February 5, 2024 at 06:27AM The current challenge in cyber security lies in the lack of effective risk management platforms, leading to alert fatigue and unmitigated risks. Combining NIST, MITRE, and NCSC frameworks offers a solution to mitigate these risks and enable proactive threat response. The SHQ Response Platform incorporates these frameworks to simplify risk … Read more
February 1, 2024 at 05:44PM Companies in finance and health care need to adopt TLS 1.3 for cyber security, but it complicates data audits. NIST released guide SP 1800-37 to help implement TLS 1.3 and conduct network monitoring and auditing securely. It addresses challenges, offering techniques for key access and securing data. NIST is seeking … Read more
January 3, 2024 at 03:05PM LastPass is strengthening customer password requirements, mandating a minimum 12-character master password for enhanced security, prompted by advancements in password cracking and user behavior. The rollout will start with email notifications to customers, along with additional measures such as multi-factor re-enrollment. The changes aim to mitigate security incidents and breaches. … Read more
December 29, 2023 at 07:54AM The US Department of Defense has proposed a rule for the Cybersecurity Maturity Model Certification (CMMC) program, seeking public feedback. The program aims to ensure defense contractors and subcontractors implement security measures to protect federal contract information and controlled unclassified information. The revision allows for self-assessment, emphasizes cooperation with industry, … Read more
October 23, 2023 at 03:04AM The Federal Risk and Authorization Management Program (FedRAMP) has approved new Revision 5 (Rev. 5) baselines that align with NIST’s “SP 800-53 Rev. 5.” Changes in FedRAMP include updated security controls, documentation, and templates, as well as new control families and increased focus on privacy and customization. Cloud service providers … Read more
October 12, 2023 at 06:39PM In summary, the text highlights the quantum threat to cybersecurity and the need for post-quantum cryptography (PQC) to protect against it. It discusses the importance of cryptographic agility and orchestration in managing and adapting to changing cryptographic algorithms. The text also emphasizes the ongoing PQC standardization process and the need … Read more
October 11, 2023 at 10:08AM Global cyberattacks have risen by 38% in 2022, as reported by Check Point. The cost of a data breach is also increasing, averaging $9.44 million in the US and $4.25 million globally in 2022. To combat this, the National Institute of Standards and Technology (NIST) has updated its Cybersecurity Framework … Read more
October 10, 2023 at 04:47PM Researchers have discovered a vulnerability in a library used by the GNOME desktop environment for Linux systems. Exploiting the vulnerability through a malicious link could allow attackers to take over machines. The issue lies in a dependency called “libcue” used by a default GNOME application called “tracker-miners.” The researchers have … Read more