June 5, 2024 at 06:54AM According to CyberSeek, the US needs over 200,000 more cybersecurity professionals. The initiative aims to offer detailed job market data. Cybersecurity job postings totaled nearly 470,000 between May 2023 and April 2024, with certain roles in high demand. Despite tech hiring difficulties, cybersecurity job postings decreased less than overall IT. … Read more
June 4, 2024 at 10:53AM NIST has faced a significant backlog in processing vulnerability reports, with only 26% being processed this year due to increasing workload and resource reductions. The agency has announced a plan to address the issue, including partnering with CISA and implementing process updates to enhance efficiency. Industry professionals express concerns and … Read more
June 4, 2024 at 09:04AM US National Institute of Standards and Technology is addressing the backlog in processing vulnerability reports. NIST’s plan involves a multipronged approach, working with public and private sectors, and updating technology to handle the increasing number of disclosed vulnerabilities. The backlog has been attributed to a combination of resource reductions and … Read more
June 3, 2024 at 05:53PM NIST extended its contract with Analygence to address the growing backlog in its National Vulnerability Database. The backlog has been increasing since February, with 93% of vulnerabilities submitted remaining unanalyzed. NIST aims to clear the backlog and process current vulnerabilities by the end of the fiscal year. The agency is … Read more
May 30, 2024 at 11:16AM NIST is seeking outside assistance to address a backlog of unprocessed vulnerabilities in the National Vulnerability Database (NVD), with plans to improve processing rates and implement long-term solutions. CISA is collaborating with NIST to address the backlog, and a new project named Vulnrichment aims to enhance CVE records for improved … Read more
May 21, 2024 at 03:49PM Zoom has introduced post-quantum end-to-end encryption (E2EE) for video conferencing, utilizing Kyber 768 to ensure data security against potential future quantum decryption. This advanced encryption will soon be available for Phone and Rooms. While enhancing security, it may limit some Zoom features, and individual users should assess their requirements before … Read more
May 17, 2024 at 09:57AM CISA added two D-Link product CVEs to its Known Exploited Vulnerabilities Catalog, urging federal agencies to address them promptly. The first CVE, CVE-2014-100005, affects decade-old security flaws in legacy D-Link routers. The second D-Link CVE added is CVE-2021-40655, an information disclosure bug in discontinued DIR-605 routers. CISA also included CVE-2024-4761, … Read more
May 16, 2024 at 10:10AM The National Vulnerability Database (NVD) initially created by NIST to centralize cybersecurity vulnerability intelligence is now struggling due to various factors. Increased accessibility led to a surge in low-quality reports, with inexperienced researchers seeking recognition and monetary incentives. As a result, the NVD has not updated vulnerabilities since February, highlighting … Read more
April 19, 2024 at 05:15PM CISO Corner offers a diverse set of security articles from across Dark Reading’s news operation. The latest issue includes topics such as AI’s ability to exploit vulnerabilities, combating security burnout, intensifying cyber operations in the Middle East, Cisco’s Hypershield, NIST guidelines, preparing for cyber incidents, and rethinking detection and response … Read more
April 18, 2024 at 10:04AM Companies are now prioritizing cybersecurity as a top operational risk, with updated guidance from NIST providing valuable insights. However, the focus on prevention often overshadows the critical aspect of recovery from cyberattacks. It’s essential to integrate recovery into the overall security strategy, including continuous testing and alignment with incident response … Read more