Cyber News

The National Institute of Standards and Technology will be hosting on Tuesday, February 2 and Wednesday, February 3, 2021, the second workshop in a new series focusing on the Open Security Controls Assessment Language (OSCAL). Setting the foundation for security automation, OSCAL provides machine-readable representations of control catalogs, control baselines, system security plans, assessment plans and assessment results in a set of formats expressed in XML, JSON, and YAML. Day one of the workshop will highlight OSCAL layers and models, with the goal to familiarize the audience with the OSCAL

This workshop will convene stakeholders from across the electronics, battery, and solar panel supply chains to assess technical and economic barriers to the reuse, refurbishment, and recycling of these products. The major goal of the workshop is to define NIST’s role in facilitating the transition to a circular economy and identifying actionable items for doing so. Attendees, including manufacturers, researchers, policymakers, industry organizations, and reuse, refurbishing, and recycling practitioners will watch keynote speeches by world-renowned experts in the circular economy, observe panel

Co-hosted by Tetrate This 1-day virtual conference will focus on DevSecOps and ZTA as foundational approaches in multi-cloud environments. They facilitate rapid secure application development, promote interoperability, and mitigate threats in a perimeter-less environment. The emphasis will be on delivery of DevSecOps and ZTA constructs through use of a “service mesh architecture” – a high-assurance operational infrastructure. These assurances are made available through new tool sets and open-source SDKs, that, through configuration and API calls, enable features such as mutual TLS, secure

Networking device maker SonicWall has disclosed that it is investigating a security breach of its internal network after detecting what it described as a "coordinated attack."

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact details of the flaw

The Russian government has issued a security alert warning Russian businesses of potential cyberattacks launched by the United States in response to the SolarWinds incident.

DreamBus presents a serious threat because of the many components it uses to spread via the internet and the wormlike behavior that enables it to move laterally once inside a targeted system, ThreatLabz says.

Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager (SolMan) component.

Netscout researchers have identified more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.

President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the US government works to recover from one of the biggest hacks of its agencies..

The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share and reuse code blocks.

A home security technician admitted that he secretly accessed the cameras of more than 200 customers, particularly attractive women, to spy on while they undressed, slept, or had sex.

Reportedly, Bradford school employees received several laptops to aid in homeschooling vulnerable students. However, the laptops came pre-installed with the virus. Many school employees shared virus details on an online forum.

Although the US and the United Nations have levied sanctions meant to prevent the illegal financing of nuclear weapons, North Korea is proving to be adept at sidestepping them — and is also remarkably proficient at cybercrime.

The7stars, a London ad agency, that counts Atlantic Records, Suzuki, and Penguin Random House among its clients has had its files dumped online by the Clop ransomware gang.

Drupal has released a security update to address a critical vulnerability, caused by a bug in the PEAR Archive_Tar library, in a third-party library with documented or deployed exploits available in the wild.

To protect useful attack vectors through SolarWinds, Microsoft, and VMWare, the hackers made every effort not to reuse infrastructures or settings or to tie one stage of the attack to another.

The hackers behind the ransomware attack on the Scottish Environment Protection Agency (SEPA) have published thousands of stolen files after the organisation refused to pay the ransom.