In the first of two previews of Infosecurity Europe 2023, we look at our top picks for unmissable keynote sessions across the three days of the conference, held at ExCel in London from June 20-22. By John E. Dunn As the pivotal cybersecurity conference in the region, every Infosecurity Europe conference is oriented to topical themes. This year is no exception, with the speaker lineup covering everything from the on-going anxiety of cyberwar, how zero trust can be made to work once it leaves the drawing board, and the never-ending puzzle of assessing supply chain risk. The following is our... Read more →
371 posts categorized "IT Security"
25 May 2023
Infosecurity Europe 2023 Preview – Our Pick of the Keynote Sessions
Posted by (ISC)² Management on 25 May 2023 at 03:00 AM in (ISC)² Events, Cloud Security, Cybersecurity Training, Cybersecurity Workforce, Digital Forensics, Ethics, Government , Insider Risk, IT Security, Legal, Malware, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
19 May 2023
Latest Cyberthreats and Advisories - May 19, 2023
WordPress’s Elementor is vulnerable (again), the U.S. Department of Transportation is breached, 5.8 million medical records are posted online after PharMerica incident. Here are the latest threats and advisories for the week of May 19, 2023. By John Weiler Threat Advisories and Alerts Australian and U.S. Governments Release Advisory on BianLian Ransomware Group The Australian Cyber Security Centre (ACSC) has released a joint cybersecurity advisory with the U.S. outlining typical threat vectors and signs of ongoing attacks by the BianLian ransomware group. It is a relatively new group that uses trusted Remote Desktop Protocol (RDP) credentials to gain network access... Read more →
Posted by (ISC)² Management on 19 May 2023 at 07:00 AM in Government , IT Security, Malware, Ransomware, Risk | Permalink
|
Comments (0)
04 May 2023
#WorldPasswordDay - (ISC)² Members Weigh In
This year for World Password Day we have covered the history and misconceptions of passwords in Password Myths vs. Reality and dove into the benefits of password managers in Beyond Username and Password: Protecting Your Digital Identity. To wrap up the annual reminder of staying safe and secure online, we asked our group of (ISC)² Blog Volunteers for their insights and advice. What is your best advice as a cybersecurity professional to those outside of the industry when it comes to setting passwords? Continue to educate yourself, regardless of the industry you are in, the safety of data is not... Read more →
Posted by (ISC)² Management on 04 May 2023 at 10:00 AM in IT Security, Privacy, Risk | Permalink
|
Comments (0)
25 April 2023
RSA Conference Day One: Disruption Key to Keeping Bad Actors At Bay
Day One of the RSA Conference opened with keynotes diagnosing a security identity crisis, while offering AI, platforms, and big dose of disruption as the cure for what ails the cybersecurity world. By Joe Fay The 2023 RSA Conference kicked off in San Francisco this week, with human delegates being confronted with speaker after speaker declaring that AI is taking over much of their jobs. Opening the conference, RSA CEO Rohit Ghai said that over the years, the core purpose of security platforms has evolved, but “in the AI era, it is security first, followed by convenience and compliance.” “AI... Read more →
Posted by (ISC)² Management on 25 April 2023 at 01:37 PM in Government , IT Security, Malware, Network Security, Risk | Permalink
|
Comments (0)
Cybersecurity Industry News Review - April 25, 2023
Europe’s Air Traffic Control (ATC) agency under DDoS attack. Eavesdropping police in the U.K. spared massive fine. Numbers emerge after NCR ransomware attack. Hackers hit gold in secondhand routers. By Joe Fay “Pro-Russian” Hackers Dive Bomb European Air Traffic Control Agency Europe’s air traffic control agency, Eurocontrol, has been fighting off a cyberattack by pro-Russian hackers since April 19. The attack appears to have been a DDoS targeting the agency’s website. Pro-Russian group Killnet claimed to have launched a “100 hour” marathon against Eurocontrol. The agency declined to detail the nature of the attack but said its safety operations had... Read more →
Posted by (ISC)² Management on 25 April 2023 at 06:00 AM in Government , IT Security, Malware, Network Security, Ransomware, Risk | Permalink
|
Comments (0)
14 April 2023
SEC Cybersecurity Proposals Survey Exposes Need for Board-Level Cyber Skills
Respondents highlight the need for appointing and developing more board-level cybersecurity expertise, while some are concerned that disclosure regulations unintentionally risk helping criminals alongside improving investor transparency. By Joe Fay U.S. Securities and Exchange Commission (SEC) proposals to boost cybersecurity reporting requirements for publicly traded firms have not resonated with (ISC)² members in a survey, with over half unaware of the proposals and a fifth suggesting they could benefit threat actors inadvertently through providing investors with enhanced disclosure. In 2022, the SEC proposed new rules on cybersecurity that impact publicly traded companies, with standards for disclosures around cyber security risk... Read more →
Posted by (ISC)² Management on 14 April 2023 at 02:00 PM in Government , IT Security, Network Security, Operations Security | Permalink
|
Comments (0)
11 April 2023
#IdentityManagementDay - Best Practices to Help Keep Your Organization Secure
By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd. We kicked off the Identity and Access Management Processes from the Top-Level Management approach. The Identity and Access Management Security Steering Committee is a group of C-Suites leaders, also referred to as the respective Data and Asset Owners from the various Business Units of my organization. The group met and established the governing policy around the Identity and Access Management Processes. The governance covers the Mandatory Access Control Policy and Trust Policy of the organization which are automatically enforced as the baselines on default. The governance of... Read more →
Posted by (ISC)² Management on 11 April 2023 at 08:00 AM in Cybersecurity Workforce, IT Security, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
07 April 2023
Push Notification Is More Secure Than SMS 2FA, So Why the Reluctance to Enable It?
Forget SMS 2FA authentication – Twitter and others are making it less attractive by either charging for it or phasing it out altogether. But there’s a better alternative if only tech companies were willing to invest. By John E. Dunn Mention Twitter and two factor authentication (2FA) in the same breath right now and security watchers will immediately think about a puzzling announcement the company made less than two months ago. The gist was that anyone using or adding SMS 2FA to their account would have to buy a subscription to Twitter Blue for $8 per month to continue to... Read more →
Posted by (ISC)² Management on 07 April 2023 at 12:00 PM in IT Security, Operations Security | Permalink
|
Comments (0)
29 March 2023
Analysis: Hackers Exploit Zero-Day to Siphon $1.5 Million From Bitcoin ATMs
Anxiety about the security of hot wallets grows as General Bytes customers are hit by a zero-day flaw in the company’s Bitcoin ATMs. By John E. Dunn It’s fair to say that crypto has an image problem. What it didn’t need was a Bitcoin ATM (BATM) hack to generate even more bad publicity. Unfortunately, that’s exactly what happened on March 17-18, according to General Bytes, one of the best-known makers of BATMs on the market. Hackers exploited a zero-day flaw in a video interface that’s part of the General Bytes CAS server platform to steal 56 Bitcoins (worth $1.5 million)... Read more →
Posted by (ISC)² Management on 29 March 2023 at 07:00 AM in IT Security, Malware | Permalink
|
Comments (1)
21 March 2023
Cybersecurity Industry News Review – March 21, 2023
KillNet is bad for your health, TikTok facing further bans, ransomware impacts cancer test results, Russia allegedly increasing its cyberwarfare efforts. By Joe Fay Microsoft Demonstrates How KillNet Is Bad for Our Healthcare Sector Microsoft has highlighted a rise in DDoS attacks on healthcare organizations, mapping a three-fold increase in attacks over three months. It said it tracked 10 to 20 attacks per day on healthcare organizations on Azure in November but was seeing 40 to 60 per day in February. The attack mix changed over this time, it added, with over half of attacks now being UDP floods, with... Read more →
Posted by (ISC)² Management on 21 March 2023 at 09:00 AM in Ethics, Government , IT Security, Malware, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
14 March 2023
Cybersecurity Industry News Review – March 14, 2023
The U.K. Online Safety Bill triggers a security rebuke from WhatsApp, the Czech Republic concerned about TikTok, an international law enforcement effort shuts down the NetWire RAT infrastructure, while a study suggests workforce malaise towards reporting security incidents. By Joe Fay WhatsApp Would Leave U.K. Rather Than Break Encryption WhatsApp would pull its end-to-end encrypted messaging service in the U.K., rather than submit to any requirement to weaken its privacy stance to comply with the U.K. government’s Online Safety Bill. WhatsApp chief Will Cathcart said that 98 per cent of its users were outside the U.K., and ALL users wanted... Read more →
Posted by (ISC)² Management on 14 March 2023 at 05:00 AM in Digital Forensics, Ethics, Government , IT Security, Malware, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
07 February 2023
Cybersecurity Industry News Review: February 7, 2023
By Joe Fay Derivatives traders, trainer trainers, and finger lickers all hit by ransomware. Russian hackers lash out after Ukraine tanks deal announced. Apple patches decade old devices. ION Markets Hit by “Cyber Security Event” Dublin-based data and software firm ION Markets has been hit by a “cyber event” which has had a knock-on effect on financial futures and derivatives markets worldwide. The attack is thought to have been ransomware related. ION Markets said the attack on its ION Cleared Derivatives division was “contained to a specific environment”, all the affected servers are disconnected, and remediation of services is ongoing.... Read more →
Posted by (ISC)² Management on 07 February 2023 at 04:21 PM in IT Security, Legal, Malware, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
06 January 2023
Latest Cyberthreats and Advisories - January 6, 2023
The LockBit ransomware gang apologizes, Google settles privacy lawsuits and cybercriminals impersonate brands and the U.K. government. Here are the latest threats and advisories for the week of January 6, 2023. Threat Advisories and Alerts Cybercriminals Impersonate Brands with Search Ads And Fake Sites The U.S. Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are directing internet browsers to malicious sites via search ads. How does the scam work? Bad actors build a fake website that impersonates a legitimate brand and then advertises it to appear at the top of search results. Once browsers click the ad,... Read more →
Posted by (ISC)² Management on 06 January 2023 at 01:00 PM in Government , IT Security, Legal, Malware, Ransomware, Risk | Permalink
|
Comments (0)
19 December 2022
SSCP Members – We Need Your Input
The SSCP certification is held by more than 7,000 professionals around the world. Known for its technical rigor, the members who hold this qualification are typically working in areas like IT administration, networks security, security operations or incident response. The exam was last refreshed in November 2021 which that means it is time for us to begin the process again. We announced last week that the CISSP will be starting the revision process in January and so will the SSCP. We need to hear from you, the certification holders. As we prepare for a Job Task Analysis (JTA) Study Workshop... Read more →
Posted by (ISC)² Management on 19 December 2022 at 08:30 AM in Cybersecurity Certifications, IT Security, Network Security, Operations Security | Permalink
|
Comments (0)
18 November 2022
Latest Cyberthreats and Advisories - November 18, 2022
Beware the BatLoader, the NSA calls for more memory-safe programming language use and ransomware causes more trouble in Australia….Here are the latest threats and advisories for the week of November 18, 2022. Threat Advisories and Alerts Researchers Sound Alarm on Dangerous BatLoader Malware Dropper A dangerous new malware loader with features for determining whether it's running on business or home computers has begun rapidly infecting systems worldwide over the past few months. Researchers at VMware Carbon Black claim the threat, dubbed BatLoader, is being used to distribute a variety of malware tools including a banking Trojan, an information stealer, and... Read more →
Posted by (ISC)² Management on 18 November 2022 at 09:50 AM in IT Security, Malware, Network Security, Operations Security, Privacy, Ransomware | Permalink
|
Comments (1)
05 August 2022
Latest Cyberthreats and Advisories - August 5, 2022
High profile ransomware attacks, vulnerabilities in popular technology products and a widespread investment scam in Europe. Here are the latest cybersecurity threats and advisories for the week of August 5, 2022. Threat Advisories and Alerts Critical Vulnerability Found in VMware Products VMware has released a security update to patch a critical vulnerability in several of their products, including VMware Workspace ONE Access, vRealize Automation and Identity Manager. If the vulnerability isn’t patched, bad actors with network access could obtain admin privileges. VMware customers using the affected products are recommended to upgrade to the latest version immediately. Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-033 CISA Warns... Read more →
Posted by (ISC)² Management on 05 August 2022 at 11:00 AM in IT Security, Ransomware, Risk | Permalink
|
Comments (0)
21 July 2022
APAC Security Leaders Come Together at SECURE Singapore
We held our first-ever (ISC)² SECURE Singapore event earlier this month. The in-person event saw leading cybersecurity experts from around the region engaging in discussions around cybersecurity amid profound changes and disruption around the world, and a global workforce gap. David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency of Singapore (CSA), started off the event with a keynote address. He argued that cybersecurity is akin to a team sport, where all organizations and individuals have a vital part to play in combating cyber crimes. Clar Rosso, CEO of (ISC)², and Zachary Tudor, CISSP, chair of... Read more →
Posted by (ISC)² Management on 21 July 2022 at 02:30 AM in (ISC)² Chapters, (ISC)² Events, IT Security | Permalink
|
Comments (0)
15 July 2022
Latest Cyberthreats and Advisories - July 15, 2022
Callback scams, ransomware, Windows attacks and phishing … here are the latest cybersecurity threats and advisories for the week of July 15, 2022. Threat Advisories and Alerts North Korea State-Sponsored Cybercriminals Target U.S. Healthcare Organizations North Korea state-sponsored cyber actors are infecting the systems of U.S. healthcare organizations with Maui ransomware. The malware encrypts the servers of healthcare services—which can freeze up their electronic health care records, diagnostic services, imaging services and other critical functions—disrupting their operations for prolonged periods. Why are healthcare organizations targets? They are more likely to pay ransoms. According to Sophos' State of Ransomware in Healthcare... Read more →
Posted by (ISC)² Management on 15 July 2022 at 10:15 AM in IT Security, Malware, Risk | Permalink
|
Comments (0)
27 June 2022
Infosecurity Europe: A show so secure a train strike couldn’t break it!
Infosecurity Europe is unquestionably the biggest and most significant cybersecurity conference and event on the European calendar, a mainstay that is enjoyed by the entire industry and that serves as an important opportunity for members to meet each other and engage with the (ISC)² team on our stand. Like so many key industry events, Infosecurity Europe has been operating as a virtual event for the last two years due to the pandemic but made a triumphant return to physical being this year along with a move to a brand new venue. 2022 saw the show move from London’s Olympia Exhibition... Read more →
Posted by (ISC)² on 27 June 2022 at 12:37 PM in (ISC)² Events, Cybersecurity Workforce, Government , IT Security | Permalink
|
Comments (0)
08 March 2022
The Dilemma of Defense in Depth
By Ala' F. Wrikat, MSc, CISSP, CISM. Ala' is currently a specialist in policies and strategic studies at the Financial-sector's CERT of Jordan. Defense in depth strategy has proven its effectiveness in preventing cyber threats over the years. At the abstract level, most technical security controls are designed with two main components; 1) a knowledge base, and 2) a matching engine. Each security product has its own version of a growing knowledge base of feeds (whatever these feeds are). The content and how frequent these knowledge bases get updated are often the basis of competition between vendors. In this context,... Read more →
Posted by (ISC)² Management on 08 March 2022 at 08:00 AM in IT Security, Operations Security | Permalink
|
Comments (1)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (158)
- Center for Cyber Safety and Education (52)
- Cloud Security (132)
- Cybersecurity Certifications (375)
- Cybersecurity Training (309)
- Cybersecurity Workforce (242)
- Digital Forensics (29)
- Ethics (52)
- Government (123)
- Insider Risk (56)
- IT Security (371)
- Legal (45)
- Malware (112)
- Network Security (175)
- Operations Security (140)
- Privacy (114)
- Ransomware (82)
- Risk (194)
- Software Development (44)
- Spotlight (71)