14 matches found
Malicious code in @zalastax/nolb-omb (npm)
The package @zalastax/nolb-omb was found to contain malicious code...
MAL-2025-12805 Malicious code in @zalastax/nolb-omb (npm)
The package @zalastax/nolb-omb was found to contain malicious code...
Meeting FISMA (M-24-04) Requirements with a Unified Attack Surface Management Strategy
At the end of 2023, the Office of Management and Budget OMB released the FY24 FISMA Guidance M-24-04 with a broad focus on securing the entire attack surface and specific action items for agencies pertaining to High Value Assets, IoT/OT devices, and internet-connected assets. In reference to rece...
omlazeni.cz Cross Site Scripting vulnerability OBB-3453048
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
It’s time to bite the bullet for more secure software
On September 14, 2022, the Office of Management and Budget OMB released their M-22-18 memorandum on "Enhancing the Security of the Software Supply Chain through Secure Software Development Practices." This document builds upon previous government documents such as Executive Order EO 14028...
CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case
CISA has released Trusted Internet Connections TIC 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications. TIC use cases provide...
Six Key Takeaways from the OMB Memo
In May 2021, following a number of high-profile security incidents, U.S. President Biden issued an executive order that set out a high-level agenda to modernize and improve the government’s cyber resilience. This January, the U.S. Office of Management and Budget OMB issued a memo to the heads of...
White House Executive Order – Navigating EDR Implementation
White House Executive Order – Navigating Endpoint Detection and Response EDR Implementation Tom Gann · March 08, 2022 This is the fourth in a series of blogs on the Biden Administration’s Executive Order EO on Improving the Nation’s Cybersecurity. I encourage you to read those you may have missed...
The federal Zero Trust strategy and Microsoft’s deployment guidance for all
You’d be forgiven for missing the White House announcement on federal Zero Trust strategy on January 26, 2022.1 After all, on that day alone a Supreme Court Justice announced his intention to retire, the Federal Reserve announced its plan to raise interest rates, and the State Department was busy...
CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0
CISA has released the final version of Internet Protocol version 6 IPv6 Considerations for Trusted Internet Connections TIC 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public...
CISA Releases Guidance: TIC 3.0 Remote User Use Case
In coordination with the Office of Management and Budget OMB, the Federal Chief Information Security Officer Council FCISO Trusted Internet Connections TIC Subcommittee, and the General Services Administration, CISA has released Trusted Internet Connections 3.0 Remote User Use Case. The Remote Us...
CISA Releases Guidance: IPv6 Considerations for TIC 3.0
The federal government has prioritized the transition of federal networks to Internet Protocol version 6 IPv6 since the release of Office of Management and Budget OMB Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum...
FISMA Annual Report to Congress
The Office of Management and Budget OMB has published its Fiscal Year FY 2018 Annual Report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 FISMA. The document includes data reported by agencies to OMB and the Cybersecurity and Infrastructure Securi...
White House Creates Cyber Governance Unit Within OMB
With the framework explained for a number of government cybersecurity-related initiatives, now it’s time to talk money. The White House anted up strong in 2015 with proposals for a new data breach notification standard, as well as plans to facilitate information-sharing between the public and...