NGI Assure’s Post

Althash University (Alt+U) provides us with the opportunity to gain knowledge on different consensus mechanisms and their varying strengths and weaknesses, making them more suitable for public or private networks.In essence, the choice of consensus mechanism depends on the network's priorities and the trade-offs between security, speed, and regulatory compliance.

I explore the Mojolicious framework that is especially valued in niche industries with a Perl heritage. In our recent security assessment, the use of under-the-radar technology introduced unique features and challenges.   Read more about how we overcame these difficulties: https://lnkd.in/dKTdw-Bj

In April this year, the CVE program and FIRST hosted a common event called #VulnCon 2024, gathering people working on vulnerability coordination and related subjects. The event was great and better than expected, and I enjoyed it live (in streaming). The playlist is now available for everyone https://lnkd.in/ejpZFnBK This is a warning for people unfamiliar with the CVE program, coordinated disclosure, embargoes, and related subjects: you may hear maaaaany abbreviations. My picks (limited; all talks I attended were interesting): SBOMs – The Missing Link by Cassie Crossley - a practical return of experience of making SBOMs mandatory, with the list of difficulties (strange build systems...), experiences with binary scanning and external SBOMs (or lack thereof) https://lnkd.in/etes2zuF The Trials and Tribulations of Bulk Converting CVEs to OSV by Andrew Pollock - shows the return of experience of automatically analyzing CVE data, starting before the new CVE v5 schema. https://lnkd.in/eDs6urYD Vulnerability Coordination in the EU by Johannes Clos - describes how ENISA works, and how they do vulnerability coordination. There were questions about the CRA (Cyber Resilience Act) https://lnkd.in/ekYBrfHA A Legislation Guide for Keeping pace with Cybersecurity Paradigm Shift toward Vulnerability by Dr. Tae-seung Lee - the presentation gives a critical overview of different cybersecurity regulations and the Korean proposals in the same area. https://lnkd.in/erGk_TgV Adventures in Vulnerability Coordination by Daniel Larson and Iain Deason - a role-playing game of vulnerability coordination with hilarious examples https://lnkd.in/eB-ZdzJH Panel Discussion—The Risks of Requiring Premature Vulnerability Disclosures with Kathleen Noble, Tanvi Chopra, Rob Spiger, and Michael Woolslayer—The legislation in the works frequently requires vulnerability disclosure before the fix is ready. The panel discusses these questions, concentrating on the risks. https://lnkd.in/ecKVEzAk Looking forward to the 2025 edition! #cve #security #coordination #disclosure

🎉 Two papers on the #SELFYproject’s VSOC have been presented at the #SECURWARE2024! Partners from Technische Hochschule Ingolstadt Kevin Mayer and Jenny Hofbauer presented the foundation and conceptualization of the SELFY #VSOC, a pioneering solution developed by THI that aims at advancing security in Cooperative, Connected, and Automated Mobility #CCAM by collecting data, detecting threats and responding to incidents. 👉 Learn more and access the papers here: https://lnkd.in/dYT2fP2X

Amit Singh Bhati presenting "OAE-RUP: A Strong Online AEAD Security Notion and its Application to SAEF" at the 14th International Conference on Security and Cryptography for Networks (SCN 2024) in Amalfi (SA) Italy. https://lnkd.in/eCzXTjr3 In summary, this work defines OAE-RUP, a security notion for online AEAD schemes that addresses blockwise-encryption (including nonce misuse) and blockwise-decryption (including RUP), very crucial security requirements for lightweight devices. It also shows that the forkcipher-based SAEF mode, a NIST second-round lightweight AEAD candidate, meets OAE-RUP security requirements. Paper on ePrint: https://lnkd.in/e48p-YMR Paper on Springer: https://lnkd.in/eS2ttk-a

🚨 Quick Alert for My Network 🚨 Heads up, #TechCommunity! A high-risk vulnerability (CVE-2024-23334) has been identified in the aiohttp framework. If you're using versions before 3.9.2, you're at risk! Even more concerning, there's a full exploitation guide available on YouTube 🎥 – yes, it’s that accessible. Immediate action is required! 🛠️ Update your systems now to avoid falling prey to this flaw. Why worry? Beyond the usual suspects, this info is a goldmine for "script kiddies" - making attacks easier and potentially more frequent. 😟 Let's not give them the chance! Share this post, spread the word, and let's secure our cyberspace together. 🌐💪 #CyberSecurity #UpdateNow #StaySafe

Your wealth is about more than dollars—it's about freedom, security, and purpose. Schedule a free consultation today to start your journey toward holistic wealth. 🤝 https://bit.ly/3oAv2OM

Zeek provided me a general network monitoring overview to investigate captured traffic

Attention: SonicWall Vulnerability Detected!! A critical vulnerability, CVE-2024-40766, has been identified in SonicWall’s SonicOS & SSLVPN, which could grant unauthorized access to your systems. Akira ransomware is actively exploiting this weakness. It’s crucial to act now. Patch your systems immediately to safeguard your business from potential attacks. Learn more: https://lnkd.in/gbVu37Ym #infosec #Vulnerability #Ransomware #SonicWall

Our signature line of readers simplifies security and connects you to the future of access control. Prepare for tomorrow and upgrade today. 📈 Learn more about the security and convenience of Signo: https://ow.ly/Tg3l50SvQXj?