Breaches hit the U.K. Electoral Commission, the Colorado public education system and retailer Hot Topic, the rise of cyberattacks in sports and the sound of laptop keystrokes could lead to password theft. Here are the latest threats and advisories for the week of August 11, 2023. Threat Advisories and Alerts Microsoft Warns That Cyberattacks Impacting Sporting Events Are Likely to Increase Major sporting events are becoming a growing target for cybercriminals, warns Microsoft. In the past several years, notable sport franchises have suffered cyberattacks, including Manchester United, the Houston Rockets and the San Francisco 49ers. While sporting events seem like... Read more →
389 posts categorized "IT Security"
11 August 2023
Latest Cyberthreats and Advisories - August 11, 2023
Posted by ISC2 Management on 11 August 2023 at 08:51 AM in Government , IT Security, Privacy, Ransomware | Permalink
|
Comments (0)
04 August 2023
API Security Best Practices in the Hybrid Multi-Cloud Digital World
Interconnected and distributed systems have made the role of APIs critical to enabling discreet connectivity between systems but can create additional risk. By Dave Cartwright, CISSP Application Programming Interfaces (APIs) are notoriously difficult to secure, particularly if they are internet-facing. As one source puts it: “APIs are designed to facilitate communication between different systems and applications, which means they are inherently exposed to various external actors. This exposure increases the attack surface, making them attractive targets for malicious actors”. So, what can we do to make the best of a challenging concept? In a (ISC)² webinar, Byron McNaught from the... Read more →
Posted by ISC2 Management on 04 August 2023 at 12:30 PM in Cloud Security, IT Security | Permalink
|
Comments (0)
02 August 2023
Will Banks Adopting Open-Source Leave Them More Open to Supply Chain Cyber Attacks?
One of the biggest vindications of open-source software in recent years has been its widespread adoption by the finance sector. By Joe Fay In its 2022 State of Open Source in Financial Services report, the Fintech Open Source Foundation (FINOS) found that 87% of respondents agreed that open source is “valuable to the future” of the industry, with open-source consumption and the use of open standards seen as top factors in increasing productivity. Banks and other institutions have clearly decided it makes no sense to constantly develop their own software from the ground up when open-source alternatives exist. This not... Read more →
Posted by ISC2 Management on 02 August 2023 at 09:00 AM in IT Security, Network Security, Operations Security, Risk | Permalink
|
Comments (0)
Cybersecurity’s Shift from IT to OT
As malware spreads from IT to OT, the focus is shifting from business interruptions to physical harm, with the final responsibility resting with the CEO. Amid this fundamental change in threat and attack strategy, organizations need to focus on asset-centric cyber-physical systems and ensure teams are in place to handle monitoring and management of these key systems. By Dave Cartwright, CISSP Cybersecurity professionals are used to defending IT systems against malware and other cyber attacks. In recent years, though, attackers have increasingly targeted Operational Technology (OT) systems. What is OT? According to the UK’s National Cyber Security Centre (NCSC) it... Read more →
Posted by ISC2 Management on 02 August 2023 at 04:00 AM in IT Security, Operations Security | Permalink
|
Comments (0)
01 August 2023
SEC Votes To Adopt Rules Expanding Cybersecurity Reach and Disclosure
By Tara Wisniewski, EVP, Advocacy, Global Markets and Member Engagement, (ISC)² Summary The U.S. Securities and Exchange Commission (SEC) last week voted to adopt significant new rules relating to how publicly traded companies act and disclose cybersecurity-related risk and incidents. While U.S. healthcare providers, financial services firms and other critical infrastructure operators must, by law, report data and network breaches, no all-encompassing U.S. federal breach or incident disclosure law currently exists. However, the new rules passed by the SEC commissioners leave considerable ambiguity, particularly regarding the definition and measure of risk, along with not making a definitive ruling on cybersecurity... Read more →
Posted by ISC2 Management on 01 August 2023 at 01:00 PM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
28 July 2023
Latest Cyberthreats and Advisories - July 28, 2023
The myth of Mac’s malware invincibility, ransomware attacks skyrocketed in June and North Korean actors found to be behind the JumpCloud breach. Here are the latest threats and advisories for the week of July 28, 2023. Threat Advisories and Alerts Vulnerability Leaves 900,000 MikroTik Routers Open to Attack An estimated 900,000 MikroTik routers may be vulnerable to attack due to a new security flaw. The vulnerability (CVE-2023-30788) can provide cybercriminals entry into an organization’s network. "The worst-case scenario is that an attacker can install and execute arbitrary tools on the underlying Linux operating system," said security researcher Jacob Baines. Considering... Read more →
Posted by ISC2 Management on 28 July 2023 at 07:00 AM in Cybersecurity Workforce, IT Security, Malware, Ransomware, Risk | Permalink
|
Comments (0)
27 July 2023
Collaboration is Key: Sector-wide Integrated Cyber Defense Approach (SICDA), Part 1
By Enoma Odia, CISSP, ISSMP, CSSLP Cybersecurity is a crucial concern for modern organizations due to the rise of increasingly sophisticated cyber threats and attacks. Implementing cybersecurity controls and managing the escalating risk presents considerable challenges for organizations, especially considering the potential financial implications. It is why collaboration is a preferred approach, allowing cost and workload to be diluted to more manageable levels. While cybersecurity collaboration is not a novel concept, government agencies like ENISA and CISA-ISACs are primarily tasked with promoting collaboration to bolster cybersecurity resilience. Notwithstanding, these agencies often rely on information sharing on emerging threats, vulnerabilities, and... Read more →
Posted by ISC2 Management on 27 July 2023 at 12:30 PM in IT Security | Permalink
|
Comments (1)
21 July 2023
E.U.’s Computer Resilience Act Rewrite Clarifies Vulnerability Reporting, Product Classes
But does the revised Computer Resiliency Act text calm open-source fears around reporting and liabilities? By Joe Fay The European Union (E.U.) Cyber Resilience Act could be finalized by the end of this year after the member states agreed on a revised text for the controversial cybersecurity legislation. The revised text was agreed this week by the European Council. It includes plans for a single vulnerability reporting platform and clarifies under which circumstances open-source software will be covered by the legislation. The legislation came under criticism from industry bodies for being too prescriptive when it was unveiled by the European... Read more →
Posted by ISC2 Management on 21 July 2023 at 12:30 PM in IT Security, Software Development | Permalink
|
Comments (0)
Latest Cyberthreats and Advisories - July 21, 2023
The cybercriminal version of ChatGPT, BreachForums’ founder pleads guilty and FBI warns of tech support scam. Here are the latest threats and advisories for the week of July 21, 2023. By John Weiler Threat Advisories and Alerts CISA Factsheet Offers Security Advice for Companies Transitioning to the Cloud The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published the Free Tools for Cloud Environments factsheet to help protect companies migrating to the cloud. The factsheet provides cloud security guidance on how organizations can safeguard their data and critical assets from vulnerabilities, anomalies and other cyberthreats. CISA has encouraged organizations to... Read more →
Posted by ISC2 Management on 21 July 2023 at 06:00 AM in Cloud Security, Digital Forensics, Ethics, Government , Insider Risk, IT Security, Malware, Risk | Permalink
|
Comments (0)
18 July 2023
Cybersecurity Industry News Review – July 18, 2023
Are cybersecurity professionals able to shape policy, the White House tackles smart device quality standards, the MOVEit breach keeps moving and a new resource for understanding maritime cyber threats. Survey To Look at Involvement of Cybersecurity Professionals in UK Policy Development Jen Ellis, founder of NextJenSecurity and also an Advisory Board Member for the U.K. Cabinet Office's Government Cybersecurity Advisory Board has launched a survey and is looking to understand the extent of involvement of frontline cybersecurity professionals in the U.K.’s cybersecurity policymaking process. This survey investigates whether cybersecurity professionals in the U.K. are interested in participating in, and have... Read more →
Posted by ISC2 Management on 18 July 2023 at 09:59 AM in Cybersecurity Workforce, Government , IT Security, Ransomware, Risk | Permalink
|
Comments (0)
17 July 2023
New cybersecurity express-learning opportunities with (ISC)² Skill-Builders
Cybersecurity never stands still. It’s a constantly evolving field that requires constant learning to stay in front of cyberthreats. (ISC)² Skill-Builders are a new way to stay current and demonstrate your knowledge of emerging cybersecurity topics. The quick, on-demand learning from cybersecurity’s leading professional organization features content created by industry experts. Learning activities focused on real-world activities ensure the content is accessible and relevant. Anyone can access the courses anytime, anywhere. (ISC)² Skill-Builders dive into the following focus areas: Entry-Level Cybersecurity Skill-Builders - Learn valuable fundamental skills as you pursue a career in cybersecurity. Cloud Security - Get up to... Read more →
Posted by ISC2 Management on 17 July 2023 at 08:00 AM in Cloud Security, Cybersecurity Training, IT Security, Network Security, Operations Security, Risk, Software Development | Permalink
|
Comments (0)
14 July 2023
Latest Cyberthreats and Advisories - July 14, 2023
Cybersecurity agencies warn of Truebot malware, ransomware and phishing attacks surge in 2023 and the rise of Clop ransomware gang. Here are the latest threats and advisories for the week of July 14, 2023. By John Weiler Threat Advisories and Alerts Cybersecurity Agencies Warn of New Truebot Malware Variants The U.S. Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with other domestic agencies and the Canadian Centre for Cyber Security (CCCS) have released a joint advisory that warns of Truebot malware variants. Truebot, which has been utilized by groups like Clop Ransomware, is a botnet used for data exfiltration. While... Read more →
Posted by ISC2 Management on 14 July 2023 at 06:00 AM in IT Security, Malware, Ransomware, Risk | Permalink
|
Comments (0)
29 June 2023
Report Finds Up To One In 10 Data Breaches Caused By Developers And Sysadmins
Errors by developers and sysadmins emerged as an important data breach cause in Verizon’s 2023 Data Breach Investigations Report (DBIR). What the report doesn’t mention is the increased pressure on professionals to stop data breaches at a time of skills shortages and budget caps. By John E. Dunn “If only business networks didn’t have users to worry about. Cyberattacks would be a thing of the past,” is a mildly subversive thought that must have crossed the minds of most sysadmins in a darker moment. It’s widely understood that users do things they shouldn’t do, including bypassing, ignoring or misunderstanding security... Read more →
Posted by ISC2 Management on 29 June 2023 at 09:00 AM in Cybersecurity Workforce, IT Security, Ransomware | Permalink
|
Comments (0)
20 June 2023
Infosecurity Europe: Drop The Jargon, CISOs Tell Cyber Community
Cybercrime is just another crime, said a panel at InfoSec 2023 including the CISOs of EasyJet and Penguin Random House, and we need to start treating it like one. By Tamlin Magee In order to outsmart cyber criminals, the cyber industry needs to drop the jargon, demystify itself, and get into the mindset of attackers, agreed a panel of experts speaking at Infosecurity Europe 2023 in London including the CISOs of airline EasyJet and Penguin Random House. “The threat actors, it's a business to them and they're managing risk,” said EasyJet CISO Paul Midian. “They just happen to manage a... Read more →
Posted by ISC2 Management on 20 June 2023 at 12:00 PM in ISC2 Events, IT Security, Legal, Ransomware | Permalink
|
Comments (0)
16 June 2023
Analysis: Capita Hack Raises Global Issues and Learning Opportunities to Prevent a Repeat
Incident highlights the value of asking tough questions early on at the due diligence stage, not after an attack when the damage is already done. By Joe Fay Wherever you look in the U.K., services and outsourcing giant Capita is woven into the technology landscape. It provides services to local and central government departments, the military, healthcare and education organizations, not least in administering their pension systems. The outsourcing giant is stitched right through the private sector too, with clients such as Royal Mail and AXA. So, when a company like Capita has what appears to be a major security... Read more →
Posted by ISC2 Management on 16 June 2023 at 11:00 AM in IT Security, Risk | Permalink
|
Comments (0)
09 June 2023
Latest Cyberthreats and Advisories - June 9, 2023
Verizon releases annual data breach report, more than 90,000 people impacted in U.S. university breach and the BBC, British Airways and Boots compromised in MOVEit Transfer incident. Here are the latest threats and advisories for the week of June 9, 2023. By John Weiler Threat Advisories and Alerts Sextortion Schemes Transform Innocent Photos Into Explicit Content The U.S. Federal Bureau of Investigation (FBI) has issued a warning to the public of an uptick in sextortion crimes. Likely due to the explosion of AI technology, malicious actors can transform innocent photos from a victim’s social media accounts into explicit, sexually-themed images.... Read more →
Posted by ISC2 Management on 09 June 2023 at 06:00 AM in IT Security, Malware, Risk | Permalink
|
Comments (0)
06 June 2023
Cybersecurity Industry News Review - June 6, 2023
$400 million fund for AI and robotics start-ups, OpenAI to fund cybersecurity efforts while research shows that cybercriminals are targeting the friends and families of high-value organization executives. By Chris Green IQ Capital Gears Up For ‘Deep Tech’ Investment London-based venture investor IQ Capital has successfully raised $400 million (£320 million) across two funds, which it plans to invest in an array of so-called ‘deep tech’ start-ups focused on tech areas including artificial intelligence (AI), robotics, quantum computing and others. The venture capital firm primarily invests in seed to Series A stage startups in the UK and Europe. Its previous... Read more →
Posted by ISC2 Management on 06 June 2023 at 08:00 AM in Cybersecurity Workforce, Government , IT Security, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (0)
02 June 2023
Latest Cyberthreats and Advisories - June 2, 2023
Cybercriminals hire humans to break CAPTCHAs, the meteoric rise of LockBit and a potential ransomware attack on the U.S. city of Augusta, Georgia. Here are the latest threats and advisories for the week of June 2, 2023. By John Weiler Threat Advisories and Alerts China State-Sponsored Actor Infiltrates U.S. Critical Infrastructure In a collaborative effort, cybersecurity authorities from the U.S., Canada, Australia, New Zealand and the U.K. have issued a joint advisory to highlight a series of events linked to a China state-sponsored threat actor known as Volt Typhoon. The cybercriminal’s activity impacts the networks of critical infrastructure sectors across... Read more →
Posted by ISC2 Management on 02 June 2023 at 06:00 AM in IT Security, Ransomware, Risk | Permalink
|
Comments (1)
25 May 2023
Infosecurity Europe 2023 Preview – Our Pick of the Keynote Sessions
In the first of two previews of Infosecurity Europe 2023, we look at our top picks for unmissable keynote sessions across the three days of the conference, held at ExCel in London from June 20-22. By John E. Dunn As the pivotal cybersecurity conference in the region, every Infosecurity Europe conference is oriented to topical themes. This year is no exception, with the speaker lineup covering everything from the on-going anxiety of cyberwar, how zero trust can be made to work once it leaves the drawing board, and the never-ending puzzle of assessing supply chain risk. The following is our... Read more →
Posted by ISC2 Management on 25 May 2023 at 03:00 AM in Cloud Security, Cybersecurity Training, Cybersecurity Workforce, Digital Forensics, Ethics, Government , Insider Risk, ISC2 Events, IT Security, Legal, Malware, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
19 May 2023
Latest Cyberthreats and Advisories - May 19, 2023
WordPress’s Elementor is vulnerable (again), the U.S. Department of Transportation is breached, 5.8 million medical records are posted online after PharMerica incident. Here are the latest threats and advisories for the week of May 19, 2023. By John Weiler Threat Advisories and Alerts Australian and U.S. Governments Release Advisory on BianLian Ransomware Group The Australian Cyber Security Centre (ACSC) has released a joint cybersecurity advisory with the U.S. outlining typical threat vectors and signs of ongoing attacks by the BianLian ransomware group. It is a relatively new group that uses trusted Remote Desktop Protocol (RDP) credentials to gain network access... Read more →
Posted by ISC2 Management on 19 May 2023 at 07:00 AM in Government , IT Security, Malware, Ransomware, Risk | Permalink
|
Comments (0)
Search
Categories
- Center for Cyber Safety and Education (52)
- Cloud Security (137)
- Cybersecurity Certifications (387)
- Cybersecurity Training (315)
- Cybersecurity Workforce (254)
- Digital Forensics (30)
- Ethics (53)
- Government (127)
- Insider Risk (57)
- ISC2 Chapters (22)
- ISC2 Events (166)
- IT Security (389)
- Legal (46)
- Malware (116)
- Network Security (178)
- Operations Security (144)
- Privacy (117)
- Ransomware (90)
- Risk (204)
- Software Development (46)
- Spotlight (71)