As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are […]
Category Archives: Uncategorized
Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. “A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. “Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, Go to Source Author:
The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020. An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its […]
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to […]
The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident. Go to Source Author: Jennifer Lawinski
The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target. Go to Source Author: Robert Lemos, Contributing Writer
The agency asks the cybersecurity community to adopt “romance baiting” in place of dehumanizing language. Go to Source Author: Becky Bracken, Senior Editor, Dark Reading
The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin’s regime. Go to Source Author: Tara Seals, Managing Editor, News, Dark Reading
Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud. Go to Source Author: Elizabeth Montalbano, Contributing Writer