On August 17, 2022, NIST hosted its first public workshop on the future update to the NIST Cybersecurity Framework (CSF 2.0).
Morgan Stanley will pay a $35 million penalty to settle charges from the U.S. Securities and Exchange Commission for wide-ranging failures around properly disposing of hard drives and servers containing the personal information of some 15 million customers.
Authentication service provider and Okta subsidiary Auth0 has disclosed what it calls a "security event" involving some of its code repositories.
GitHub, which itself is owned by Microsoft, announced on Monday that it plans to support code signing, a sort of digital wax seal, for npm software packages using the code-signing platform Sigstore. The tool grew out of cross-industry collaboration to make it much easier for open source maintainers to verify that the code they create is the same code that ends up in the software packages actually being downloaded by people worldwide.
This security flaw (CVE-2022-35405) can be exploited in low-complexity attacks, without requiring user interaction, to gain remote code execution on servers running unpatched Zoho ManageEngine PAM360 and Password Manager Pro (without authentication) or Access Manager Plus (with authentication) software.
A congressional deal to keep the U.S. Food and Drug Administration funded past this month strips medical device cybersecurity provisions earlier approved by the House of Representatives with bipartisan support.