Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

Category: Security

  • What’s New in NIST CSF 2.0?

    What’s New in NIST CSF 2.0?

    The National Institute of Standards and Technology (NIST) has officially released version 2.0 of its landmark Cybersecurity Framework (CSF), marking its first major update since the framework’s inception in 2014. The revised framework introduces significant enhancements designed to extend its applicability and effectiveness across a broader spectrum of organizations, ranging from the smallest schools and…

  • Netizen Cybersecurity Bulletin (February 29th, 2024)

    Overview: Phish Tale of the Week Often times phishing/smishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this text message, the actors are appearing as Coinbase and informing you that action needs to be taken regarding your account. The message first prompts you with a notification that your account…

  • Netizen: February 2024 Vulnerability Review

    Netizen: February 2024 Vulnerability Review

    Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from February that should be immediately patched or addressed if present in your environment. Detailed writeups below:…

  • PyRIT: Microsoft’s Latest Tool for AI Red Teaming

    PyRIT: Microsoft’s Latest Tool for AI Red Teaming

    Microsoft has unveiled PyRIT (Python Risk Identification Tool), a pioneering open-access framework designed to enhance the security of generative AI technologies. This innovative tool aims to support the proactive identification of potential risks within AI systems, focusing on both security threats and responsible AI considerations, such as fairness and the accuracy of generated content. PyRIT…

  • CISA Launching Zero Trust Initiative Office Previewed in March 2023

    CISA Launching Zero Trust Initiative Office Previewed in March 2023

    The Cybersecurity and Infrastructure Security Agency (CISA) is taking a strategic step forward by integrating its various zero trust security initiatives under one roof, according to Sean Connelly, CISA’s senior cybersecurity architect and trusted internet connections program manager, last Thursday at CyberScoop’s Zero Trust Summit. Connelly has been instrumental in shaping the agency’s zero trust…

  • LockBit Ransomware Network Compromised by NCA in International Cyber Operation

    LockBit Ransomware Network Compromised by NCA in International Cyber Operation

    The UK’s National Crime Agency (NCA) successfully thwarted LockBit, a notorious global cybercrime syndicate known for ransomware attacks. The operation, named Cronos, involved seizing control of LockBit’s network and was a collaborative effort with international law enforcement. This highlights the evolving capabilities of law enforcement against cyber threats and emphasizes the commitment to supporting recovery…

  • Understanding Data Disposal: A Key to Data Privacy

    Understanding Data Disposal: A Key to Data Privacy

    Data disposal, a critical component of information lifecycle management, involves the processes and methods used to permanently remove or delete data from digital storage devices. This practice is essential in managing data securely, ensuring that once data is no longer required, it cannot be recovered or misused. Data disposal works by overwriting the original data…

  • Choosing the Right CompTIA Security+ Certification: What’s new in SY0-701?

    Choosing the Right CompTIA Security+ Certification: What’s new in SY0-701?

    As you embark on the path to bolstering your cybersecurity skills through obtaining certifications, choosing between the CompTIA Security+ SY0-601 and SY0-701 exams can be a pivotal decision in your professional development. Both exams serve as a gateway to demonstrating your cybersecurity expertise but differ in their focus and the recency of the content they…

  • FortiSIEM’s Critical OS Command Injection Vulnerabilities: CVE-2024-23108 and CVE-2024-23109

    FortiSIEM’s Critical OS Command Injection Vulnerabilities: CVE-2024-23108 and CVE-2024-23109

    Fortinet has recently issued a warning about two critical-severity vulnerabilities within its FortiSIEM platform. These vulnerabilities, identified as CVE-2024-23108 and CVE-2024-23109, both received the highest level of concern with a provisional Common Vulnerability Scoring System (CVSS) score of 10. These vulnerabilities have a high potential to be exploited without any form of authentication, a prospect…

  • Clorox’s August 2023 Cyberattack: A $49 Million Update

    Clorox’s August 2023 Cyberattack: A $49 Million Update

    In a recent SEC filing, Clorox, the American manufacturing giant known for its consumer and professional cleaning products, has disclosed the financial aftermath of a cyberattack that struck the company in August 2023. This cyber incident, which commenced on August 11, led to the company identifying unauthorized activities within its systems, prompting immediate action to…