Feedback Requested – NIST Ransomware Risk Management CSF Community Profile
The National Institute of Standards and Technology (NIST) is seeking public feedback on NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile, a crucial document that can help organizations bolster their defenses against ransomware threats. With the public comment period open until September 11, 2025, this is your opportunity …
Continue reading Feedback Requested – NIST Ransomware Risk Management CSF Community ProfileWed, 10 Sep 2025 12:22:17 +0000
Critical Patches Issued for Microsoft Products, September 09, 2025 – PATCH NOW
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; …
Continue reading Critical Patches Issued for Microsoft Products, September 09, 2025 – PATCH NOWWed, 10 Sep 2025 12:21:08 +0000
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install …
Continue reading Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH: NOWWed, 10 Sep 2025 12:20:12 +0000
Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution – PATCH NOW
Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, …
Continue reading Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution – PATCH NOWWed, 10 Sep 2025 12:19:25 +0000
NIST Publishes Report on Digital Product Cybersecurity Education and Awareness for Design-A-Thon Event
NIST has published Internal Report (IR) 8558, Report on the Design-A-Thon: Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness. The Design-A-Thon event was organized by NIST and hosted by the Symposium in Usable Privacy and Security (SOUPS) on August 11th, 2024. For the project, three teams developed cybersecurity education and awareness …
Continue reading NIST Publishes Report on Digital Product Cybersecurity Education and Awareness for Design-A-Thon EventFri, 05 Sep 2025 15:31:12 +0000
Protecting Controlled Unclassified Information: A NIST Small Business Cybersecurity Webinar
Date: November 4, 2025 Time: 2:00PM – 3:00PM EST Location: Virtual Description: Recently, NIST published a Small Business Primer for NIST Special Publication (SP) 800-171, Revision 3, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems, to help small and medium-sized businesses understand and implement security requirements for protecting CUI. During this webinar, NIST will provide attendees with …
Continue reading Protecting Controlled Unclassified Information: A NIST Small Business Cybersecurity WebinarFri, 05 Sep 2025 15:30:20 +0000
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. …
Continue reading Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – PATCH: NOWFri, 05 Sep 2025 15:29:41 +0000
APT29 Threat Analysis Report
APT29, also known as Cozy Bear, Midnight Blizzard, The Dukes, Dark Halo, and NobleBaron, is a Russian state-sponsored cyber group linked to the Foreign Intelligence Service (SVR). APT29 has recently advanced its tradecraft by leveraging legitimate cloud services and Software-as-a-Service (SaaS) platforms to conduct covert, highly targeted cyber espionage campaigns. Their operations have primarily focused …
Continue reading APT29 Threat Analysis ReportFri, 05 Sep 2025 15:28:37 +0000
Local Municipality Impersonation to Steal Data and Funds
The NJCCIC received reports of threat actors impersonating multiple New Jersey local municipalities to steal sensitive data and funds and exploit public trust. Threat actors take advantage of residents who interact with their local municipalities regularly and are more likely to trust communications appearing to be official. They pose as local officials and contact residents …
Continue reading Local Municipality Impersonation to Steal Data and FundsFri, 05 Sep 2025 15:28:00 +0000
Threat Actors Want Your Remote…Access
The NJCCIC has observed threat actors continuing to exploit remote monitoring and management (RMM) tools such as PDQ Connect, ScreenConnect, ITarian, and Atera to remotely access target environments. The use of RMM software enables threat actors to gain initial access, often without triggering security alerts due to the legitimate nature of these programs. Once installed, …
Continue reading Threat Actors Want Your Remote…AccessFri, 05 Sep 2025 15:26:57 +0000