CyberSecurity Updates

09 May

Latest NICE Framework Update Offers Improvements for the Cybersecurity Workforce

Insights

I joined NIST as the first full-time manager of the NICE Framework in October 2020, just one short month before NICE published the first revision NIST Special Publication 800-181, the NICE Workforce Framework for Cybersecurity (NICE Framework). That revision – far from finalizing work – was the starting point that led us to a complete refresh of the NICE Framework components, which includes:  Revised Work Role Categories and Work Roles – including one new Work…

Read More
09 May

ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

Attacks, Insights, Malware

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), together with CISA, the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ) are releasing the following guidance: Secure by Design Choosing Secure and Verifiable Technologies. This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services.  The guidance contains a range of…

Read More
09 May

How to inspire the next generation of scientists | Unlocked 403: Cybersecurity podcast

Information

We Live Science, Video As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight 07 May 2024 Some time ago, we briefly spoke to Dr. Garik Israelian, one of the founders of the Starmus Festival, to hear his views mainly about the festival’s mission. The event is now just days away and we caught up…

Read More
08 May

The hacker’s toolkit: 4 gadgets that could spell security trouble

Information

Digital Security Their innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands? Daniel Cunha Barbosa 06 May 2024  •  , 5 min. read Can seemingly innocuous objects that feign the appearance of regular USB sticks, charging cables or children’s toys be co-opted as tools to aid and abet an actual hack? Or is this just…

Read More
07 May

U.S. Charges Russian Man as Boss of LockBit Ransomware Group

Information, Insights

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. Image: U.K. National Crime Agency. Khoroshev (Дмитрий Юрьевич Хорошев), a resident of Voronezh, Russia, was charged in a…

Read More
06 May

Why Your VPN May Not Be As Secure As It Claims

Information, Insights

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user. Image: Shutterstock. When a device initially tries to connect to a…

Read More
05 May

Pay up, or else? – Week in security with Tony Anscombe

Information

Video Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not 03 May 2024 The Simone Veil hospital in Cannes, France – which fell victim to a disruptive ransomware attack two weeks ago – has announced that it refused to pay the extortion demand from the LockBit 3.0 ransomware gang. The facility had to take all…

Read More
03 May

Adding insult to injury: crypto recovery scams

Information

Scams Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over Phil Muncaster 02 May 2024  •  , 4 min. read It’s a nightmare scenario for any cryptocurrency user. You fall victim to a crypto scam or cyberattack, resulting in stolen funds. You feel regret and shame – not to mention anger…

Read More
02 May

Protecting Model Updates in Privacy-Preserving Federated Learning: Part Two

Insights

The problem  The previous post in our series discussed techniques for providing input privacy in PPFL systems where data is horizontally partitioned. This blog will focus on techniques for providing input privacy when data is vertically partitioned.  As described in our third post, vertical partitioning is where the training data is divided across parties such that each party holds different columns of the data. In contrast to horizontally partitioned data, training a model on vertically partitioned data is…

Read More
02 May

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

Attacks, Insights, Malware

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare and Public Health Sector. Additionally, this Alert highlights the prevalence, and continued threat actor exploitation of, directory traversal defects. Currently,…

Read More