The Fall of the National Vulnerability Database

May 16, 2024 at 10:10AM The National Vulnerability Database (NVD) initially created by NIST to centralize cybersecurity vulnerability intelligence is now struggling due to various factors. Increased accessibility led to a surge in low-quality reports, with inexperienced researchers seeking recognition and monetary incentives. As a result, the NVD has not updated vulnerabilities since February, highlighting … Read more

Tech Companies Promise Secure by Design Products

May 9, 2024 at 10:37AM Over 60 vendors have pledged to develop secure products as part of the “Secure by Design” initiative led by CISA. The focus is on addressing security as a core business requirement, with the onus on manufacturers rather than individual users. Signatories are asked to consider and demonstrate progress towards seven … Read more

Building the Right Vendor Ecosystem – a Guide to Making the Most of RSA Conference

May 2, 2024 at 11:27AM The RSA Conference is happening in San Francisco, offering insights and solutions for cybersecurity challenges. SOC teams face issues with fragmented tools, leading to alert fatigue and burnout. The choice between platform and best-of-breed solutions involves integration, vendor lock-in, and regulatory considerations. Consider assessing security needs, evaluating products, and understanding … Read more

‘Brain Weasels’: Impostor Syndrome in Cybersecurity

March 22, 2024 at 11:36AM The text discusses the prevalence of impostor syndrome in the cybersecurity industry. The author shares personal experiences and insights from experts, highlighting the industry’s technical nature and gatekeeping tendencies. The importance of community support and strategies for managing impostor syndrome are emphasized. The overall message encourages normalization of impostor syndrome … Read more

Cyber Madness Bracket Challenge – Register to Play

March 14, 2024 at 07:57AM SecurityWeek will host a contest called “Cyber Madness” bracket challenge, allowing the cybersecurity community to compete in a fun and competitive manner during the 2024 NCAA Men’s Basketball Tournament. Participants have a chance to win prizes, earn bragging rights, and enjoy the event. The meeting notes outline the plan for … Read more

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

December 13, 2023 at 10:48AM MITRE, in collaboration with the cybersecurity community and the industrial sector, has developed EMB3D, a threat model tailored for embedded devices in critical infrastructure. With a focus on mitigating threats, EMB3D provides a knowledge base and mappings to device properties while offering technical mitigations. It aims to enhance device security … Read more

Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs

December 11, 2023 at 11:08AM Researchers have linked the Sandman threat group, known for cyberattacks on telecom providers, to a growing network of Chinese government-backed advanced persistent threat (APT) groups. This assessment by Microsoft, SentinelLabs, and PwC reveals shared practices and overlaps in malware development, emphasizing the need for collaboration within the cybersecurity community. From … Read more

Scattered Spider Casino Hackers Evade Arrest in Plain Sight

November 17, 2023 at 03:56PM The cybercrime group known as Scattered Spider has been able to successfully attack US organizations without being disrupted or arrested, despite federal law enforcement being aware of their identities for over six months. The FBI and CISA have released an advisory to help organizations defend against Scattered Spider, but it … Read more

Signal says there is no evidence rumored zero-day bug is real

October 16, 2023 at 02:06AM Signal messenger has investigated rumors of a zero-day security vulnerability related to its link preview feature but found no evidence of its existence. US government sources also confirmed that there is no information suggesting the vulnerability is valid. Signal advises users to disable the link previews feature as a precaution … Read more