Security leaders talk about a new advisory released by CISA which warns of web applications about insecure direct object reference (IDOR) vulnerabilities.
The National Security Agency (NSA) is warning of a known vulnerability in the Microsoft Windows secure startup process that malicious actors could use to bypass Secure Boot protection and execute BlackLotus malware.
National Security Agency Chief of Cybersecurity Policy and Strategy Greg Bednarski offers insight into the implications of President Biden's latest cybersecurity memorandum.
Cybersecurity researchers from the University of Missouri seek to develop a security tool that allows smart devices to learn from past cyberattacks with minimal user interaction. The cybersecurity feature would be functional across different types of smart devices and aim to prevent both small- and large-scale cyberattacks in the future.
NSA released the Cybersecurity Information Sheet, “Securing Wireless Devices in Public Settings,” to help National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) teleworkers identify potential threats and minimize risks to their wireless devices and data.
The National Security Agency (NSA) released the Cybersecurity Advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology.” The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.
The University of West Florida has been re-designated by the National Security Agency and Department of Homeland Security as the Southeast Centers of Academic Excellence in Cybersecurity (CAE-C) Regional Hub.