Tag Archive for: Initiative

CREST introduces global initiative to boost cyber security standards

/in


The international cyber security arena is set to be bolstered by an open collaboration and partnership initiative, introduced by CREST, the not-for-profit, industry representative body. The initiative, aptly named the CREST Community Supporter, aims to rally various organisations toward making a tangible contribution in improving the global cyber security industry standard. Its launch in July has resulted in the enrolment of the initiative’s inaugural nine Community Supporters.

The Centre for Internet Security (CIS), Cloud Security Alliance, Cyber Threat Alliance, Global Anti Scam Alliance, Global Cyber Alliance, Global Resilience Federation, ISC2, Stott and May Consulting, and The Security Institute have joined forces with CREST for this ambitious project. Their collective mission will be to foster capability development, capacity building, and consistent collaboration—an initiative aimed at enhancing trust and resilience within the digital landscape.

CREST CEO, Nick Benson, emphasised the role of collaboration in tackling the diverse challenges plaguing the cyber landscape. He said, “I am thrilled to welcome our first nine Community Supporters. To meet the vast array of challenges facing the world of cyber we must join forces and be serious about open and effective collaboration. Developing relationships and formalising them through our supporter initiative is key to our mission, and each of these fantastic organisations will play an important role in helping us build a globally resilient cyber security industry.”

It is expected that merging the strengths of the CREST membership—made up of cyber security service providers—and the newly inducted Community Supporters will promote a unified effort. This collaboration aims to address the pressing and complicated digital issues currently plaguing the globe.

The CREST Community Supporter initiative was launched to foster partnerships with bodies and organisations committed to raising global cyber security standards in alignment with CREST’s core mission and values. Becoming a Community Supporter offers many perks, such as deepened collaboration with CREST, marketing support, discounted event entry, and more….

Source…

Publisher’s Spotlight: The Zero Day Initiative (ZDI): Financially Rewarding InfoSec Researchers

/in


Formed by TrendMicro, the Zero Day Initiative (ZDI) was created to encourage the reporting of 0-day vulnerabilities privately to the affected vendors by financially rewarding researchers. At the time, there was a perception by some in the information security industry that those who find vulnerabilities are malicious hackers looking to do harm. Some still feel that way. While skilled, malicious attackers do exist, they remain a small minority of the total number of people who discover new flaws in software.

Incorporating the global community of independent researchers also augments their internal research organizations with the additional zero-day research and exploit intelligence. This approach coalesced with the formation of the ZDI, launched on July 25, 2005.

Today, the ZDI represents the world’s largest vendor-agnostic bug bounty program. Their approach to the acquisition of vulnerability information is different than other programs. No technical details concerning the vulnerability are sent out publicly until the vendor has released a patch.

One of their cool events is Pwn2Own, held in multiple countries – here’s their recent scoreboard from their Vancouver, Canada event:

Publisher’s Spotlight: The Zero Day Initiative (ZDI): Financially Rewarding InfoSec Researchers

Contestants disclosed 27 unique zero-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn, Synacktiv (@Synacktiv), for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3:

Publisher’s Spotlight: The Zero Day Initiative (ZDI): Financially Rewarding InfoSec Researchers

They do not resell or redistribute the vulnerabilities that are acquired through the ZDI.  Submitting through the ZDI program also relieves you from the burden of tracking the bug with the vendor.  They make every effort to work with vendors to ensure they understand the technical details and severity of a reported security flaw, which leaves researchers free to go find other bugs.  They will let you know where things stand with all your own current cases with regards to vendor disclosure. In no cases will an acquired vulnerability be “kept quiet” because a product vendor does not wish to address it.

Interested researchers provide them with exclusive information about previously un-patched vulnerabilities they have discovered.  The ZDI then collects…

Source…

Further expansion advanced by Counter Ransomware Initiative

/in


Colombia, Costa Rica, and Jordan have since become part of the Counter Ransomware Initiative, which White House Deputy National Security Adviser Anne Neuberger has noted during the Ransomware Task Force event to offer collaborative opportunities in countering ransomware attacks, according to The Record, a news site by cybersecurity firm Recorded Future.

Since the initial Counter Ransomware Initiative summit, various countries have already begun co-leading activity pillars aimed at better addressing the threat of ransomware attacks, with Australia touted by Australian Embassy Ministry Counsellor of Home Affairs Patrick Hallinan to have spearheaded the International Counter Ransomware Task Force that disrupted the Hive ransomware operation with the assistance of Interpol in January.

Several collaboration pillars are also being worked upon by other countries, with India and Lithuania partnering on ransomware resilience plan development, the United Arab Emirates and Israel collaborating on information sharing, and the U.K. and Singapore teaming up on addressing illicit cryptocurrency use for ransomware, said Neuberger.

Source…

NeGD, MeitY organises 30th Batch of Chief Information Security Officers’ (CISOs) Deep Dive Training Programme under Cyber Surakshit Bharat Initiative

/in


NeGD, MeitY organises 30th Batch of Chief Information Security Officers’ (CISOs) Deep Dive Training Programme under Cyber Surakshit Bharat Initiative – Odisha Diary

Source…