InfoSecBulletin Cybersecurity for mankind
NIST has released its Cybersecurity Framework 2.0 after several years of consideration. The new framework expands its recommendations to cover the concerns of organizations beyond critical infrastructure.
NIST issued the first CSF in 2014, in response to a presidential executive order, to assist organizations, particularly critical infrastructure, in managing cybersecurity risk. CSF 2.0 expands on the original five functions (Identify, Protect, Detect, Respond, and Recover) and adds a new one, Govern. The updated CSF also covers supply chain risks.
Brain Cipher Ransomware to Release Decryption Keys free for Indonesia
0-click Account Takeover via Google Authentication
multiple vulnerabilities found in apache HTTP server
Australian four major banks raised alarm on cyber ‘warfare’
CVE-2024-20399: Cisco NX-OS Vulnerability Under active Attack
NCSA to do maximum work with limited manpower: DG Kamruzzaman
Microsoft Issues CVE Numbers for Cloud Service Vulnerabilities
Ransomware detail behind Indonesia’s data center breach
MerkSpy Exploits Microsoft Office Vulnerability: FortiGuard report
Google Blocking Entrust Certificates in Chrome in November 2024
“Developed by working closely with stakeholders and reflecting the most recent cybersecurity challenges and management practices, this update aims to make the framework even more relevant to a wider swath of users in the United States and abroad,” according to a statement from Kevin Stine, chief of NIST’s Applied Cybersecurity Division.
NIST included a reference tool in CSF 2.0 to help cybersecurity teams find guidance data. It also has a searchable catalog and many references to help organizations of all sizes implement the new framework.
