May 2021

NIST’s National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity Practice Guide Special Publication (SP) 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manuf…

Read More NIST Cybersecurity Practice Guide SP 1800-15, Securing Small Business and Home IoT Devices: Mitigating Network-Based Attacks Using MUD

 Folks,I hope this finds you all doing well. As some of you may now, over the years, I have shared numerous perspectives on foundational cyber security and on Active Directory security, both here (i.e. on this blog) and at my second blog.Unfortuna…

Read More New Coordinates

Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, addressed President Biden’s executive order at the virtual RSA Conference this week. The executive order, announced on May 12, 2021, aims to safeguard U.S. cybersecurit…

Read More Live From RSAC: Anne Neuberger Addresses President Biden’s Executive Order on Cybersecurity

Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, addressed President Biden’s executive order at the virtual RSA Conference this week. The executive order, announced on May 12, 2021, aims to safeguard U.S. cybersecurit…

Read More Live From RSAC: Anne Neuberger Addresses President Biden’s Executive Order on Cybersecurity

Software security is a big focus of the Biden administration’s recent executive order on cybersecurity. In fact, an entire section, or 25 percent, of the order is dedicated to software security requirements. In the wake of the SolarWinds cyberattack, t…

Read More A Closer Look at the Software Supply Chain Requirements in the Cybersecurity Executive Order

The National Institute of Standards and Technology (NIST) will host a virtual workshop on June 2 and 3, 2021 to enhance the security of the software supply chain and to fulfill the President’s Executive Order on Improving the Cybersecurity of the Feder…

Read More Workshop and Call for Position Papers on Standards and Guidelines to Enhance Software Supply Chain Security

Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world.
Despite …

Read More 2021 Verizon Data Breach Investigations Report Proves That Cybercrime Continued to Thrive During the Pandemic

NIST announces the publication of a Cybersecurity White Paper on confidence mechanisms for Internet of Things (IoT) devices, Establishing Confidence in IoT Device Security: How do we get there? This paper describes the landscape of confidence mechanism…

Read More NIST Seeks Comments on “Establishing Confidence in IoT Device Security: How do we get there?”

Hi GuysI need your support. I became aware only not that we can nominate SecurityAffairs as Best Personal Blog. I need your support. Please vote Security Affairs as Best Personal cybersecurity Blog at the following link https://docs.google.com/forms/d/e/1FAIpQLSer_6yOZrL8OO6XjJ9yj3Mlq9LvuOakdTZN9ZmhkFCy1aQLdw/viewform The URL is https://securityaffairs.co/ and indicate me Pierluigi Paganini as reference Thank you!Pierluigi Follow me on Twitter: @securityaffairs […]

The post Please vote Security Affairs – 1 day left appeared first on Security Affairs.

Read More Please vote Security Affairs – 1 day left

Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. Threat actors conducted a spear-phishing campaign using messages that were specifically designed to be […]

The post Organizations in aerospace and travel sectors under attack, Microsoft warns appeared first on Security Affairs.

Read More Organizations in aerospace and travel sectors under attack, Microsoft warns

Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client, tracked as CVE-2020-3556, that was disclosed in November. The availability of a proof-of-concept exploit code for the zero-day was confirmed by the Cisco Product Security […]

The post Cisco fixes AnyConnect Client VPN zero-day disclosed in November appeared first on Security Affairs.

Read More Cisco fixes AnyConnect Client VPN zero-day disclosed in November

President Biden signed an executive order to improve government cybersecurity, setting new security standards for software sold to the federal government.

For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” violators would be removed from federal procurement lists, which could kill their chances of selling their products on the commercial market.

I’m a big fan of these sorts of measures. The US government is a big enough market that vendors will try to comply with procurement regulations, and the improvements will benefit all customers of the software…

Read More New US Executive Order on Cybersecurity

Since its release three years ago, IBM says DBaaS offerings have gained enormous interest from customers across multiple industries. At THINK this week, it also received several updates.

The post IBM looks to address business AI adoption challenges with AutoSQL and partner program changes first appeared on IT World Canada.

Read More IBM looks to address business AI adoption challenges with AutoSQL and partner program changes

President Joe Biden signed an ambitious executive order to dramatically improve the security of the US government networks. President Biden signed an executive order this week to improve the country’s defenses against cyberattacks, it is an important move that comes shortly after the recent wave of attacks, such as the SolarWinds supply chain attack and the […]

The post Biden signed executive order to improve the Nation’s Cybersecurity appeared first on Security Affairs.

Read More Biden signed executive order to improve the Nation’s Cybersecurity