The U.S. National Institute of Standards and Technology (NIST) has, through its National Cybersecurity Center of Excellence (NCCoE),… The post
Industrial Control Systems
ICS news
CISA Strategic Focus set to guide CVE program into ‘quality era,’ prioritizing data accuracy, governance, collaboration
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a roadmap setting priorities to strengthen partnerships, modernize… The post
CISA flags critical flaws in Rockwell Automation, ABB products
Experts say OT teams and CISOs must prioritize patching the ICS flaws right away.SCM feed for Endpoint/Device SecurityRead More
Latest
Box’s new AI features help unlock dormant data
Users will be able to do more with files stored in Box’s cloud service with new AI features announced by
SonicWall SSL VPNs still under attack from Akira ransomware group
Teams need to patch a year-old flaw in which passwords were not reset during migration.SCM feed for Endpoint/Device SecurityRead More
Data breach confirmed by Jaguar Land Rover
Jaguar Land Rover, the UK’s leading automaker, has disclosed the compromise of certain data amid continued efforts to restore the
Everest ransomware purportedly breaches Allegis Group
Cybernews reports that U.S. multinational talent management company Allegis Group was claimed to have had its internal corporate files compromised
Misconfiguration prompts immense generative AI app data exposure
Major Android and iOS generative artificial intelligence app developer Vyro AI had 116 GB of user logs from its ImagineArt,
Four lessons from the Salesloft OAuth hack
Here’s why teams have to refine their defenses for non-human identities, or face the consequences.SCM feed for Endpoint/Device SecurityRead More
New Apple security system aims to bolster anti-spyware protections
CyberScoop reports that intensified spyware attacks against iPhones have prompted Apple to introduce the new Memory Integrity Enforcement security system
Defense bill with cyber, AI focus gets House nod
The House has passed its version of the National Defense Authorization Act with various cybersecurity and artificial intelligence provisions, reports
Extensive Hello Gym audio recording leak uncovered
Minnesota-based fitness technology services provider Hello Gym had more than 1.6 million audio recordings of North American gym members leaked
KillSec ransomware targets healthcare industry in Brazil
SCM feed for Endpoint/Device SecurityRead More
New malware tapped by Chinese APT in Philippine military firm-targeted attack
New malware tapped by Chinese APT in Philippine military firm-targeted attack Attacks involving the newly discovered EggStreme fileless malware framework
Massive DDoS attack discovered, mitigated
Threat actors have launched a distributed denial-of-service attack peaking at 1.5 billion packets per second against an unnamed European DDoS
Akira ransomware sets sights on vulnerable SonicWall devices
Multiple misconfigurations in SonicWall SSL VPN instances have been leveraged by the Akira ransomware operation in their intrusions, The Register
FBI evolves advanced threat hunting after Chinese Typhoon attacks
The FBI was noted by its Cyber Division Deputy Assistant Director Jason Bilnoski to have transformed its advanced threat hunting
Cyber Command, NSA to remain under the leadership of one person
Lt. Gen. William Hartman has been serving in an acting capacity for the two organizations.SCM feed for Endpoint/Device SecurityRead More
Stop paying the password tax: A CFO’s guide to affordable zero-trust access
CFO guide to zero-trust access: cut password costs, boost security, and keep full control of keys.SCM feed for Endpoint/Device SecurityRead
SPARTA v3.1 expands space cybersecurity with updated controls, new techniques, and research contributions
The Aerospace Corporation has released Space Attack Research and Tactic Analysis (SPARTA) v3.1, adding space segment guidance for… The post
CISA flags critical ICS vulnerabilities across Rockwell and ABB Systems, exposing OT networks to potential exploits
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published fourteen ICS advisories on Tuesday, highlighting critical vulnerabilities across… The post
Kiteworks survey reveals governance gaps leave defense contractors unprepared for CMMC 2.0 compliance
A new report from Kiteworks identified that half of defense industrial base contractors lack centralized data governance as… The post
More than half of internet-exposed assets have no web application firewall
Up to 63.4% of PII-collecting webpages have no WAF protection, CyCognito found.SCM feed for Endpoint/Device SecurityRead More
Nebius Group raises $3 billion to grow AI cloud business
Funding round comes on heels of $17.4 billion deal with Microsoft as focus turns to secure data centers.SCM feed for