NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171 or NIST 800-171), provides federal agencies with a set of guidelines designed to ensure that Controlled Unclassified Information (CUI) remains confidential and unchanged in… Read More "Understanding NIST SP 800-171 Compliance"
Huntress’ new discovery, however, points to a separate, credential-driven campaign. Starting around October 4, Huntress observed mass logins into SonicWall SSLVPN devices from attacker-controlled IPs – one notably traced to 202.155.8[.]73. Many login sessions were brief, but others involved deeper… Read More "SonicWall VPNs face a breach of their own after the September cloud-backup fallout"
British businesses have been urged to prioritize AI governance when adopting the technology in new projects, after new data from EY revealed the average company has lost millions due to unmanaged risks. The consulting giant polled 100 UK firms as… Read More "UK Firms Lose Average of £2.9m to AI Risk"
Vendor Risk Management (VRM) is the process of managing and monitoring security risks resulting from third-party vendors, IT suppliers, and cloud solutions. VRM programs combine continuous third-party attack surface monitoring, risk assessments, and other third-party risk management initiatives to mitigate… Read More "Vendor Risk Management: Strategies for Protecting Your Business"
Oct 14, 2025Ravie LakshmananMalware / Typosquatting Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way… Read More "npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels"
Neue Fähigkeiten für eine neue Ära Diese Entwicklung bringt eine Reihe neuer benötigter Fähigkeiten mit sich. Cybersicherheit, einschließlich technischer Fachkenntnisse, ist nach wie vor entscheidend, muss aber mit Risikoquantifizierung, Enterprise Risk Management, Bedrohungserkennung, geopolitischer Kompetenz und dem Bewusstsein für Rechtsvorschriften… Read More "Vom CISO zum Chief Risk Architect"
Oct 14, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the… Read More "Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain"
Cyberkriminelle wollten sich in 20.000 Benutzerkonten der Bundesagentur für Arbeit einloggen, um Arbeitslosengeld umzuleiten. T. Schneider – shutterstock.com Bei einem Cyberangriff auf die Bundesagentur für Arbeit (BA) sollen acht Männer versucht haben, Leistungen auf eigene Konten umzuleiten. Die bayerischen Experten… Read More "Cyberangriff auf Bundesagentur | CSO Online"
The K-12 database, the most comprehensive of its kind, does not include gender data for about 12.5 percent of school shooters since 2015, which only makes it more difficult to draw firm conclusions about broader patterns. Other mass shootings at… Read More "Heritage Foundation Uses Bogus Stat to Push a Trans Terrorism Classification"
The current timing couldn’t be worse: according to a 2024 Europol threat assessment, cybercrime has increased dramatically in terms of volume, intensity and potential for harm. At the same time, electronic evidence has become increasingly important in the context of… Read More "EU to sign UN Convention on Cybercrime"
