NIST Commits to Resuming NVD Work with Additional Funding and Partnerships

The US National Institute of Standards and Technology (NIST) has announced a plan to address the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database (NVD). The plan includes additional funding, a third-party contract, and a partnership with the Cybersecurity and Infrastructure Security Agency (CISA). NIST aims to restore processing rates within the next few months and reduce the backlog by September 30. The agency faces an exponentially growing problem, with over 36,000 vulnerabilities disclosed this year, and has processed only 26% of them so far. The community has expressed concerns about the long-term sustainability of the NVD and the need for a permanent solution.

London Hospitals Hit by Cyber-Attack

A cyber-attack on pathology services provider Synnovis has forced major London hospitals, including King's College Hospital and Guy's and St Thomas', to declare a critical incident, cancelling operations and diverting emergency patients. The attack, believed to have occurred on Monday, has disrupted blood transfusions and test results, and also affected GP services in several boroughs. The NHS has apologised for the inconvenience and is working with the National Cyber Security Centre to understand the impact, while Synnovis has deployed a "taskforce of IT experts" to assess the situation.

TikTok Cyber Attack Targets High-Profile Accounts

TikTok has responded to a cyber attack targeting several prominent accounts, including CNN and Paris Hilton's. The company has collaborated with CNN to restore account access and implement enhanced security measures. While the number of compromised accounts is reportedly "very small", TikTok is working with affected owners to restore access. This incident comes as TikTok's parent company, ByteDance, challenges a US law requiring the sale of TikTok by January or face a ban, citing national security concerns.

Russian Cybercriminals Behind London Hospitals Cyber Attack

A Russian cybercrime group, known as Qilin, has been identified as the perpetrator of the ransomware attack on Synnovis, a pathology services firm that supplies London NHS hospitals. The attack has resulted in a "severe reduction in capacity" and cancelled operations, tests, and blood transfusions. Ciaran Martin, former chief executive of the National Cyber Security Centre, described the incident as "very, very serious". Qilin operates as a ransomware-as-a-service group, hiring out malware to other criminals. The attack is believed to be a targeted operation to secure a ransom, highlighting the growing threat of cybercrime.