Security Affairs Newsletter Round 545 includes 8 Oct.: "Discord says 70,000 users may have had their government IDs leaked in breach" securityaffairs.com/183268/break... #cybersec #CISA #NIST #CISO #cybersec #tech policy

"Considering that sensitive credentials are stored within firewall configurations, organizations using the MySonicWall cloud configuration backup service are advised to reset their credentials on live firewall devices" thehackernews.com/2025/10/expe... #SonicWall #cybersec #CISA #NIST

RE: https://bsky.app/profile/did:plc:yw6wbtma6fynxiafh5v7j5sf/post/3lztquqwws22k

Experts Warn of Widespread Son...

Industrial Control Systems Risk cybersecuritynews.com/cybersecurit... Banks Utilities Oil Gas Government #cybersec #CISA #NIST #CISO #tech threat policy

🔎 MeriTalk, in partnership with Claroty, surveyed 100 OT/CPS security administrators and managers across federal civilian and DOD agencies. Building on the 2024 Guardians of Government study, this report offers a sharper, year-over-year lens into #federal CPS resilience.

Download the report to explore how agencies are securing CPS environments, budgeting for modernization, and adapting strategies to outpace adversaries: https://www.meritalk.com/study/guardians-of-government-vol-2/?campaign=claroty

🇺🇸 #ClarotyFederal #Federal #CPS #OT #IoT #BMS #FRCS #IT #DOD #NIST #JRSS #missionenclave #ZeroTrust #defense #government

True security isn't just about static scans. 🚨 Our on-demand webinar demo proves why you need to check a running system to ensure compliance.

We're showing how to use modern automation to tackle STIGs and NIST compliance in a way that actually works. Watch the webinar to see the future of compliance ➡️ https://go.anchore.com/webinar-stig-in-action-with-mitre/ #NIST #Compliance

🌘 DeepSeek 模型被妖魔化的真相：NIST 如何將開放科學變成安全恐慌
➤ 一場關於控制與利益的論述，而非對安全風險的真實評估
✤ https://erichartford.com/the-demonization-of-deepseek
本文深入剖析美國國家標準暨技術研究院（NIST）近期針對 DeepSeek AI 模型發布的報告。作者認為，該報告並非基於嚴謹的技術安全評估，而是政治打壓的工具，意圖透過製造恐慌來阻礙開放科學、開放研究及開源 AI 的發展，以維護現有企業的利益和控制權。文章指出，NIST 報告未能提供任何 DeepSeek 模型包含惡意程式碼、後門或資料外洩的證據，反而將不同使用情境（透過 API 存取與本地下載）混淆，並放大模型容易被「越獄」及部分回應中國政府觀點的現象，卻忽略了與其他同類型模型進行公平比較，以及美國模型同樣存在安全和偏見問題。作者強調，DeepSeek 的貢獻在於其模型能以較少資源達到優異效能，並將模型權重、架構、訓練方法等完全開源，對 AI 研究社羣是一大貢獻。
#AI #開放科學 #NIST #DeepSeek #資訊安全 #監管

NIST's latest "security scare" 😱 is like a B-grade #horror #flick starring #DeepSeek as the misunderstood monster 🧟, with no evidence of wrongdoing, but plenty of imaginative fear-mongering! 🎃 Our author insists he's got all the juicy details (or just another #opinion #piece crying wolf 🐺).
https://erichartford.com/the-demonization-of-deepseek #NIST #security #scare #fear #mongering #HackerNews #ngated

The Demonization of DeepSeek: How NIST Turned Open Science into a Security Scare

https://erichartford.com/the-demonization-of-deepseek

#HackerNews #DemonizationOfDeepSeek #OpenScience #SecurityScare #NIST #DeepSeek #Cybersecurity

As if Dual_EC_DRBG backdoor was not enough, #NIST is now lying about the risks of opensource #LLM because of Not Invented Here Syndrome: https://erichartford.com/the-demonization-of-deepseek

@hnbot yes, they did.

See #NIST SP 800-90A & #DUAL_EC_DRBG!

https://en.wikipedia.org/wiki/Dual_EC_DRBG
https://en.wikipedia.org/wiki/NIST_SP_800-90A

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #40/2025 is out!

→ It includes the following and much more:

🇬🇧 💰 'You'll never need to work again': Criminals offer reporter money to hack #BBC;

🌍 #INTERPOL arrested 260 suspects across 14 African countries;

🔙 🚪 First Malicious #MCP server in the Wild;

📋 #NIST released SP 1334, a two-page guide to reduce #USB and removable-media risks in industrial control systems;

🔬 #Microsoft says #AI can create “zero day” threats in biology;

💰 @Hacker0x01 paid $81 million in bug bounties over the past year;

🇰🇵 North Korea’s IT Workers expand beyond US big tech;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-40-2025

🔍 Web Malware Scan Results

Website: poll.qu.edu
Security Verdict: LOW RISK

Full analysis & details:
https://scanmalware.com/scan/8c0059fc-b90c-4a71-b45c-803828b3a2d9

#CISControls #Phishing #Ransomware #WebMalware #NIST

🔍 Web Malware Scan Results

Website: nask.pl
Security Verdict: LOW RISK

Full analysis & details:
https://scanmalware.com/scan/00a9f4de-fbf6-4e3b-952c-f51e2fe0d744

#NIST #Phishing #ThreatDetection #EmailSecurity

🔍 Web Malware Scan Results

Website: www.comune.poiana-maggiore.vi.it
Security Verdict: LOW RISK

Full analysis & details:
https://scanmalware.com/scan/f0e368de-65ce-47fa-b59a-06c925f54430

#DigitalSecurity #InfoSec #NIST #SecurityResearch #Ransomware

🔍 Web Malware Scan Results

Website: dea.gov
Security Verdict: LOW RISK

Full analysis & details:
https://scanmalware.com/scan/3eb17dc5-b9c6-4036-acc4-410eff31bd42

#DigitalSecurity #AICybersecurity #NIST

🔍 Web Malware Scan Results

Website: www.comune.calenzano.fi.it
Security Verdict: LOW RISK

Full analysis & details:
https://scanmalware.com/scan/732d1329-b071-4b6a-b78a-e2c1a446a952

#URLScan #AppSec #NIST

🔍 Web Malware Scan Results

Website: www.gsfa.govt.nz
Security Verdict: LOW RISK

Full analysis & details:
https://scanmalware.com/scan/817c2fcb-219c-47be-88ad-f2b384b0f09b

#CyberResilience #AppSec #NIST

🔍 Web Malware Scan Results

Website: ordinefvg.conaf.it
Security Verdict: MEDIUM RISK

Full analysis & details:
https://scanmalware.com/scan/50698d6b-f994-46bf-b1ea-5bea47f6cd34

#NIST #VulnerabilityManagement #IncidentResponse #Ransomware

Everyone thought the “hedged” mode of ML-DSA (Dilithium) fixed fault attacks. New research presented at CHES shows that’s not the case. A "fault then correct" trick still works.

We break it down in our latest Expert Review. ➡️ https://eshard.com/posts/expert-review-6-dilithium-dis-faulting

#pqc #postquantumcryptography #cryptography #nist

As a #SWE, I've gained an enormous appreciation for standards & what goes into developing them. Surely tedious at times, but incredibly useful for society.

#W3C & #IETF are what I tend to have the most contact with, but plenty of standards orgs (#ISO, #NIST, #ISSN, etc) have contrib'd to helping things work together and just better in general.

I 💙 #interoperability & #OpenStandards make that far easier. Closed/licensed standards are waaaay less cool.

#Standards #WebStandards #interop