Blog

RSS Blog

  • Guidelines for API Protection for Cloud-Native Systems | Draft SP 800-228 Available for Public Comment April 1, 2025
    The initial public draft (ipd) of NIST Special Publication (SP) 800-228, Guidelines for API Protection for Cloud-Native Systems, is now available for public comment. Modern enterprise IT systems rely on a family of application programming interfaces (APIs) for integration to support organizational business processes. Hence, a secure development and deployment of APIs is critical for […]
    blogmirnet
  • NIST Launches AI Standards “Zero Drafts” Pilot Project; Welcomes Input  April 1, 2025
    Responding to the need to propel AI innovation by developing AI standards more quickly while encouraging openness and collaboration – incorporating a wide range of expertise – NIST is launching its AI Standards Zero Drafts Pilot Project.  As discussed at NIST’s AI symposium in September, this initiative will pilot a new process of distilling stakeholder […]
    blogmirnet
  • QuickBooks and Stripe TOAD Attacks April 1, 2025
    Threat actors continue to exploit trusted financial software through impersonation, phishing emails, and fraudulent invoices or transactions. They can sign up for free accounts for legitimate software and target potential victims from within those services, utilizing email addresses from domains not flagged by typical security tools. They can also combine voice and email phishing techniques […]
    blogmirnet
  • Account Compromise Via Azure AD Password Hash Synchronization Login Method April 1, 2025
    The NJCCIC was recently notified of a cyber incident in which a threat actor compromised a user’s account credentials by targeting the Password Hash Synchronization (PHS) login method. Azure utilizes PHS to validate credentials and authenticate users without needing an additional Identity Provider (IdP). When PHS is enabled, Azure AD Connect uses the AD replication […]
    blogmirnet
  • A Vulnerability in CrushFTP Could Allow for Unauthorized Access – PATCH NOW April 1, 2025
    A vulnerability has been discovered in CrushFTP, which could allow for unauthorized access. CrushFTP is a proprietary multi-protocol, multi-platform file transfer server. The vulnerability is mitigated if the DMZ feature of CrushFTP is in place. Successful exploitation of this vulnerability could allow an attacker to remotely control the compromised server and execute remote code. An attacker […]
    blogmirnet
  • RESURGE Malware Associated with Ivanti Connect Secure April 1, 2025
    The Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior. These commands: Create a web shell, […]
    blogmirnet
  • Microsoft 365 Copilot Training for IT April 1, 2025
    Space is limited. Register for free today.
    blogmirnet
  • Fake CAPTCHA Malware Campaigns March 21, 2025
    The NJCCIC’s email security solution identified a fake CAPTCHA malware campaign sent to New Jersey State employees in an attempt to deliver the SectopRAT infostealer. The emails contain links directing targets to malicious or compromised websites and prompting deceptive CAPTCHA verification challenges. In the background, the visited website copies a command to the target’s clipboard. […]
    blogmirnet
  • Register for the NIST NCCoE IoT Onboarding Open House Event! March 21, 2025
    REGISTRATION OPEN | Trusted IoT Onboarding Open House Event Date/Time: April 17, 2025 | 8:30 a.m. – 4:00 p.m.  Location: NCCoE at 9700 Great Seneca Highway, Rockville, MD 20850 The NIST National Cybersecurity Center of Excellence (NCCoE) invites you to join us for our in-person Open House Event to discuss trusted IoT Onboarding! Untrusted provisioning […]
    blogmirnet
  • A Vulnerability in Veeam Backup & Replication Could Allow for Arbitrary Code Execution – PATCH NOW March 21, 2025
    A vulnerability has been discovered in Veeam Backup & Replication, which could allow for arbitrary code execution. Veeam Backup & Replication is a comprehensive data protection and disaster recovery solution. With Veeam Backup & Replication, you can create image-level backups of virtual, physical and cloud machines and restore from them. Exploitation of this vulnerability requires […]
    blogmirnet
View All Blog Posts
Whether your team wants to study SharePoint or needs to learn Excel, GSAtrain has a convenient classroom setting with industry-certified instructors to lead your training. Creating opportunities to customize courseware.
Explore
Useful links
Contact info
Copyright 2022 GSAtrain LLC. All Rights Reserved