By John E. Dunn Two arrests for alleged ransomware crimes and some useful intel. But will the latest Europol action make any difference? Following an international operation encompassing law enforcement agencies in Germany, Ukraine, the Netherlands and the U.S., Europol announced the arrests in Germany and Ukraine of what it believes are two of the five core “masterminds” of the DoppelPaymer ransomware group. The first suspect was described as a German national, the second as a Ukrainian, in raids that also involved searching properties in Kiev and Kharkiv. Beyond that, details are scarce although Europol said the German suspect was... Read more →
16 March 2023
Analysis: Where Next As Europol Hails Rare DoppelPaymer Ransomware Success
Posted by (ISC)² Management on 16 March 2023 at 03:00 AM in Ransomware | Permalink
|
Comments (0)
15 March 2023
Meet the 2023 (ISC)² Bylaws Committee
You spoke, and we listened – you want more opportunities to be involved and contribute to the decision-making process at (ISC)². Let’s get started. The (ISC)² Board of Directors Bylaws Committee will host the first in a series of webinars March 21 to introduce members to this year’s bylaws review and amendment process. Join us to learn how you can share your ideas to help build a better (ISC)² as we look to the future. The new Bylaws Committee, chaired by Board of Directors member Lisa Young, CISSP, consists of Directors and members-at-large. Join the webinar to hear directly from... Read more →
Posted by (ISC)² Management on 15 March 2023 at 09:35 AM in (ISC)² Events | Permalink
|
Comments (0)
14 March 2023
Cybersecurity Industry News Review – March 14, 2023
The U.K. Online Safety Bill triggers a security rebuke from WhatsApp, the Czech Republic concerned about TikTok, an international law enforcement effort shuts down the NetWire RAT infrastructure, while a study suggests workforce malaise towards reporting security incidents. By Joe Fay WhatsApp Would Leave U.K. Rather Than Break Encryption WhatsApp would pull its end-to-end encrypted messaging service in the U.K., rather than submit to any requirement to weaken its privacy stance to comply with the U.K. government’s Online Safety Bill. WhatsApp chief Will Cathcart said that 98 per cent of its users were outside the U.K., and ALL users wanted... Read more →
Posted by (ISC)² Management on 14 March 2023 at 05:00 AM in Digital Forensics, Ethics, Government , IT Security, Malware, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
10 March 2023
Latest Cyberthreats and Advisories - March 10, 2023
By John Weiler Mexico timeshare scams, the DoppelPaymer ransomware gang gets busted and a major data leak rocks Oakland, California. Here are the latest threats and advisories for the week of March 10, 2023. Threat Advisories and Alerts FBI Issues Warning About Mexico Timeshare Scam The U.S. Federal Bureau of Investigation (FBI) has issued an advisory about timeshare scams in Mexico, which affected over 600 people and resulted in roughly $39.6 million in victim losses last year. How does the scam work? Owners of timeshares in Mexico receive an unexpected email or phone call from fraudsters requesting to sell or... Read more →
Posted by (ISC)² Management on 10 March 2023 at 09:00 AM in Privacy, Ransomware | Permalink
|
Comments (0)
What We Learned from The Royal Mail Ransomware Chat
By Dave Cartwright, CISSP In February 2023, something very unusual happened. Following a ransomware attack on Royal Mail International, a division of the U.K.’s (formerly state-owned) mail and parcel delivery service, the negotiation between the firm’s representatives and the LockBit ransomware attackers made it into the public domain. As reported in January 2023, Royal Mail engaged with the U.K. National Crime Agency (NCA) and National Cyber Security Centre (NCSC), and part of the resulting activity was to negotiate with representatives of LockBit – without much success. The first thing of note is that the chat covers a time period of... Read more →
Posted by (ISC)² Management on 10 March 2023 at 04:00 AM in Ransomware | Permalink
|
Comments (0)
08 March 2023
Voices of Women in Cyber - (ISC)² Candidate Nidhi Kannoujia
By Nidhi Kannoujia, (ISC)² Candidate The cybersecurity industry is a dynamic and promising field that welcomes diverse perspectives. It requires individuals who understand the intricacies of other industries since security is a collective responsibility. While the security industry is embracing diversity, unfortunately, it still faces a significant gap in terms of gender representation, particularly with women being underrepresented. Women account for only 25% jobs in cybersecurity, according to a Women in Cybersecurity report by Cybersecurity Ventures. There is an opportunity to leverage our skills to close this gender gap. Several years ago, I began exploring this exciting field and have... Read more →
Posted by (ISC)² Management on 08 March 2023 at 11:00 AM | Permalink
|
Comments (1)
International Women’s Day: Must-Watch Webinars by Women in Cybersecurity
What have all these webinars got in common? They feature women at the top their cybersecurity game. March 8, 2023, is International Women’s Day, a focal point for recognizing the achievements and contributions that women have made to every element of society. The cybersecurity sector is fortunate to include women who are experts and visionaries that are changing our technologies and approaches for the better, as well as serving as role models to help encourage even more women to pursue a career in the sector and bring greater equality and balance to the workforce. Whether you want to go deeper... Read more →
Posted by (ISC)² Management on 08 March 2023 at 08:00 AM in Cybersecurity Workforce | Permalink
|
Comments (0)
Grace Hopper: The Woman Who Changed How We Code and Test
On International Women’s Day, we look back at the legacy of Rear Admiral Grace Hopper, an innovator and trailblazer in software development and standards for testing computer systems and components. It would be wrong, as we reach International Women’s Day 2023, not to write about a prominent woman from the tech-and-cyber world. And of the rising number of female stars of the industry, there is one whose name rises immediately to the top of the list: the late Rear Admiral Grace Brewster Hopper, who was born Grace Murray in December 1906 and lived until the age of 85. Mathematics was... Read more →
Posted by (ISC)² Management on 08 March 2023 at 03:30 AM | Permalink
|
Comments (1)
07 March 2023
Can a Barista Become Your Next SOC Analyst?
Spoiler alert: the obvious answer is not always the correct one! Migrating services, apps and data to the cloud is both promising and challenging. The advantages of scalability, flexibility, reduced operational costs and supporting a hybrid workforce can be eliminated by the challenges of cloud security and talent gap. Those two challenges are closely interrelated as it is demonstrated by numerous surveys. For example, the (ISC)² Cloud Security Report 2022 indicates that: 93% of organizations are moderately to extremely concerned about the massive skills shortage of qualified cybersecurity professionals 57% admit this lack of staff expertise makes cloud compliance challenging... Read more →
Posted by (ISC)² Management on 07 March 2023 at 08:00 AM in Cloud Security | Permalink
|
Comments (0)
Cybersecurity Industry News Review: March 7, 2023
Cybercrime may have less of a gender issue than cybersecurity, LastPass gives attack update, CISA warns on Royal ransomware gang while WHSmith and DISH Network count the cost after both suffer cyber attacks. Study: Gender No Barrier To Participating In “Meritocratic” Cybercriminal Community If the cybersecurity industry is struggling to achieve gender parity, it could learn some lessons from its criminal flipside. A study from Trend Micro suggests that the cyber underground “provides an open environment for individuals of any gender to find employment or a side business”. Its analysis suggested gender was not a barrier to finding work as... Read more →
Posted by (ISC)² Management on 07 March 2023 at 06:00 AM in Ransomware, Risk | Permalink
|
Comments (0)
06 March 2023
Earn CPE Credits For Reading (ISC)² News and Insights With Our Quiz
We are continuing the popular bi-monthly CPE credit quiz as we transition from InfoSecurity Professional to our new web-based content platform. The first (ISC)² News and Insights CPE Credit Quiz of 2023 is now live. Every two months, we publish a 10-question quiz with questions based on some of our editorial content from that period. Successfully passing the quiz results in two CPE credits being automatically added to your total. Readers of our former bi-monthly magazine InfoSecurity Professional will know that each issue included a quiz, allowing members to earn CPE credits by passing the quiz, verifying they had read... Read more →
Posted by (ISC)² Management on 06 March 2023 at 11:02 AM in Cybersecurity Workforce | Permalink
|
Comments (22)
03 March 2023
Latest Cyberthreats and Advisories - March 3, 2023
Major U.S. government and corporate breaches, the White House enforces TikTok ban and the NCSC issues zero trust guidance. Here are the latest threats and advisories for the week of March 3, 2023. Threat Advisories and Alerts NCSC Publishes Guidance on Zero Trust Security The U.K. National Cyber Security Centre has published guidance on how companies can leverage zero trust security. The article explains why some systems can’t integrate into a zero trust network. Organizations can get around this issue by building a mixed estate using a zero trust proxy or a managed virtual private network (VPN). ZK Java Web... Read more →
Posted by (ISC)² Management on 03 March 2023 at 04:00 PM in Ransomware | Permalink
|
Comments (0)
White House Cybersecurity Strategy Will Make Big Tech Step Up in Ongoing Cyber Struggle
By Joe Fay China is ‘most active, and most persistent threat’ as government pinpoints need for a bigger and more diverse cybersecurity workforce to meet the long-term challenge. The Biden administration has unveiled its long-awaited cybersecurity strategy, effectively putting the country on a permanent cyberwar footing, with the Federal government adopting zero trust while demanding tech providers take more responsibility for securing their products and tackling cyberthreats. “Voluntary” approaches to securing critical infrastructure will be stiffened with regulation, tailored to individual sectors. The Federal government will also root out insecure legacy systems from its own estate, while building up its... Read more →
Posted by (ISC)² Management on 03 March 2023 at 09:30 AM | Permalink
|
Comments (0)
The Top Five Most Fun Cybersecurity Mistakes in TV and Movies
By Dave Cartwright, CISSP The mysterious world of cybersecurity can sometimes be wildly misrepresented on-screen, causing challenges for professionals charged with educating colleagues and other users. Movie and TV screenwriters have been known to play fast and loose with the facts. Any car involved in an accident, no matter how minor, explodes in a hideous fireball. Everyone can find an on-street parking space right outside their house. Whenever text appears on a computer screen there’s a clicky-beepy sound for each letter that appears. No wonder, then, that the role and actions of cybersecurity can sometimes be even more wildly misrepresented... Read more →
Posted by (ISC)² Management on 03 March 2023 at 04:00 AM in Spotlight | Permalink
|
Comments (1)
02 March 2023
U.S. DoD Puts CPD At Heart of Its New Cyber Workforce Strategy
By Joe Fay Workers told to make more use of cyber ranges, conferences and webinars as skills gap just gets bigger. The US Department of Defense (DoD) is overhauling the recruitment and training of its cyberspace workforce, providing a template for other public and private sector organizations battling both a growing cyber threat and widening skills gap. The DoD’s Cyber Workforce Strategy stands as a potential model for how other public and private sector organizations should be reshaping their cybersecurity teams and nurturing talent. When the US-based Bipartisan Policy Centre detailed the “Top Risks in Cybersecurity 2023”, it highlighted the... Read more →
Posted by (ISC)² Management on 02 March 2023 at 02:00 PM | Permalink
|
Comments (0)
What’s Driving the Demand for GRC Professionals in Critical Infrastructure?
As geopolitical tensions continue, cyberwarfare has taken its toll on the world. Last July, the FBI, CISA and the Department of the Treasury issued a joint advisory about North Korean hackers targeting U.S. healthcare systems. Another warning was issued about Russian state-sponsored CNI attacks aimed against Ukraine or organizations providing materiel support. Alarmingly, the last few years have seen cyberattacks on oil and gas (Colonial Pipeline), nuclear operations (Iranian nuclear facility, Kansas nuclear plant, Stuxnet) and water utilities (Oldsmar, Israeli facilities) among others. In response, more CNI-geared legislation is on the way. The most game-changing move on this front last... Read more →
Posted by (ISC)² Management on 02 March 2023 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Workforce, Risk | Permalink
|
Comments (0)
01 March 2023
(ISC)² Members Reveal Deep Skepticism About Artificial Intelligence and Machine Learning
By John E. Dunn It’s little surprise that many people are skeptical about the rapid encroachment of artificial intelligence (AI) and machine learning (ML) into daily life. However, should cybersecurity professionals be more positive about the benefits for the field? (ISC)² asked its members and candidates – experienced cybersecurity practitioners as well as those at the beginning of their career – whether or not they were concerned about the growth and adoption of both AI and ML in different scenarios. The results of the straw poll of 126 people revealed a consistently high degree of concern and skepticism about the... Read more →
Posted by (ISC)² Management on 01 March 2023 at 08:00 AM in Cybersecurity Workforce, Privacy | Permalink
|
Comments (0)
28 February 2023
Crypto Scammers Game YouTube for Amplification While Keeping Under Radar, Researchers Find
By Joe Fay Not even a pyramid scheme – they just convince people to give away their money. A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the video platform’s safety team, researchers at WithSecure have said. The network used YouTube to post and boost videos encouraging victims to take part in fraudulent USDT (Tether) cryptocurrency investment schemes. Users were promised lucrative returns when they moved cryptocurrency from their wallets into wallets associated with the “apps” highlighted in the videos. WithSecure Intelligence Researcher Andy Patel tracked over 700... Read more →
Posted by (ISC)² Management on 28 February 2023 at 12:00 PM in Spotlight | Permalink
|
Comments (0)
Cybersecurity Industry News Review: February 28, 2023
By Joe Fay Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok. Australia to Overhaul Cybersecurity Rules The Australian government is overhauling its approach to cybersecurity and will create a new agency to coordinate responses to cyberattacks and manage investment. The plans follow publication of a discussion paper on cybersecurity following recent high-profile attacks, including one that affected telco Optus. The minister for home affairs, Clare O’Neil, described the current regime as “bloody useless.” AT&T Selling a Cybersecurity Business, Trend Micro... Read more →
Posted by (ISC)² Management on 28 February 2023 at 08:00 AM in Government , Ransomware | Permalink
|
Comments (0)
27 February 2023
Advance Your Cybersecurity Career with Toolkits from (ISC)² and BUiLT
As part of its expanded diversity, equity and inclusion (DEI) initiative, (ISC)² and its partner, BUiLT (Blacks United in Leading Technology, Inc.), are releasing four new toolkits aimed at increasing the number of Black and underrepresented professionals entering, staying and advancing in the cybersecurity profession. “Diversity continues to lag in the tech and cyber industries – and in order to meet the workforce gap head on, we need to create racial equity by helping the Black community explore new career possibilities within these fields,” said Peter Beasley, executive director and chairman of the board, BUiLT. “Partnering with (ISC)² encourages a... Read more →
Posted by (ISC)² Management on 27 February 2023 at 07:30 AM in Cybersecurity Workforce | Permalink
|
Comments (1)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (152)
- Center for Cyber Safety and Education (52)
- Cloud Security (128)
- Cybersecurity Certifications (373)
- Cybersecurity Training (305)
- Cybersecurity Workforce (232)
- Digital Forensics (28)
- Ethics (51)
- Government (112)
- Insider Risk (55)
- IT Security (362)
- Legal (43)
- Malware (107)
- Network Security (166)
- Operations Security (133)
- Privacy (108)
- Ransomware (75)
- Risk (188)
- Software Development (44)
- Spotlight (70)