Cyber News

2nd Open Security Controls Assessment Language (OSCAL) Workshop

1 week 1 day hence
The National Institute of Standards and Technology will be hosting on Tuesday, February 2 and Wednesday, February 3, 2021, the second workshop in a new series focusing on the Open Security Controls Assessment Language (OSCAL). Setting the foundation for security automation, OSCAL provides machine-readable representations of control catalogs, control baselines, system security plans, assessment plans and assessment results in a set of formats expressed in XML, JSON, and YAML. Day one of the workshop will highlight OSCAL layers and models, with the goal to familiarize the audience with the OSCAL
Pauline Truong

Circular Economy in the High-Tech World

2 days 14 hours hence
This workshop will convene stakeholders from across the electronics, battery, and solar panel supply chains to assess technical and economic barriers to the reuse, refurbishment, and recycling of these products. The major goal of the workshop is to define NIST’s role in facilitating the transition to a circular economy and identifying actionable items for doing so. Attendees, including manufacturers, researchers, policymakers, industry organizations, and reuse, refurbishing, and recycling practitioners will watch keynote speeches by world-renowned experts in the circular economy, observe panel
Pauline Truong

DevSecOps and Zero Trust Architecture (ZTA) for Multi-Cloud Environments

2 days 4 hours hence
Co-hosted by Tetrate This 1-day virtual conference will focus on DevSecOps and ZTA as foundational approaches in multi-cloud environments. They facilitate rapid secure application development, promote interoperability, and mitigate threats in a perimeter-less environment. The emphasis will be on delivery of DevSecOps and ZTA constructs through use of a “service mesh architecture” – a high-assurance operational infrastructure. These assurances are made available through new tool sets and open-source SDKs, that, through configuration and API calls, enable features such as mutual TLS, secure
Karen M. Startsman

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

21 hours 23 minutes ago
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end
Ravie Lakshmanan

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

1 day 13 hours ago
SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide
Ravie Lakshmanan

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

1 day 13 hours ago
More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact details of the flaw
Ravie Lakshmanan

DreamBus Botnet Targets Linux Systems

1 day 21 hours ago
DreamBus presents a serious threat because of the many components it uses to spread via the internet and the wormlike behavior that enables it to move laterally once inside a targeted system, ThreatLabz says.

Discord-Stealing Malware Invades npm Packages

1 day 21 hours ago
The CursedGrabber malware has infiltrated the open-source software code repository. Three malicious software packages have been published to npm, a code repository for JavaScript developers to share and reuse code blocks.

Why North Korea Excels in Cybercrime

1 day 21 hours ago
Although the US and the United Nations have levied sanctions meant to prevent the illegal financing of nuclear weapons, North Korea is proving to be adept at sidestepping them — and is also remarkably proficient at cybercrime.