Citrix, tvrtka koja svojim rješenjima omogućuje rad na daljinu brojnim tvrtkama i zaposlenicima, objavila je upozorenje o kritičnoj ranjivosti i pozvala sve korisnike da bez odgode ažuriraju svoje sustave. Kritična ranjivost (CVE-2023-3519) NetScaler ADC-a i NetScaler Gateway-a, već se aktivno iskorištava, ali su izdane zakrpe koje otklanjaju ranjivosti. Ranjivost CVE-2023-3519 napadaču omogućuje udaljeno izvršavanje kôda … Read more
AIOS (The All-In-One Security) dodatak je rješenje koje korisnicima nudi vatrozid za web aplikacije, zaštitu sadržaja i sigurnosni alat za prijavu u WordPress stranice. Otkriveno je da AIOS v5.1.9 bilježi prijave, odjave te neuspješne prijave korisnika, ali ujedno sprema i unesene lozinke. Ono što je nevjerojatno, je to da je lozinke pohranjivao u tzv. plain … Read more
Source: Read More Cert.be advisories
Source: Read More Cert.be advisories
Source: Read More Cert.be advisories
Source: Read More Cert.be advisories
Source: Read More Cert.be advisories
Nedavno smo pisali o pojavi malwarea u aplikacijama preuzetim iz legitimnih izvora. Više od 600 000 korisnika zarazilo je svoje uređaje Fleckpe malwareom preuzimanjem aplikacija iz Google Play-a. Akteri koji namjeravaju podmetnuti zlonamjerni kôd, ne čine to prilikom predaje aplikacije na provjeru, već to učine prilikom budućih ažuriranja. Iako Google redovito uklanja takve aplikacije, zlonamjerni … Read more
Opdateringerne til Junos OS og Junos OS Evolved inkludere også patches til 17 andre fejl i PHP kode, Message Queuing Telemetry Transport (MQTT) og NTP, inklusive nogle sårbarheder, der har været offentlig kendte i årevis. To af PHP-fejlene, registreret som CVE-2021-21708 og CVE-2022-31627, er klassificeret som “kritisk alvorlighed”. Otte andre fejl (fire i PHP, to … Read more
Sårbarheden skyldes utilstrækkelig inputvalidering ved brug af REST API-funktionen. En angriber kan udnytte denne sårbarhed ved, at sende en “malformed” API-anmodning til en sårbar vManage-instans, hvilket gør det muligt for angriberen, at hente information fra og sende information til konfigurationen af den berørte Cisco vManage-instans. Sårbarheden har kun betydning ved anvendelse af REST API og … Read more
Microsoft je izdao zakrpe za srpanj 2023. kojima se rješava šest ranjivosti nultog dana i 132 nedostatka. Čak 37 ranjivosti omogućavalo je udaljeno izvršavanje kôda (remote code execution – RCE), a devet ih je označeno kao kritične ranjivosti. Osim udaljenog izvršavanja kôda, ranjivosti su omogućavale eskalaciju privilegija, zaobilaženje sigurnosnih značajki, otkrivanje informacija i uskraćivanje usluge … Read more
The Iris Experts Group (IEG) will hold their annual meeting on Thursday June 15, 2023. The meeting will be virtual using the BlueJeans Meeting platform. The meeting is a full day meeting with breaks scattered through the day. The IEG is a forum for Source: Read More News and Events Feed by Topic
A virtual workshop on February 1, 2023 will introduce the initial public drafts of two NIST Special Publications (SPs): NIST SP 800-157r1 (Revision 1), Guidelines for Derived Personal Identity Verification (PIV) Credentials NIST SP 800-217 Source: Read More News and Events Feed by Topic
NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), Guidelines for Derived Personal Identity Verification (PIV) Credentials, and NIST SP 800-217, Guidelines for Personal Identity Verification (PIV) Federation. These two Source: Read More News and Events Feed by Topic
NIST requests public comments on NIST IR 8214C ipd (initial public draft), NIST First Call for Multi-Party Threshold Schemes, for primitives organized into two categories: Cat1: selected NIST-specified primitives Cat2: other primitives not specified Source: Read More News and Events Feed by Topic
NIST research reveals misconceptions that can affect security professionals — and offers solutions. Source: Read More News and Events Feed by Topic
Today, NIST is publishing Federal Information Processing Standard (FIPS) 186-5, Digital Signature Standard (DSS), along with NIST Special Publication (SP) 800-186, Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Source: Read More News and Events Feed by Topic
The rapid proliferation of online services over the past few years has heightened the need for reliable, equitable, secure, and privacy-protective digital identity solutions. Revision 4 of NIST’s Special Publication 800-63, Digital Identity Source: Read More News and Events Feed by Topic
As a part of the periodic review of NIST’s cryptographic standards and guidelines, NIST’s Crypto Publication Review Board (“Review Board”) announced the review of Federal Information Processing Standards Publication (FIPS) 197, The Advanced Source: Read More News and Events Feed by Topic
Attend the NICE K12 Cybersecurity Education Conference in Phoenix, Arizona on December 4-5, 2023 — the national conference for K12 cybersecurity education! Gain tools to accelerate learning, identify methods to nurture a diverse learning community Source: Read More News and Events Feed by Topic
NIST recognizes the importance of the infrastructure that provides positioning, timing, and navigation (PNT) information to the scientific knowledge, economy, and security of the Nation. This infrastructure consists of three parts: the space segment Source: Read More News and Events Feed by Topic
The Draft Fourth Revision to NIST Special Publication 800-63, Digital Identity Guidelines (Draft NIST SP 800-63-4) is available for review, and your feedback is requested! This revision of the Digital Identity Guidelines intends to respond to the Source: Read More News and Events Feed by Topic
NIST is in the process of a periodic review and maintenance of its cryptography standards and guidelines. Currently, we are reviewing the following publication: NIST Special Publication (SP) 800-132, Recommendation for Password-Based Key Derivation Source: Read More News and Events Feed by Topic
As a part of the periodic review of NIST’s cryptographic standards and guidelines, NIST’s Crypto Publication Review Board announced the review of Federal Information Processing Standards Publication FIPS 180-4, Secure Hash Standard (SHS), in June Source: Read More News and Events Feed by Topic
NIST is requesting public comments on the initial public draft of Special Publication (SP) 800-223, High-Performance Computing (HPC) Security: Architecture, Threat Analysis, and Security Posture. Executive Order 13702 established the National Source: Read More News and Events Feed by Topic
The algorithms are designed to protect data created and transmitted by the Internet of Things and other small electronics. Source: Read More News and Events Feed by Topic
Fascination with technological innovation is built into America’s DNA. Today’s legions of U.S. scientific and engineering researchers are directly connected to the independent mechanics, artisans, and tinkerers of colonial and pre-industrial times Source: Read More News and Events Feed by Topic
The presentation slides are available here. Download the Continuing Education Units form. Speakers: Danielle Santos Manager of Communications and Operations NICE (Moderator) Francie Genz Co-Principal and Co-Founder Institute for Networked Communities Source: Read More News and Events Feed by Topic
The NIST Lightweight Cryptography Team has reviewed the finalists based on their submission packages, status updates, third-party security analysis papers, and implementation and benchmarking results, as well as the feedback received during workshops Source: Read More News and Events Feed by Topic
In August 2021, NIST’s Crypto Publication Review Board announced the review of NIST Special Publication (SP) 800-38E, Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices. In response, NIST Source: Read More News and Events Feed by Topic
The initial public draft of NIST Special Publication (SP) 800-201, NIST Cloud Computing Forensic Reference Architecture, is now available for public comment. This document addresses the need to support a cloud system’s forensic readiness, which is Source: Read More News and Events Feed by Topic
The first webinar in the Digital Identity Guidelines Webinar Series will center on a discussion of risk as it relates to digital identity. Panelists will explore the various lenses through which digital identity can be viewed, the variety and breadth Source: Read More News and Events Feed by Topic
This second webinar in the Digital Identity Guidelines Webinar Series will focus on the changes NIST has made to the identity proofing guidance and illicit inputs on how the government and industry can collaboratively continue to innovate on identity Source: Read More News and Events Feed by Topic
This week, NIST released the newly redesigned and streamlined Special Publication 800-225, Fiscal Year (FY) 2022 Cybersecurity and Privacy Annual Report. In FY 2022, the NIST Information Technology Laboratory’s (ITL) Cybersecurity and Privacy Program Source: Read More News and Events Feed by Topic
Meet Shanée Dawkins, a computer scientist whose expertise in the way people interact with technology extends in multiple directions, from phishing to public safety and beyond. Source: Read More News and Events Feed by Topic
CYBERSECURITY EDUCATION AND WORKFORCE DEVELOPMENT FUNDING OPPORTUNITY Today at the annual NICE Conference & Expo, Rodney Petersen, the Director of NICE, announced a new Notice of Funding Opportunity (NOFO) from the National Institute of Standards and Source: Read More News and Events Feed by Topic
This second meeting of the IoT Advisory Board will focus on establishing the outline for the IoT Advisory Board’s report and report outs from sub-teams on the material that they have collected for sections of the report. NOTE: February 28, 2023 5:00 Source: Read More News and Events Feed by Topic
NIST will hold a virtual workshop on Standards and Performance Metrics for On-Road Automated Vehicles (AV), September 5-8, 2023. Free registration and schedule are available online. The workshop aims to: Connect the AV community Provide a holistic Source: Read More News and Events Feed by Topic
Detailed virtual copies of physical objects are opening doors for better products across automotive, health care, aerospace and other industries. Source: Read More News and Events Feed by Topic
The FISSEA Forums are quarterly meetings to provide opportunities for policy and programmatic updates, the exchange of best practices, and discussion and engagement among members of the Federal Information Security Educators (FISSEA) community Source: Read More News and Events Feed by Topic
5×5―the confirmation of a strong and clear signal. In 2023, it will also be a gathering place to make your voice heard and drive public safety communications forward. NIST PSCR and the First Responder Network Authority are excited to host 5×5: The Source: Read More News and Events Feed by Topic
Draft Revision 3 aligns the publication’s language with NIST’s 800-53 catalog of cybersecurity safeguards. Source: Read More News and Events Feed by Topic
This blog is a repost from the First Responder Network Authority, originally published on March 2, 2023. One of the biggest training challenges for first responders is the ability to train in realistic environments that reflect those they will face Source: Read More News and Events Feed by Topic
On June 1, NIST and OMB will host a workshop to discuss next steps for implementation of M-22-18, Enhancing the Security the Software Supply Chain through Secure Software Development Practices, the intended impact on the security of the Federal Source: Read More News and Events Feed by Topic
Also launched: the NIST Small Business Cybersecurity Community of Interest. Source: Read More News and Events Feed by Topic
This final webinar in the Digital Identity Guidelines Webinar Series will focus on the evolving nature of authentication technology and how organizations and NIST are addressing new innovations in the space. Panelists will discuss phishing-resistant Source: Read More News and Events Feed by Topic
NIST’s second Innovative Technologies Showcase, a setting where three NIST researchers will present their latest and greatest technology, has gotten off to a roaring start one whole month before the event is scheduled to take place. Almost 900 Source: Read More News and Events Feed by Topic
Theme: Consumer Fraud Education Download the Continuing Education Units form. The presentation slides are available here. Provide event feedback here. Agenda: 8:00am – 9:00am Registration and Check-in 9:00am – 9:15am Welcome and Opening Remarks Source: Read More News and Events Feed by Topic
Previously, NIST researchers developed a model for predicting the minimum investment needed to achieve the optimum cybersecurity for large networks. Basically, it assessed security measures – such as monitoring, diagnostics, and more – against Source: Read More News and Events Feed by Topic
This year’s Multi-Cloud Conference hosted by NIST, Department of Commerce (DOC), and Tetrate will focus on delivering Zero Trust Architecture (ZTA) through application-tier and network-tier policies in a high-assurance service mesh operating Source: Read More News and Events Feed by Topic