Tag: nist
-
The rise of vCISO as a viable cybersecurity career path
by
in SecurityNews
Tags: advisory, business, ceo, cio, ciso, compliance, computer, control, country, cyber, cybersecurity, government, grc, group, guide, healthcare, incident response, infrastructure, ISO-27001, jobs, mobile, network, nist, risk, risk-assessment, risk-management, service, skills, strategy, technology, tool, trainingDamon Petraglia, vCISO and CISO on demand Blue Mantis Damon Petraglia A long-time cybersecurity pro with chops built up in the federal government world and through forensic investigation work, Damon Petraglia works as a vCISO and CISO on demand for the IT services firm Blue Mantis.”Where I am today as a vCISO is a culmination…
-
Quantum supremacy: Cybersecurity’s ultimate arms race has China way in front
by
in SecurityNews
Tags: ai, authentication, automation, backup, banking, breach, business, china, ciso, computing, control, crypto, cryptography, cybersecurity, data, encryption, finance, government, healthcare, identity, infrastructure, jobs, military, ml, nist, risk, service, skills, technology, threat, update, vulnerability, zero-dayThe DeepSeek/Qwen factor: What we learned from recent AI advances, such as DeepSeek and Qwen, that caught the world by surprise is that China’s technology is much more advanced than anyone anticipated. I’d argue that this is a leading indicator that China’s quantum computing capabilities are also in absolute stealth-mode development and ahead of the…
-
NIST loses key cyber experts in standards and research
by
in SecurityNewsThe head of NIST’s Computer Security Division and roughly a dozen of his subordinates took the Trump administration’s retirement offers, placing key programs at risk. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nist-cyber-retirements-quantum-ai-research-standards/747270/
-
2025 The International Year of Quantum Science and Technology
by
in SecurityNews
Tags: access, attack, cloud, compliance, computer, conference, crypto, cryptography, cybersecurity, data, encryption, finance, government, group, Hardware, infrastructure, international, lessons-learned, network, nist, regulation, risk, risk-assessment, software, strategy, technology, tool2025 The International Year of Quantum Science and Technology divya Tue, 04/29/2025 – 07:48 It is no surprise that the United Nations declared 2025 as the International Year of Quantum Science and Technology (IYQ). Not only does it mark the 100-year point since quantum physics were discovered, but for those who have been following, the…
-
10 key questions security leaders must ask at RSA 2025
by
in SecurityNews
Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trustIs agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
-
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
by
in SecurityNews
Tags: access, advisory, ai, attack, breach, china, cisa, cisco, ciso, cloud, computer, control, csf, cve, cyber, cyberattack, cybersecurity, data, defense, encryption, espionage, exploit, firmware, framework, governance, government, group, hacker, hacking, healthcare, identity, infrastructure, Internet, LLM, malicious, mfa, mitigation, mitre, network, nist, open-source, password, phishing, privacy, risk, risk-assessment, router, service, software, strategy, supply-chain, technology, threat, tool, update, vulnerabilityCheck out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers. Dive into five…
-
NIST Updates Privacy Framework With AI and Governance Revisions
by
in SecurityNewsThe US National Institute of Standards and Technology has updated its Privacy Framework to work cohesively with its Cybersecurity Framework and guide organizations to develop stronger postures to handle privacy risks. First seen on darkreading.com Jump to article: www.darkreading.com/data-privacy/nist-updates-privacy-framework-ai-governance
-
CVE program averts swift end after CISA executes 11-month contract extension
by
in SecurityNews
Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-managementImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
-
MITRE CVE Program Funding Set To Expire
by
in SecurityNews
Tags: cve, cvss, cybersecurity, data, github, identity, intelligence, mitre, monitoring, nist, technology, update, vulnerability, vulnerability-managementMITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along…
-
CVE program faces swift end after DHS fails to renew contract, leaving security flaw tracking in limbo
by
in SecurityNews
Tags: china, cisa, cve, cyber, cybersecurity, data, detection, endpoint, flaw, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, technology, threat, vulnerability, vulnerability-managementMITRE’s CVE program foundational to cybersecurity: MITRE’s CVE program is a foundational pillar of the global cybersecurity ecosystem and is the de facto standard for identifying vulnerabilities and guiding defenders’ vulnerability management programs. It provides foundational data to vendor products across vulnerability management, cyber threat intelligence, security information, event management, and endpoint detection and response.Although…
-
Meeting NIST API Security Guidelines with Wallarm
by
in SecurityNewsOn March 25, 2025, NIST released the initial public draft of NIST SP 800-228, “Guidelines for API Protection for Cloud-Native Systems.” The document provides a comprehensive framework for securing APIs in cloud-enabled environments. However, for organizations looking to align with these objectives, the tooling requirements may seem initially overwhelming. Fortunately, Wallarm helps streamline the process…
-
NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue
by
in SecurityNewsNIST, which for more than a year has been struggling to address a backlog of CVEs in its database following budget cuts, is now putting pre-2018 vulnerabilities on the back burner to give itself more time to address the rapidly growing number of new software security flaws. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/nist-deprioritizes-pre-2018-cves-as-backlog-struggles-continue/
-
NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog
by
in SecurityNewsNIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-defers-pre-2018-cves/
-
NIST calls time on older vulnerabilities amid surging disclosures
by
in SecurityNewsThe National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622153/NIST-calls-time-on-older-vulnerabilities-amid-surging-disclosures
-
NIST Declares Pre-2018 CVEs Will Be Labeled as ‘Deferred’
by
in SecurityNewsThe National Institute of Standards and Technology (NIST) has announced that all Common Vulnerabilities and Exposures (CVEs) with a publication date before January 1, 2018, will now be marked with a >>Deferred
-
NIST to Implement ‘Deferred’ Status to Dated Vulnerabilities
by
in SecurityNewsThe changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD). First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/nist-deferred-status-dated-vulnerabilities
-
NIST marks all CVEs prior to Jan. 1, 2018, as ‘deferred’
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/nist-marks-all-cves-prior-to-jan-1-2018-as-deferred
-
NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
by
in SecurityNewsNIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them. The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/nist-puts-pre-2018-cves-on-back-burner-as-it-works-to-clear-backlog/
-
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
by
in SecurityNewsNo known exploits yet: Neither Endor Labs nor NIST’s NVD entry reported any exploit attempts using CVE-2025-30065 as of publication of this article. Apache silently pushed a fix with the release of 1.15.1 on March 16, 2025, with a GitHub redirect to changes made in the update.Endor Labs advised prompt patching of the vulnerability, which…
-
House members press Commerce Secretary Lutnick on DOGE-related job cuts at NIST
by
in SecurityNewsThe agency has already slashed dozens of probationary workers, and further cuts could have major consequences for cybersecurity standards and AI development.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/house-lutnick-doge-job-cuts-nist/744375/
-
Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers
by
in SecurityNewsIntroductionAs the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices.For service providers, adhering to NIST First seen on thehackernews.com…
-
7 Wege, Daten (besser) zu verschlüsseln
by
in SecurityNews
Tags: ai, blockchain, business, crypto, dns, encryption, github, healthcare, infrastructure, nist, office, privacy, software, updateVerschlüsseln Sie Ihre Daten zeitgemäß?Das Konzept der Kryptografie existiert schon ein paar Hundert Jahre, wird aber von findigen Wissenschaftlern und Mathematikern immer weiter vorangetrieben. Im Rahmen dieser Entwicklungsarbeit hat sich gezeigt, dass Algorithmen noch viel mehr können, als nur Daten zu schützen: Sie sind auch in der Lage, komplexe Regeln durchzusetzen und die Zusammenarbeit zu…
-
How CISOs can balance business continuity with other responsibilities
by
in SecurityNews
Tags: attack, backup, breach, business, cio, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, finance, framework, healthcare, incident, incident response, metric, nist, ransomware, resilience, risk, service, strategy, supply-chain, technology, threat, usa, vulnerabilityCIO-CISO divide: Who owns business continuity?: While CISOs may find that their remit is expanding to cover business continuity, a lack of clear delineation of roles and responsibilities can spell trouble.To effectively handle business continuity, cybersecurity leaders need a framework to collaborate with IT leadership.Responding to events requires a delicate balance between thoroughness of investigation…
-
SandboxAQ Strengthens Leadership in Post-Quantum Security as NIST Approves HQC Algorithm
by
in SecurityNewsThe National Institute of Standards and Technology (NIST) has officially added HQC (Hamming Quasi-Cyclic), co-invented by SandboxAQ, to its suite of post-quantum cryptographic (PQC) standards, the company announced today. HQC becomes the fifth algorithm selected by NIST in its ongoing effort to develop quantum-resistant encryption standards. Of the five, three will serve digital signature purposes,…
-
7 cutting-edge encryption techniques for reimagining data security
by
in SecurityNews
Tags: ai, computer, cryptography, data, dns, encryption, government, ibm, identity, nist, office, privacy, risk, software, technology, trainingPrivate information retrieval: Securing a database is fairly straightforward. Protecting the privacy of the users, however, is a bit more difficult. Private information retrieval algorithms make it possible for people to search the database for specific blocks of data without revealing too much to the database owner.This extra layer of protection relies on scrambling larger…
-
Introducing Agentic Risk Scoring – Impart Security
by
in SecurityNews
Tags: ai, application-security, control, cvss, detection, framework, mitre, nist, risk, risk-assessment, tool, vulnerabilityReimagining Risk Scoring: A Breakthrough in Security Risk Management For years, AppSec and product security teams have been locked in endless debates about the most effective security frameworks and risk scoring methodologies. From CVSS and MITRE ATT&CK to NIST frameworks, these tools promise to quantify and manage security risks”, but how truly helpful are they?…