BLOG

NIST Continues to Expand Its Suite of CSF 2.0 Resources

NIST Releases More CSF 2.0 Resources for Cybersecurity Awareness Month It’s Cybersecurity Awareness Month—and we’re celebrating by sharing that we have even more Cybersecurity Framework (CSF) 2.0 resources to help organizations of all sizes manage your cybersecurity risks. The new resources include, but are not limited to: Learn More
Mon, 25 Nov 2024 20:26:20 +0000

Cyber Review Board Investigate Salt Typhoon’s Targeting of US Telecommunications

Recent open-source reporting details the activity of Chinese nation-state advanced persistent threat (APT) Salt Typhoon amidst the 2024 presidential election. Salt Typhoon has compromised telecommunications infrastructure, including infrastructure associated with court-ordered wiretaps. A Department of Homeland Security (DHS) panel is currently reviewing the incident and assesses that it will likely take months before any findings … Continue reading Cyber Review Board Investigate Salt Typhoon’s Targeting of US Telecommunications
Mon, 25 Nov 2024 20:23:53 +0000

Threat Actors Exploit DocuSign APIs to Bypass Security

Example of invoice attachment. Image Source: Wallarm Labs Consistent with open-source reporting, the NJCCIC’s email security solution detected increased attempts to exploit DocuSign APIs to deliver fraudulent invoices. Unlike traditional phishing scams, which rely on misleading emails and links, these attacks use real DocuSign accounts and templates to mimic reputable companies, making detection more difficult. … Continue reading Threat Actors Exploit DocuSign APIs to Bypass Security
Mon, 25 Nov 2024 20:23:14 +0000

Phony Help is Just a Call Away

Image Source: LastPass LastPass Password Manager warned customers about a new social engineering campaign in which threat actors are leaving five-star reviews, posing as support on the LastPass extension review page on Google Chrome. In these reviews, they provide customers with a phone number to contact for help resolving potential issues. If contacted, users connect … Continue reading Phony Help is Just a Call Away
Mon, 25 Nov 2024 20:22:29 +0000

Vulnerability in Google AndroidCould Allow for Remote Code Execution

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies, organizations, and individuals in guarding against the persistent malicious actions of cybercriminals. A vulnerability has been discovered in Google Android that could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but … Continue reading Vulnerability in Google AndroidCould Allow for Remote Code Execution
Mon, 25 Nov 2024 20:21:08 +0000

Norton LifeLock Identity Theft Protection Alerts

Individuals, who are enrolled in the Identity Theft Protection program offered by LifeLock, are receiving notifications in error by LifeLock. These notifications are being sent by email or text stating “New Property Report Detected.” It is an issue with LifeLock’s system. They are aware of the problem and are actively working to resolve the issue. … Continue reading Norton LifeLock Identity Theft Protection Alerts
Mon, 25 Nov 2024 20:20:14 +0000

Transition to Post-Quantum Cryptography Standards | Draft NIST IR 8547 is Available for Comment

The initial public draft of NIST Internal Report (IR) 8547, Transition to Post-Quantum Cryptography Standards, is now available for public comment. This report describes NIST’s expected approach to transitioning from quantum-vulnerable cryptographic algorithms to post-quantum digital signature algorithms and key-establishment schemes. It identifies existing quantum-vulnerable cryptographic standards and the current quantum-resistant standards that will be … Continue reading Transition to Post-Quantum Cryptography Standards | Draft NIST IR 8547 is Available for Comment
Mon, 25 Nov 2024 20:18:20 +0000

Payroll Phishing Campaign Drops InfoStealer Malware

Image Source: Proofpoint The NJCCIC email security system has uncovered a new campaign spreading XLoader and GuLoader malware. XLoader is a successor to Formbook infostealing malware and is categorized as malware-as-a-service (MaaS). XLoader has several capabilities, such as capturing screenshots, recording keystrokes, and accessing information stored on the clipboard. Additionally, it can steal credentials from … Continue reading Payroll Phishing Campaign Drops InfoStealer Malware
Mon, 25 Nov 2024 20:16:53 +0000

Guidelines for Derived PIV Credentials and PIV Federation: SP 800-157r1 and SP 800-217 Available for Public Comment

The final public drafts (fpd) of NIST Special Publication (SP) 800-157r1 (Revision 1), Guidelines for Derived Personal Identity Verification (PIV) Credentials, and SP 800-217, Guidelines for Personal Identity Verification (PIV) Federation, are now available for public review and comment.  Both guidelines address the comments received on the 2023 initial public drafts and align with the recently published … Continue reading Guidelines for Derived PIV Credentials and PIV Federation: SP 800-157r1 and SP 800-217 Available for Public Comment
Mon, 25 Nov 2024 20:15:35 +0000

NIST Requests Public Comments on SP 800-102, Recommendation for Digital Signature Timeliness

NIST maintains its cryptography standards and guidelines using a periodic review process. NIST requests public comments on all aspects of NIST Special Publication (SP) 800-102, Recommendation for Digital Signature Timeliness, 2009. This publication discusses the use of timestamps to establish the time when a digital signature was generated. The Cryptographic Algorithm Validation Program does not … Continue reading NIST Requests Public Comments on SP 800-102, Recommendation for Digital Signature Timeliness
Mon, 25 Nov 2024 20:14:56 +0000