadelphia, PA appeared first on Linux Foundation.

The post Open Mainframe Project Announces Schedule for the 3rd Annual Open Mainframe Summit on September 21-21 in Philadelphia, PA appeared first on Linux.com.

The Linux Foundation Announces Conference Schedule for Open Source Summit Europe 2022

The premier event in Europe for open source code and community contributors features 200+ sessions across 13 micro-conferences, covering the pivotal topics and technologies at the core of open source.

SAN FRANCISCO, July 12, 2022 —  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the full schedule for Open Source Summit Europe, the leading conference for open source developers, technologists, and community leaders. The event is taking place September 13-16 in Dublin, Ireland and virtually. The schedule can be viewed here.

OS Summit Europe will feature a robust program of 325+ talks across 13 micro-conferences covering the most essential and cutting edge topics in open source: Linux Systems, Supply Chain Security, AI + Data, OSPOs, Community Leadership, Embedded IoT, Cloud, Diversity, Containers, Embedded Linux and more.

2022 Conference Session Highlights Include:

LinuxConContainers as an Illusion – Michael Kerrisk, man7.orgHow to Report Your Linux Kernel Bug – Thorsten Leemhuis
Embedded Linux ConferenceBooting Automotive ECUs Really Fast with Modern Security Features – Brendan Le Foll, BMW Car IT GmbHFrom a Security Expert’s Diary: DOs and DON’Ts when Choosing Software for Your Next Embedded Product – Marta Rybczynska, Syslinbit
CloudOpenAddressing the Transaction Challenge in a Cloud-native World – Grace Jansen, IBMThe Challenges and Solutions of Open Edge Infrastructures – Ildiko Vancsa, Open Infrastructure Foundation
OSPOConBuilding a Team for the Upstream: Things We Learned Building InnerSource Teams for Open Source Impact – Emma Irwin, MicrosoftA Practical Guide for Outbound Open Source – Which Scales and Can Be Adapted Easily for Companies of Different Size – Oliver Fendt, Siemens AG
Critical Software SummitThe Unexpected Demise of Open Source Libraries – Liran Tal, SnykAddress Space Isolation for Enhanced Safety of the Linux Kernel – Igor Stoppa, NVIDIA
Emerging OS ForumDemystifying the WASM Landscape: A Primer – Divya Mohan, SUSEHow Open Source Helps a Grid Operator with the Challenges of the Energy Transition – Jonas van den Bogaard & Nico Rikken, Alliander
SupplyChainSecurityConComposing the Ultimate SBOM – Ivana Atanasova & Velichka Atanasova, VMwareFrom Kubernetes With Open Tools For Open, Secure Supply Chains – Adolfo García Veytia, Chainguard
Diversity Empowerment SummitOvercoming Imposter Syndrome to Become a Conference Speaker! – Dawn Foster, VMwareTeaching Collaboration to the Next Generation of Open Source Contributors – Ruth Suehle, Red Hat
Open Source On-RampDebugging Embedded Linux – Marta Rybczynska, SyslinbitGetting Started with Kernel-based Virtual Machine (KVM) – Leonard Sheng Sheng Lee, Computas
Open AI + Data Forum Beyond Neural Search: Hands-on Tutorial on Building Cross-Modal/Multi-Modal Solution with Jina AI – Han Xiao & Sami Jaghouar, Jina AITruly Open Lineage – Mandy Chessell, Pragmatic Data Research Ltd
ContainerConEvaluation of OSS Options to Build Container Images – Matthias Haeussler, NovatecInteractive Debugging of Dockerfile With Buildg – Kohei Tokunaga, NTT Corporation
Community Leadership ConferencePanel Discussion: Growing Open Source in the Irish Government – Clare Dillon, Open Ireland Network; Tony Shannon, Department of Public Expenditure & Reform in Government of Ireland; Tim Willoughby, An Garda Síochána, Ireland’s Police Service; Gar Mac Criosta, Linux Foundation Public Health; John Concannon, Department of Foreign AffairsDev Team Metrics that Matter – Avishag Sahar, LinearB
Embedded IoT Summit Design of an Open Source, Modular, 5G Capable, Container Based, Scientific Data Capture Hexacopter – Mauro Borrageiro & Ngoni Mombeshora, University of Cape TownContributing to Zephyr vs (Linux and U-boot) – Parthiban Nallathambi, Linumiz

Keynote speakers will be announced in the coming weeks. 

Registration (in-person) is offered at the early price of $850 through July 17. Registration to attend virtually is $25. Members of The Linux Foundation receive a 20 percent discount off registration and can contact events@linuxfoundation.org to request a member discount code. 

Applications for diversity and need-based scholarships are currently being accepted. For information on eligibility and how to apply, please click here. The Linux Foundation’s Travel Fund is also accepting applications, with the goal of enabling open source developers and community members to attend events that they would otherwise be unable to attend due to a lack of funding. To learn more and apply, please click here.

Health and Safety
In-person attendees will be required to be fully vaccinated against the COVID-19 virus and will need to comply with all on-site health measures, in accordance with The Linux Foundation Code of Conduct. To learn more, visit the Health & Safety webpage.

Event Sponsors
Open Source Summit Europe 2022 is made possible thanks to our sponsors, including Diamond Sponsors: AWS, Google and IBM, Platinum Sponsors: Huawei and Intel, and Gold Sponsors: Cloud Native Computing Foundation, Codethink, Docker, Mend, Red Hat, and Styra. For information on becoming an event sponsor, click here or email us.

Press
Members of the press who would like to request a press pass to attend should contact Kristin O’Connell.

ABOUT THE LINUX FOUNDATION
Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at https://linuxfoundation.org/

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

Visit our website and follow us on Twitter, LinkedIn, and Facebook for all the latest event updates and announcements.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

###

Media Contact

Kristin O’Connell
The Linux Foundation
koconnell@linuxfoundation.org

The post The Linux Foundation Announces Conference Schedule for Open Source Summit Europe 2022 appeared first on Linux Foundation.

The post The Linux Foundation Announces Conference Schedule for Open Source Summit Europe 2022 appeared first on Linux.com.