CyberSecurity Updates

14 Feb

NIST Celebrates National Entrepreneurship Week

Insights

What is National Entrepreneurship (NatlEshipWeek) Week?  Celebrated February 10-17, 2024, “NatlEshipWeek is a congressionally chartered week dedicated to empowering entrepreneurship across the United States. The annual initiative was relaunched in 2017 as NatlEshipWeek to bring together a network of partners from Maui to Miami to educate, engage, and build equitable access to America’s Entrepreneurship Ecosystem.” Follow along online with #NatlEshipWeek. You can learn more about the initiative here: https://www.natleshipweek.org/about. Supporting Entrepreneurship is at the Heart of NIST’s…

Read More
13 Feb

Fat Patch Tuesday, February 2024 Edition

Information, Insights

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Top of the heap on this Fat Patch Tuesday is CVE-2024-21412, a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits. Redmond’s advisory for this bug says an attacker would need…

Read More
12 Feb

Priorities of the Joint Cyber Defense Collaborative for 2024

Attacks, Insights, Malware

Today, CISA—on behalf of the collective group of industry and government partners that comprise the Joint Cyber Defense Collaborative (JCDC)—released JCDC’s 2024 Priorities. Similar to the 2023 JCDC Planning Agenda, JCDC’s 2024 Priorities will help focus the collective group on developing high-impact and collaborative solutions to the most pressing cybersecurity challenges. Resulting from the trusted partnerships the collaborative has fostered, the focused goals of the 2024 priorities are to: Defend against Advanced Persistent Threat (APT)…

Read More
10 Feb

Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe

Information

Video, Ransomware Called a “watershed year for ransomware”, 2023 marked a reversal from the decline in ransomware payments observed in the previous year 09 Feb 2024 Ransomware payments in 2023 reached a record-breaking $1.1 billion in 2023, according to an analysis by Chainalysis, a blockchain research firm. Calling 2023 a “watershed year for ransomware”, Chainalysis also said that last year marked a reversal from the decline observed in 2022, when the payments were “only” half…

Read More
09 Feb

The buck stops here: Why the stakes are high for CISOs

Information

Business Security Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses? Phil Muncaster 08 Feb 2024  •  , 5 min. read Cybersecurity is finally becoming a board-level issue. That’s as it should be, given the increasingly important role cyber-risk management plays in strategic decision making. Cyber-risk is fundamentally a core…

Read More
09 Feb

Juniper Support Portal Exposed Customer Device Info

Information, Insights

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal. Sunnyvale, Calif. based Juniper Networks makes high-powered Internet routers and switches, and its…

Read More
09 Feb

JetBrains Releases Security Advisory for TeamCity On-Premises

Attacks, Insights, Malware

JetBrains released a security advisory to address a vulnerability (CVE-2024-23917) in TeamCity On-Premises. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Critical Security Issue Affecting TeamCity On-Premises-CVE-2024-23917 and apply the necessary update or workarounds.

Read More
09 Feb

Fortinet Releases Security Advisories for FortiOS

Attacks, Insights, Malware

Fortinet released security updates to address critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. Note: According to Fortinet, CVE-2024-21762 is potentially being exploited in the wild.  CISA encourages users and administrators to review the following advisories and apply necessary updates: FG-IR-24-015 FortiOS FG-IR-24-029 FortiOS

Read More
08 Feb

Left to their own devices: Security for employees using personal devices for work

Information

Business Security As personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut it Christian Ali Bravo 06 Feb 2024  •  , 6 min. read Since it helped organizations ride out the disruption wrought by the pandemic, remote work (that later often morphed into hybrid work) has cemented its staying power. With the boundaries between work and home becoming blurrier than ever, many people want, or indeed need, to access…

Read More
08 Feb

NIST’s International Cybersecurity and Privacy Engagement Update – International Dialogues, Workshops, and Translations

Insights

Credit: Shutterstock/Michael Traitov With the new year under way, NIST is continuing to engage with our international partners to enhance cybersecurity.  Here are some updates on our international work from the end of 2023 into the beginning of 2024: Conversations have continued with our partners throughout the world on the update to the NIST Cybersecurity Framework (CSF) 2.0.  The current Draft CSF 2.0 has been shared in a public comment period that ended in November 2023.  Stay…

Read More