FedScoop reports that the National Institutes of Standards and Technology is expected to release an update of its Cybersecurity Framework with significant changes by 2024.
In a concept paper released on Jan. 19, NIST has proposed to expand the framework beyond critical infrastructure and offer increased implementation guidance, as well as highlight cybersecurity governance and cybersecurity supply chain risk management.
"The CSF has been adopted voluntarily and in governmental policies and mandates at all levels around the world, reflecting its enduring and flexible nature to transcend risks, sectors, technologies, and national borders. The CSF is intended to be a living document that is refined and improved over time. The CSF 2.0 version reflects the evolving cybersecurity landscape but community needs will drive the extent and content of the changes," said the paper.
NIST will be accepting public comments on the paper with the proposed changes to the Cybersecurity Framework until Mar. 3.
Numerous government, political, and academic organizations in South Korea have been targeted by the Chinese state-backed advanced persistent threat operation TAG-74 as part of a "multi-year" cyberespionage campaign part of China's intellectual property theft and influence operations, The Hacker News reports.
BleepingComputer reports that vulnerable Openfire messaging servers impacted by the already addressed high-severity authentication bypass flaw, tracked as CVE-2023-32315, are being subjected to ongoing attacks aimed at ransomware encryption and cryptominer distribution.
Ukraine's Prosecutor General's Office and other departments involved in war crimes documentation have been facing mounting cyberattacks from Russian state-sponsored threat operations looking to obtain evidence regarding such crimes, which is a sharp contrast from the previous targeting of energy facilities, Reuters reports.