Ambiguity and complexity in the DNS protocol has caused the issues, dos Santos says. Because of the complexity of the DNS specification, vulnerability types that we have known about for 20 years are appearing in implementations of network stacks, he says. The more complex the software or protocol gets, the more difficult the protocol is to implement, so we need to make them as least complex as possible, which is not always possible.
Earlier this month, Forescout and JSOF disclosed nine vulnerabilities that affected four different TCP/IP stacks and could affect hundreds of millions of Internet of Things (IoT) and network devices. The vulnerabilities, dubbed NAME:WRECK by the companies, are the latest disclosures coming from their research into the vendor implementations that handle domain-name system (DNS) traffic. Their research, dubbed Project Memoria, also includes Ripple20, a set of 19 vulnerabilities that affected the Treck TCP/IP stack, among others; AMNESIA:20, a se
MITRE Adds MacOS, Linux, More Data Types to ATT&CK darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
PDF
Adobe has released an open source project to detect and classify anomalies in security log data using a tool the company says is simple to run and easily modified.
The One-Stop Anomaly Shop (OSAS) is an open source machine-learning (ML) tool that can add structure to log data by generating labels for different types of data and then use that data as the inputs to classification algorithms. The approach solves several ML problems such as data sparsity and overfitting while giving security analysts a macro view of log data that allows easier analysis, states Adobe s security intelligence team in a technical paper on their approach.
Expect an Increase in Attacks on AI Systems darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
The trends have put companies on notice, says Stu Sjouwerman, founder and CEO of KnowBe4. The amount of data breaches are still going up dramatically, faster than what companies are spending on the human layer, he says. Well-over 50% of data breaches are caused by attackers going after the human, but companies are only spending 3% of their IT security budgets on the human element.
The security awareness and training market continues to mature, growing beyond its beginnings as a way to satisfy compliance requirements. No longer are the services just about training to comply with bare-minimum phishing requirements, but are now more about creating a security culture among all employees, according to Forrester Research, a market research firm.