NIST Publishes Report on Digital Product Cybersecurity Education and Awareness for Design-A-Thon Event
NIST has published Internal Report (IR) 8558, Report on the Design-A-Thon: Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness. The Design-A-Thon event was organized by NIST and hosted by the Symposium in Usable Privacy and Security (SOUPS) on August 11th, 2024. For the project, three teams developed cybersecurity education and awareness …
Continue reading NIST Publishes Report on Digital Product Cybersecurity Education and Awareness for Design-A-Thon EventFri, 05 Sep 2025 15:31:12 +0000
Protecting Controlled Unclassified Information: A NIST Small Business Cybersecurity Webinar
Date: November 4, 2025 Time: 2:00PM – 3:00PM EST Location: Virtual Description: Recently, NIST published a Small Business Primer for NIST Special Publication (SP) 800-171, Revision 3, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems, to help small and medium-sized businesses understand and implement security requirements for protecting CUI. During this webinar, NIST will provide attendees with …
Continue reading Protecting Controlled Unclassified Information: A NIST Small Business Cybersecurity WebinarFri, 05 Sep 2025 15:30:20 +0000
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – PATCH: NOW
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. …
Continue reading Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution – PATCH: NOWFri, 05 Sep 2025 15:29:41 +0000
APT29 Threat Analysis Report
APT29, also known as Cozy Bear, Midnight Blizzard, The Dukes, Dark Halo, and NobleBaron, is a Russian state-sponsored cyber group linked to the Foreign Intelligence Service (SVR). APT29 has recently advanced its tradecraft by leveraging legitimate cloud services and Software-as-a-Service (SaaS) platforms to conduct covert, highly targeted cyber espionage campaigns. Their operations have primarily focused …
Continue reading APT29 Threat Analysis ReportFri, 05 Sep 2025 15:28:37 +0000
Local Municipality Impersonation to Steal Data and Funds
The NJCCIC received reports of threat actors impersonating multiple New Jersey local municipalities to steal sensitive data and funds and exploit public trust. Threat actors take advantage of residents who interact with their local municipalities regularly and are more likely to trust communications appearing to be official. They pose as local officials and contact residents …
Continue reading Local Municipality Impersonation to Steal Data and FundsFri, 05 Sep 2025 15:28:00 +0000
Threat Actors Want Your Remote…Access
The NJCCIC has observed threat actors continuing to exploit remote monitoring and management (RMM) tools such as PDQ Connect, ScreenConnect, ITarian, and Atera to remotely access target environments. The use of RMM software enables threat actors to gain initial access, often without triggering security alerts due to the legitimate nature of these programs. Once installed, …
Continue reading Threat Actors Want Your Remote…AccessFri, 05 Sep 2025 15:26:57 +0000
Random Number Generation Using DRBGs | Pre-Draft Call for Comments on SP 800-90A
NIST Special Publication (SP) 800-90Ar1 (Revision 1), Recommendation for Random Number Generation Using Deterministic Random Bit Generators (DRBGs), provides guidelines for generating cryptographically secure random numbers using deterministic methods. This recommendation specifies approved DRBG mechanisms based on hash functions and block ciphers. NIST is planning a second revision of SP 800-90A to reflect advancements in …
Continue reading Random Number Generation Using DRBGs | Pre-Draft Call for Comments on SP 800-90AFri, 05 Sep 2025 15:25:58 +0000
A Vulnerability in Git Could Allow for Remote Code Execution – PATCH NOW
A vulnerability has been discovered in Git, which could allow for remote code execution. Git is a free and open-source distributed version control system (VCS). It is designed to track changes in source code during software development and is widely used for coordinating work among multiple developers on the same project. Successful exploitation of this …
Continue reading A Vulnerability in Git Could Allow for Remote Code Execution – PATCH NOWWed, 27 Aug 2025 15:12:56 +0000
Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Remote Code Execution – PATCH NOW
Multiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution. Successful exploitation of these vulnerabilities could lead to remote code execution (RCE) and/or denial of service (DoS) THREAT INTELLEGENCE:Citrix indicates exploits of CVE-2025-7775 on unmitigated appliances have been observed in the wild. SYSTEMS AFFECTED: RISK:Government: Businesses: Home …
Continue reading Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Remote Code Execution – PATCH NOWWed, 27 Aug 2025 15:12:17 +0000
NIST Releases Revision to the Security and Privacy Control Catalog
A revision to NIST’s catalog of security and privacy controls, Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations, is available. This revision focuses on improving the security and reliability of software updates and patches in response to Executive Order 14306 on strengthening the Nation’s cybersecurity. SP 800-53 Release 5.2.0 addresses …
Continue reading NIST Releases Revision to the Security and Privacy Control Catalog Wed, 27 Aug 2025 15:11:20 +0000