6 CISO Takeaways From the NSA's Zero-Trust Guidance

All companies — not just federal agencies — should aim to adopt the "network and environment" pillar of the National Security Agency's zero-trust guidelines. [TechWeb]( Follow Dark Reading: [RSS]( March 18, 2024 LATEST SECURITY NEWS & COMMENTARY [6 CISO Takeaways From the NSA's Zero-Trust Guidance]( All companies — not just federal agencies — should aim to adopt the "network and environment" pillar of the National Security Agency's zero-trust guidelines. ['GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors]( Like Spectre, the new GhostRace exploit could give attackers a way to access sensitive information from system memory and take other malicious actions. [ChatGPT vs. Gemini: Which Is Better for 10 Common Infosec Tasks?]( Compare how well OpenAI's and Google's generative AI products handle infosec professionals' top 10 tasks. [South African Government Pension Data Leak Fears Spark Probe]( LockBit ransomware gang claims 668GB of data it dumped online was stolen from South Africa's pension agency. [NHS Breach, HSE Bug Expose Healthcare Data in the British Isles]( Whoopsies in Ireland and Scotland speak to a tenuousness of cyber protections for sensitive private healthcare data. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Alabama Under DDoS Cyberattack by Russian-Backed Hacktivists]( The hacktivist group Anonymous Sudan claims credit for a cyberattack that disrupted Alabama state government earlier this week. [TikTok Ban Raises Data Security, Control Questions]( Approved by the House and moving on to the Senate, the potential ban points up the porousness of governmental control in the digital age. [How to Identify a Cyber Adversary: What to Look For]( There are many factors involved in attributing a cyber incident to a specific threat actor. [Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT]( Attackers use Google redirects in their phishing attack leveraging a now-patched vulnerability that spreads the multifaceted malware. [MORE]( PRODUCTS & RELEASES [Red Canary Announces Full Coverage of All Major Cloud Providers]( [Expel Releases Updated Toolkit in Response to NIST 2.0]( [Nozomi Networks Secures $100M Investment to Defend Critical Infrastructure]( [Claroty Launches Advanced Anomaly Threat Detection for Medigate]( [Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Fortinet Warns of Yet Another Critical RCE Flaw]( CVE-2024-48788, like many other recent Fortinet flaws, will likely be an attractive target, especially for nation-state-backed actors. LATEST FROM THE EDGE [Name That Edge Toon: How Charming]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECH [To Spot Attacks Through AI Models, Companies Need Visibility]( Rushing to onboard artificial intelligence, companies and their developers are downloading a variety of pretrained machine learning models, but verifying security and integrity remains a challenge. LATEST FROM DR GLOBAL [3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage]( With budget constraints and a limited supply of skilled talent, businesses need to get creative to defend against rampant cybersecurity threats. WEBINARS - [Building a Modern Endpoint Strategy for 2024 and Beyond]( - [Making Sense of Security Operations Data]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [A Solution Guide to Operational Technology Cybersecurity]( - [Endpoint Best Practices to Block Ransomware]( - [FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE]( - [Threat Intelligence: Data, People and Processes]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122174&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.18.24&sp_cid=52547&utm_content=DR_NL_Dark%20Reading%20Daily_03.18.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#93 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)