NIST Retires SHA-1 Cryptographic Algorithm

The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable....

1 Comment

Announcement of Proposal to Revise FIPS 180-4, Secure Hash Standard (SHS)

As a part of the periodic review of NIST’s cryptographic standards and guidelines, NIST’s Crypto...

NIST Transitioning Away from SHA-1 for All Applications

NIST is introducing a plan to transition away from the current limited use of the...

Withdrawal of NIST Special Publication 800-106, Randomized Hashing for Digital Signatures

In January 2022, NIST’s Crypto Publication Review Board initiated a review process for NIST Special Publication (SP)...

1 Comment

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims...

Top 5 Web App Vulnerabilities and How to Find Them

Web applications, often in the form of Software as a Service (SaaS), are now the...

Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages

NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted...

FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that...

Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems

Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email...

New GoTrim Botnet Attempting to Break into WordPress Sites’ Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress...

Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems

Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish...

Why PCI DSS 4.0 Should Be on Your Radar in 2023

Protecting customer data is critical for any business accepting online payment information. The Payment Card...

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for...

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been...

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web...

Making Principles Based Assurance a reality

An update on the work to make Principles Based Assurance (PBA) usable in practice....

1 Comment

Google Launches Largest Distributed Database of Open Source Vulnerabilities

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer...

Cybersecurity Measurement Workshop

The NIST Cybersecurity Risk Analytics Team is hosting a workshop to provide an overview of...

2 Comments

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery...

Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware

Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that’s deliberately designed...

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for...

Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN...

Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users

High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus...

1 Comment

Top 4 SaaS Security Threats for 2023

With 2022 coming to a close, there is no better time to buckle down and...

Google Adds Passkey Support to Chrome for Windows, macOS and Android

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its...

Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an...

Keep Your Grinch at Bay: Here’s How to Stay Safe Online this Holiday Season

As the holiday season approaches, online shopping and gift-giving are at the top of many...

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware...

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a...

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

A new attack method can be used to circumvent web application firewalls (WAFs) of various...