Beware the BatLoader, the NSA calls for more memory-safe programming language use and ransomware causes more trouble in Australia….Here are the latest threats and advisories for the week of November 18, 2022. Threat Advisories and Alerts Researchers Sound Alarm on Dangerous BatLoader Malware Dropper A dangerous new malware loader with features for determining whether it's running on business or home computers has begun rapidly infecting systems worldwide over the past few months. Researchers at VMware Carbon Black claim the threat, dubbed BatLoader, is being used to distribute a variety of malware tools including a banking Trojan, an information stealer, and... Read more →
357 posts categorized "IT Security"
18 November 2022
Latest Cyberthreats and Advisories - November 18, 2022
Posted by (ISC)² Management on 18 November 2022 at 09:50 AM in IT Security, Malware, Network Security, Operations Security, Privacy, Ransomware | Permalink
|
Comments (0)
05 August 2022
Latest Cyberthreats and Advisories - August 5, 2022
High profile ransomware attacks, vulnerabilities in popular technology products and a widespread investment scam in Europe. Here are the latest cybersecurity threats and advisories for the week of August 5, 2022. Threat Advisories and Alerts Critical Vulnerability Found in VMware Products VMware has released a security update to patch a critical vulnerability in several of their products, including VMware Workspace ONE Access, vRealize Automation and Identity Manager. If the vulnerability isn’t patched, bad actors with network access could obtain admin privileges. VMware customers using the affected products are recommended to upgrade to the latest version immediately. Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-033 CISA Warns... Read more →
Posted by (ISC)² Management on 05 August 2022 at 11:00 AM in IT Security, Ransomware, Risk | Permalink
|
Comments (0)
21 July 2022
APAC Security Leaders Come Together at SECURE Singapore
We held our first-ever (ISC)² SECURE Singapore event earlier this month. The in-person event saw leading cybersecurity experts from around the region engaging in discussions around cybersecurity amid profound changes and disruption around the world, and a global workforce gap. David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency of Singapore (CSA), started off the event with a keynote address. He argued that cybersecurity is akin to a team sport, where all organizations and individuals have a vital part to play in combating cyber crimes. Clar Rosso, CEO of (ISC)², and Zachary Tudor, CISSP, chair of... Read more →
Posted by (ISC)² Management on 21 July 2022 at 02:30 AM in (ISC)² Chapters, (ISC)² Events, IT Security | Permalink
|
Comments (0)
15 July 2022
Latest Cyberthreats and Advisories - July 15, 2022
Callback scams, ransomware, Windows attacks and phishing … here are the latest cybersecurity threats and advisories for the week of July 15, 2022. Threat Advisories and Alerts North Korea State-Sponsored Cybercriminals Target U.S. Healthcare Organizations North Korea state-sponsored cyber actors are infecting the systems of U.S. healthcare organizations with Maui ransomware. The malware encrypts the servers of healthcare services—which can freeze up their electronic health care records, diagnostic services, imaging services and other critical functions—disrupting their operations for prolonged periods. Why are healthcare organizations targets? They are more likely to pay ransoms. According to Sophos' State of Ransomware in Healthcare... Read more →
Posted by (ISC)² Management on 15 July 2022 at 10:15 AM in IT Security, Malware, Risk | Permalink
|
Comments (0)
27 June 2022
Infosecurity Europe: A show so secure a train strike couldn’t break it!
Infosecurity Europe is unquestionably the biggest and most significant cybersecurity conference and event on the European calendar, a mainstay that is enjoyed by the entire industry and that serves as an important opportunity for members to meet each other and engage with the (ISC)² team on our stand. Like so many key industry events, Infosecurity Europe has been operating as a virtual event for the last two years due to the pandemic but made a triumphant return to physical being this year along with a move to a brand new venue. 2022 saw the show move from London’s Olympia Exhibition... Read more →
Posted by (ISC)² on 27 June 2022 at 12:37 PM in (ISC)² Events, Cybersecurity Workforce, Government , IT Security | Permalink
|
Comments (0)
08 March 2022
The Dilemma of Defense in Depth
By Ala' F. Wrikat, MSc, CISSP, CISM. Ala' is currently a specialist in policies and strategic studies at the Financial-sector's CERT of Jordan. Defense in depth strategy has proven its effectiveness in preventing cyber threats over the years. At the abstract level, most technical security controls are designed with two main components; 1) a knowledge base, and 2) a matching engine. Each security product has its own version of a growing knowledge base of feeds (whatever these feeds are). The content and how frequent these knowledge bases get updated are often the basis of competition between vendors. In this context,... Read more →
Posted by (ISC)² Management on 08 March 2022 at 08:00 AM in IT Security, Operations Security | Permalink
|
Comments (0)
10 November 2021
The Dawn of True IoT Security
Internet of Things (IoT) devices are now everywhere. Ever since the earliest devices started to appear on the market, in homes, and worse, in corporations, security professionals have sounded the alarm about how these devices were built with no security in mind. Now, the National Institute of Standards and Technology (NIST) has released new draft guidance documents on securing these devices, both before release, as well as acquisition, and integration. These new publications will serve both corporations and consumers in a positive way. However, like any technical directions, the ideas set forth are only effective in capable and qualified hands.... Read more →
Posted by (ISC)² Management on 10 November 2021 at 08:00 AM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
20 October 2021
#ISC2Congress - Critical Infrastructure a Main Focus of Security Congress 2021
Protecting critical infrastructure and associated challenges was a recurring theme during (ISC)² Security Congress 2021, which took place virtually from Monday to Wednesday this week. It was the subject of various sessions and came up during a keynote session delivered by Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs said critical infrastructure needs to be hardened against foreign adversaries that might have an interest in disrupting it at some point. CISA and other agencies are working to come up with standards and practices for infrastructure security. And they are looking for input from the cybersecurity... Read more →
Posted by (ISC)² Management on 20 October 2021 at 03:30 PM in (ISC)² Events, IT Security | Permalink
|
Comments (0)
04 October 2021
(ISC)² Celebrates Cybersecurity Awareness Month With Treasure Trove of Knowledge Building Resources
It’s October! And that can mean only one thing. It’s time to kick off the annual Cybersecurity Awareness Month, hosted by the National Cyber Security Alliance (NCSA) and the Cybersecurity & Infrastructure Security Agency (CISA). With remote work the new normal for most and ransomware attacks at peak fever pitch, there’s no time like now to learn about cybersecurity, or for those in the know, for a refresher on some of the common pitfalls to avoid in order to keep your data safe. In celebration of this month of best practices discovery, (ISC)² created a one-stop-shop to find helpful cybersecurity... Read more →
Posted by (ISC)² Management on 04 October 2021 at 02:00 PM in IT Security, Network Security, Operations Security | Permalink
|
Comments (1)
15 July 2021
Implementing Controls Without Breaking Everything (Including the Bank)
A very common complaint among information security professionals is lack of a budget to implement the best security tools. It may be true that recent newsworthy security events have increased many budgets, yet it never seems like enough. In many ways, this is true. It is like the difference between the base-model automobile, and the fully equipped model. What easier way is there to grant a system the authority to operate than with the most robust budget imaginable? Yes, it is nice to have all the flashing lights and automated features, but that is not always what is needed to... Read more →
Posted by (ISC)² Management on 15 July 2021 at 08:00 AM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (1)
08 June 2021
Make New Connections with (ISC)² Community
Are you looking for a space to connect with your peers in the cybersecurity industry? (ISC)² Community connects you to a global network of cybersecurity professionals through an interactive and engaging platform. Community offers members and non-members an opportunity to share insights on the latest cybersecurity trends, ask questions, share knowledge, or voice opinions. Community welcomes all levels of experience to weighing in on the current topics and trending conversations through public discussion or private chats. Users can subscribe to popular threads based on interests such as cloud security, privacy, tech talk, career, and more. Community Groups encourage engagement through... Read more →
Posted by (ISC)² Management on 08 June 2021 at 07:45 AM in IT Security | Permalink
|
Comments (0)
21 May 2021
More Than Likely, Or Less Than Probable: Is a truly quantitative security analysis possible?
The Language of Profit and Loss Security professionals spend a lot of time honing their area of expertise. Your strength could be in packet analysis, or programming…maybe you are at your best in the realm of security engineering, or pentesting. Or, you may have the best technical skills, but when it comes to obtaining a budget for a project or a new security tool, you need to understand and explain the difference between likelihood, and probability. Why is this important? This is important because the language of business is based on profits and loss, and that component is key to... Read more →
Posted by (ISC)² Management on 21 May 2021 at 08:00 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
12 April 2021
Wanted: Software Developers with a Security Mindset
The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security is still one of the last priorities on many developers’ minds during the software development lifecycle. Vulnerable Apps Increase Cyber Threats Despite that the 2020 Verizon Data Breach Investigations Report indicates that most data breaches happen through vulnerable web applications, many developers are still hesitant to adopt a security mindset. Even though the news headlines are filled with the names of companies being compromised every day,... Read more →
Posted by (ISC)² Management on 12 April 2021 at 08:12 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Software Development | Permalink
|
Comments (0)
08 April 2021
Hush – This Data Is Secret
Is There Ever Too Much Data? As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase “Big Data” was a new, innovative way to gain a business advantage. Now, big data is the norm. When we think of all the data that has been gathered, we must stop and wonder about what is contained in that data. Many important, and often private details are stored about the clients of a particular business. Over time, it became clear that this data, if obtained by criminals, could be damaging to an... Read more →
Posted by (ISC)² Management on 08 April 2021 at 07:35 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
24 March 2021
How To Get It Right With Cybersecurity Training
The cybersecurity team can be a challenging one for organizations to keep engaged and happy. Talent is scarce, turnover and burnout rates are high. That’s why employers have to keep existing teams engaged in their profession, and current on the latest threats and defenses. To accomplish this, every organization needs a formal, standards-based cybersecurity training and education program for the employees responsible for securing their critical assets. What are the key components of a training program? Whatever an organization’s unique circumstances, three major tenets must guide any training effort: Security is an obligation, not an option. Evolving technology and constantly... Read more →
Posted by (ISC)² Management on 24 March 2021 at 08:04 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
03 March 2021
What Are the Phases of an Incident Response Plan?
Disaster recovery is now a normal part of business operations. However, before the year 2000, disaster recovery was a “nice to have” addition to a business. Then, the “Y2K” bug became the impetus that brought disaster recovery to the forefront of business preparedness. Next, in 2001, the rise of terrorism brought new attention to the need for businesses to prepare for disasters. As time progressed, incidents such as the blackout of 2003 that shut down the northeastern United States for a day, made many recognize that disaster recovery centers could not be on the same power grid, let alone at... Read more →
Posted by (ISC)² Management on 03 March 2021 at 08:15 AM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
25 February 2021
Challenges and Misconceptions of Certificate Revocation in PKI
By Qamar Peer Bellary Sadiq, CISSP, CCSP Public Key Infrastructure is the most commonly used technology in security space for the purpose of establishing Authentication, Data Integrity, Non-Repudiation, email encryption, SSL/TLS with X.509 Certificates (also known as Digital Certificate). Digital Certificate is a form of a digital identity document in the digital world and helps identify users, entities and servers. PKI is an amalgamation of a suite of protocols, people, processes and technologies that must work in a synchronized manner to create, store, distribute, manage and revoke digital identities. However, there exists real world challenges, pitfalls and misconceptions around Certificate... Read more →
Posted by (ISC)² Management on 25 February 2021 at 08:55 AM in IT Security, Network Security | Permalink
|
Comments (2)
19 February 2021
The Weeds and Flowers of Information Security
Why it is essential to have experience - and not JUST to pass the CISSP Growing The Garden of InfoSec Think about your path in information security. It took a lot of work and study. No one is born knowing information security, and no child in any playground has ever said “when I grow up, I want to get a CISSP credential”. Information security is one of the most popular professions right now, and it is anticipated that the demand for qualified information security professionals will continue to grow for the foreseeable future. Any great garden requires serious care and... Read more →
Posted by (ISC)² Management on 19 February 2021 at 08:30 AM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
04 February 2021
Addressing the Human Element of Security: Awareness & Training Programs
Did you ever hear the story about the hyphen that cost 80 Million dollars? In the infancy of the United States’ space program, a programming error resulted in a forced abort of a rocket early in its flight to prevent possible injury along its crash path. Or how about the time a pilot miscalculated the required fuel for a flight from Montreal to Edmonton? These are both fatal examples of how human error can have serious consequences. In our hyper-connected world, our errors can have damaging consequences. Sometimes, the harm can be minor, such as the “Melissa” macro virus of... Read more →
Posted by (ISC)² Management on 04 February 2021 at 08:50 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
02 February 2021
Employment for Security Analysts to Grow 31% by 2029
Demand for cybersecurity professionals will stay strong through the remainder of the decade, according to U.S. Bureau of Labor statistics. In the 10-year period between 2019 and 2029, employment of information security analysts will grow by 31%, according to the bureau’s Occupational Outlook Handbook. The projected growth rate is more than seven times higher than the national job growth average of 4%, and roughly three times that of the 11% projected growth in IT-related occupations. The reason for the high growth rate for information security analysts is no secret to anyone in the industry. As the bureau notes: “Cyberattacks have... Read more →
Posted by (ISC)² Management on 02 February 2021 at 08:30 AM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (1)
Search
Categories
- (ISC)² Chapters (21)
- (ISC)² Events (150)
- Center for Cyber Safety and Education (50)
- Cloud Security (123)
- Cybersecurity Certifications (362)
- Cybersecurity Training (303)
- Cybersecurity Workforce (220)
- Digital Forensics (27)
- Ethics (49)
- Government (101)
- Insider Risk (54)
- IT Security (357)
- Legal (41)
- Malware (98)
- Network Security (162)
- Operations Security (132)
- Privacy (98)
- Ransomware (56)
- Risk (171)
- Software Development (43)
- Spotlight (66)