BLOG

NIST small business cybersecurity webinar

Event Date: October 23, 2024 Event Time: 2:00PM – 3:00PM EDT Event Location: Virtual Description: Identity and Access Management is a fundamental and critical cybersecurity capability for businesses of all sizes. To protect your business from fraud and unauthorized system and data access, you want to take steps to ensure that only the right people … Continue reading NIST small business cybersecurity webinar
Wed, 09 Oct 2024 13:58:34 +0000

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH NOW

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install … Continue reading Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH NOW
Wed, 09 Oct 2024 11:57:53 +0000

Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released this Fact Sheet, which provides information about threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) targeting and compromising accounts of Americans to stoke discord and undermine confidence in US democratic institutions.   IRGC actors have previously gained and … Continue reading Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations
Wed, 09 Oct 2024 11:56:45 +0000

Security Property Verification by Transition Model | NIST Invites Public Comments on IR 8539

The initial public draft of NIST Internal Report (IR) 8539, Security Property Verification by Transition Model, is now available for public comment. Verifying the security properties of access control policies is a complex and critical task. The policies and their implementation often do not explicitly express their underlying semantics, which may be implicitly embedded in … Continue reading Security Property Verification by Transition Model | NIST Invites Public Comments on IR 8539
Wed, 09 Oct 2024 11:44:06 +0000

Critical Patches Issued for Microsoft Products, October 8, 2024 – PATCH NOW

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose … Continue reading Critical Patches Issued for Microsoft Products, October 8, 2024 – PATCH NOW
Wed, 09 Oct 2024 11:43:33 +0000

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution – PATCH NOW

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install … Continue reading Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution – PATCH NOW
Wed, 09 Oct 2024 11:42:41 +0000

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – PATCH NOW

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in … Continue reading Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – PATCH NOW
Tue, 08 Oct 2024 11:42:06 +0000

Submit Comments | Draft Report: Attribute Validation Services for Identity Management

In this digital age, the accurate identification of individuals is paramount to ensuring security, privacy, and trust in online interactions. Whether it’s for accessing medical records, applying for benefits, or engaging in other high-stakes transactions, the need to confirm the identity and attributes of individuals is crucial. The draft NIST report Attribute Validation Services for … Continue reading Submit Comments | Draft Report: Attribute Validation Services for Identity Management
Tue, 08 Oct 2024 11:40:56 +0000

Trinity Ransomware

The United States Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) released this Threat Actor Profile regarding a relatively new threat actor identified as Trinity Ransomware. Even though the analysis is focused on the Healthcare and Public Health (HPH) Sector, all agencies and organizations are encouraged to review the information contained in … Continue reading Trinity Ransomware
Tue, 08 Oct 2024 11:40:24 +0000

New Chinese APT, Salt Typhoon, Targets ISPs

A suspected Chinese (PRC) state-sponsored cyber threat group known as Salt Typhoon was recently identified accessing multiple United States internet service providers (ISPs) to conduct cyber espionage. This cyberattack is just the latest in a series of campaigns sponsored by the Chinese government. Salt Typhoon’s actions are part of a larger Chinese strategy to conduct … Continue reading New Chinese APT, Salt Typhoon, Targets ISPs
Thu, 03 Oct 2024 18:42:38 +0000