We’re ringing in the New Year by giving you a sneak peek into what the NIST Small Business Program has planned for 2024. During this webinar, we’ll: Introduce you to the new NIST Lead for Small Business Engagement Provide an overview of upcoming

The National Institute of Standards and Technology Human-Centered Cybersecurity program is pleased to announce the release of the NIST Phish Scale User Guide . The Phish Scale is a method designed to rate an email’s human phishing detection

On October 20, 2023, NIST’s David Wollman, Deputy Chief of the Smart Connected Systems Division, presented on smart connected systems and standards to federal agency participants at the NIST Standards Coordination Office (SCO) Standards Boot Camp

On October 2, 2023, NIST Research Leader Ed Griffor presented at the inaugural EU ROADVIEW Webinar “An Introduction to the Automated Vehicle Industry.” This webinar was the first of a series on Connected, Cooperative, and Automated Mobility (CCAM)

NIST released an updated version of its Interagency Report on Advanced Communication Technologies Standards which is a guide for Federal agencies on standards priorities and activities related to communications technologies. The report, NISTIR 8483

NIST’s Raphael Barbau and Conrad Bock were invited to present NIST-developed software that helps find inconsistencies in system behavior designs, at the University of Maryland’s Frontiers in Design Representation Summer School . The week-long event

On September 12, 2023, NIST held the first of several listening sessions designed to chart a path towards standardizing critical and emerging technologies, in partnership with the U.S. Patent and Trademark Office at its Elijah J. McCoy Midwest

Purdue University researchers developed and fabricated field deployable smart sensors which measure nitrates for agricultural crop development. The initiative was funded by Wabash Heartland Innovation Network , a participant in NIST’s Global

​​​​​​ The U.S. Election Assistance Commission (EAC) Technical Guidelines Development Committee (TGDC) will hold its annual meeting on December 5, 2023, at the National Cybersecurity Center of Excellence in Rockville, Maryland. This meeting will be

Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.

Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft OneNote Spoofing Vulnerability

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.

strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.