A stored XSS vulnerability was discovered in BlogHub, a plugin in the CMS October. This article explores the vulnerability, its impact, and current status in detail.

Windows Task Scheduler, previously known as Scheduled Tasks, is a powerful job scheduler built into Microsoft Windows. Its primary function is to launch computer programs or scripts at specific times or intervals predetermined by the user. Introduced as System Agent in Microsoft Plus! for Windows 95, Task Scheduler Windows has evolved into a core component of the Windows operating system.

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week, we will explore the pivotal role of the AI trust, risk, and security management (AI TRiSM) framework in safeguarding the functionality of AI and understand why it is crucial for our protection. Any relationship needs to be fortified with trust to be successful. The human-AI relationship is not an exception.

The National Institute of Standards and Technology (NIST) developed the NIST 800-171 framework to set guidelines and security requirements for protecting controlled unclassified information (CUI). NIST first created the framework in June 2015 but has since revised the publication several times, most recently in November 2023.

Cybersecurity is a vast and complex field, and it’s made more complicated as technology – both infrastructure and in terms of cyberattacks – grows more and more sophisticated. Any large and complex industry grows terminology and jargon like leaves on a tree, and cybersecurity is no different. There are dozens, if not hundreds, of specialized terms that are used in narrow and specific ways throughout the industry.

The U.S. Department of Defense (DoD) introduced its Cybersecurity Maturity Model Certification (CMMC) program in early 2020. CMMC is a security framework and assessor certification program designed to ensure that all Defense Industrial Base (DIB) contractors meet at least basic cybersecurity requirements for handling Controlled Unclassified Information (CUI), which includes compliance with a variety of standards published by the National Institute of Standards and Technology (NIST).

Brace for impact—CISOs and IT professionals are gearing up for what promises to be an intense year in cybersecurity. Cybercriminals are readying themselves with increasingly cunning tactics against unsuspecting organizations and users. From leveraging artificial intelligence in creating bespoke malware to launching impressively uncanny spoofed sites, the risks are becoming increasingly intricate and difficult to predict.

When planning a hardening project for information security, there are two types of impact analysis to consider – policy impact analysis and security impact analysis. Policy impact analysis refers to generating a report that indicates each policy rule’s impact on your production. It is especially important for avoiding system downtime caused by configuration changes. The second type of impact analysis is Security Impact Analysis.