Cyberattacks on the video game industry, big-name brand data breaches and the Tea Pot gangster make headlines this week. Here are the latest threats and advisories for the week of September 23, 2022. Threat Advisories and Alerts Iranian Cybercriminals Target Western Nations Bad actors associated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) have been exploiting Microsoft Exchange, Fortinet and VMware Horizon Log4j vulnerabilities. The attacks have hit critical US infrastructure sectors as well as Canadian, Australian and U.K. organizations. Rather than targeting specific sectors or entities, the cybercriminals are exploiting known vulnerabilities on unprotected networks to extort data... Read more →
188 posts categorized "Risk"
23 September 2022
LATEST CYBERTHREATS AND ADVISORIES - SEPTEMBER 23, 2022
Posted by (ISC)² Management on 23 September 2022 at 08:00 AM in Operations Security, Ransomware, Risk | Permalink
|
Comments (0)
12 September 2022
(ISC)² and Venafi Explore The Strange New World of Machine Identity Management
Earlier this year, (ISC)² hosted a webinar about a new kind of challenge facing cybersecurity: machine identity management. Although this security component has only received sizable attention over the last couple of years, Gartner ranked it among the top eight security trends for 2021. In the webinar, Kevin Bocek, Vice-President of Security Strategy & Threat Intelligence for Venafi, discussed the problems that arise when machine identities fail, infamous machine identity attacks and the protective measures organizations can take. Machine identities – TLS, SSH, and code signing keys and certificates – control encryption, authentication, and code execution for software-based machines such... Read more →
Posted by (ISC)² Management on 12 September 2022 at 08:00 AM in Operations Security, Risk, Software Development | Permalink
|
Comments (2)
12 August 2022
Latest Cyberthreats and Advisories - August 12, 2022
Cyberattacks hit global companies, critical vulnerabilities discovered in top tech products and the top malware strains of 2021 make headlines this week. Here are the latest cybersecurity threats and advisories for the week of August 12, 2022. Threat Advisories and Alerts CISA and ACSC List the Top Malware Strains of 2021 A joint cybersecurity advisory has been released by CISA and ACSC. The advisory names the top malware strains of 2021, which include Agent Tesla, AZORult, Formbook, GootLoader, LokiBot, MOUSEISLAND, NanoCore, Qakbot, Remcos, TrickBot and Ursnif. The malware strains consist of ransomware, information stealers, trojans (RATS) and banking trojans. To... Read more →
Posted by (ISC)² Management on 12 August 2022 at 08:00 AM in Risk | Permalink
|
Comments (0)
10 August 2022
(ISC)² and F5 Examine OWASP’S “Top 10” Report on New Web Application Security Risks
In late 2021, the Open Web Application Security Project® (OWASP®) Foundation released a revised list of the 10 most critical security risks to web applications. The OWASP Top 10 list is the foundation’s flagship project for guidance on securing web applications. (ISC)² hosted a webinar in which Byron McNaught from the application security company F5 discussed key changes in the Top 10 and how to use the list as a foundation for protecting applications. The webinar highlighted the fact that while the OWASP Top 10 had remained largely unchanged for nearly 20 years, the 2021 version included significant updates. For... Read more →
Posted by (ISC)² Management on 10 August 2022 at 08:00 AM in Operations Security, Risk | Permalink
|
Comments (0)
05 August 2022
Latest Cyberthreats and Advisories - August 5, 2022
High profile ransomware attacks, vulnerabilities in popular technology products and a widespread investment scam in Europe. Here are the latest cybersecurity threats and advisories for the week of August 5, 2022. Threat Advisories and Alerts Critical Vulnerability Found in VMware Products VMware has released a security update to patch a critical vulnerability in several of their products, including VMware Workspace ONE Access, vRealize Automation and Identity Manager. If the vulnerability isn’t patched, bad actors with network access could obtain admin privileges. VMware customers using the affected products are recommended to upgrade to the latest version immediately. Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-033 CISA Warns... Read more →
Posted by (ISC)² Management on 05 August 2022 at 11:00 AM in IT Security, Ransomware, Risk | Permalink
|
Comments (0)
15 July 2022
Latest Cyberthreats and Advisories - July 15, 2022
Callback scams, ransomware, Windows attacks and phishing … here are the latest cybersecurity threats and advisories for the week of July 15, 2022. Threat Advisories and Alerts North Korea State-Sponsored Cybercriminals Target U.S. Healthcare Organizations North Korea state-sponsored cyber actors are infecting the systems of U.S. healthcare organizations with Maui ransomware. The malware encrypts the servers of healthcare services—which can freeze up their electronic health care records, diagnostic services, imaging services and other critical functions—disrupting their operations for prolonged periods. Why are healthcare organizations targets? They are more likely to pay ransoms. According to Sophos' State of Ransomware in Healthcare... Read more →
Posted by (ISC)² Management on 15 July 2022 at 10:15 AM in IT Security, Malware, Risk | Permalink
|
Comments (0)
22 March 2022
What Concerns Cyber Pros Most About the Invasion of Ukraine
As the invasion of Ukraine continues alongside a pronounced increase in online disruption aimed at the main sanction-imposing economies, speculation is rampant that a barrage of related cyberattacks on Western allies will at some point result in a mega breach or worse – an incident that may affect critical infrastructure and damage public utilities or vital data stores. To better understand how cybersecurity professionals are assessing the situation, we conducted a poll of (ISC)² members. More than 260 (ISC)²-certified cybersecurity professionals from 41 countries participated, including Ukraine and the Russian Federation. They represent 33 different industries, with the most in... Read more →
Posted by (ISC)² Management on 22 March 2022 at 01:31 PM in Government , Risk | Permalink
|
Comments (0)
10 February 2022
Elevating the Risk Discussion – Quantitative Analytics
By Charlene Deaver-Vazquez, CISSP, CISA. Charlene is the developer of Probabilistic Risk Modeling for Cyber (P-RMOD4Cyber) a framework of mathematical models for quantifying risk. There is a tendency to view the effectiveness of our cybersecurity practice through a single lens – compliance. We apply controls and best practices hardening our systems and continually monitoring our security posture. We implement defense in depth relying on strong perimeter defense and real-time analytics. At this point, we discuss risk in terms of defensive actions, what we’ve done and what we see based on our logs and alerts. What does a typical conversation around... Read more →
Posted by (ISC)² Management on 10 February 2022 at 08:00 AM in Operations Security, Risk | Permalink
|
Comments (0)
22 December 2021
What do cybersecurity experts predict in 2022?
2022 Predictions for the Cybersecurity Industry and Advice for Newcomers or Those Working for Small to Medium-Sized Businesses By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, John Martin, CISSP-ISSAP, CISM, BCS CITP, and Richard Nealon, CISSP-ISSMP, SSCP, SCF, CISM, CISA As long-time information security professionals and (ISC)² Community Champions, we have experienced the way cybersecurity employees engage and work with one another continue to adapt in response to changes in the workplace and world at large. In 2021, we experienced a rapid evolution to these interactions. Like us, you may be wondering, what will 2022 look like for information security professionals?... Read more →
Posted by (ISC)² Management on 22 December 2021 at 07:00 AM in Cybersecurity Workforce, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
29 September 2021
How Continuous Monitoring is a Driver of Effective Risk Management
Continuous Monitoring (CM) as the ability to maintain ongoing awareness of information security, vulnerabilities, and threats to facilitate risk-based decision making. The ultimate objective of CM is to determine if the security and privacy controls implemented by an organization continue to be effective over time considering the inevitable changes that occur in the environment in which the organization operates. Continuous Monitoring removes the limitations of manual or one-time assessments and facilitates real-time risk management through automating monitoring processes. CM benefits businesses in many ways by providing visibility into undiscovered system components, misconfigurations, vulnerabilities, and unauthorized changes, which can potentially expose... Read more →
Posted by (ISC)² Management on 29 September 2021 at 08:00 AM in Cybersecurity Certifications, Risk | Permalink
|
Comments (1)
21 September 2021
The Importance of Adopting a Risk Management Approach to Security and Privacy
With businesses’ digital transformation initiatives accelerated during the pandemic, cyber risks are no longer an issue of the IT department. Cyber risks are business risks threatening the very existence of highly digitized and interconnected organizations. Companies are compelled to address those risks before they impact their operations. Risk management is the process of identifying, assessing and controlling risks to an organization’s business, assets, revenue, productivity and reliability. Risk management informs decision making on the investments, policies and practices to mitigate threats and minimize their adverse effects. A risk management approach benefits an organization in many ways as it strengthens their... Read more →
Posted by (ISC)² Management on 21 September 2021 at 08:00 AM in Cybersecurity Certifications, Risk | Permalink
|
Comments (0)
14 September 2021
National Small Business Week: 10 Best Practices for Small Business Cybersecurity
A recent survey conducted by CNBC and Momentive found that 56% of small business owners are not concerned about being the victim of a cyberattack in the next year and that only 28% of them have a response plan in place in case of a cyberattack. This does not bode well for their longevity, as other industry data shows that 60% of small businesses that suffer a data breach will be out of business within six months. The high cost of remediation and the potential for reputational damage can be more than most small businesses can withstand. Many times, the... Read more →
Posted by (ISC)² Management on 14 September 2021 at 03:00 PM in Cloud Security, Cybersecurity Training, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (0)
17 August 2021
Navigating the Troubled Waters of Risk Management
The nature of organizations is to evolve and adapt to changes and the risks associated with these changes. Businesses migrate to the cloud deploying a multitude of platforms, move their data in the cloud, and employ containerized services not only to survive change but to thrive in this challenging environment. Even though all these technological advancements benefit businesses in many ways, they equally create new risks. The cybersecurity landscape is evolving together with the technological one. Cybersecurity risks have “escaped” from the siloed environment of IT departments and have become business risks. This is where the role of a Certified... Read more →
Posted by (ISC)² Management on 17 August 2021 at 08:00 AM in Cybersecurity Certifications, Risk | Permalink
|
Comments (0)
01 June 2021
The Professional Development Institute Launches Three New Courses
The Professional Development Institute (PDI) is expanding with three new express learning courses: Risk Fundamentals, Forensic Data Acquisitions and Securing the Remote Work Force. These new offerings are self-paced courses separated into two modules that qualify for two CPE credits. The PDI catalog now features 40on-demand courses free for (ISC)² members and associates and available for purchase as individual courses or bundled course access to anyone who is not an (ISC)² member. Let’s take a look at the new offerings: Risk Fundamentals covers the basics of ever-present risks in business and the field of cybersecurity and prepares you to proactively... Read more →
Posted by (ISC)² Management on 01 June 2021 at 08:00 AM in Cybersecurity Training, Risk | Permalink
|
Comments (0)
22 April 2021
Cyber Threats: The Financial System’s Top Risk
With cyber attacks against financial and banking institutions now a daily occurrence, cyber threats have become the biggest risk to the global financial system, according to Federal Reserve Chairman Jerome Powell. During an interview on CBS News’ 60 Minutes, Powell said cyber risks surpass even the types of lending and liquidity risks that led to the Great Recession in 2008. The chances of a financial collapse akin to 2008 are “very low,” he said. “But the world changes, the world evolves, and the risks change as well. The risk we keep our eyes on the most is cyber risk.” If... Read more →
Posted by (ISC)² Management on 22 April 2021 at 07:30 AM in Cybersecurity Training, Cybersecurity Workforce, Malware, Ransomware, Risk | Permalink
|
Comments (0)
13 April 2021
Updates to the (ISC)² CAP Exam. What is Changing?
Earlier this year, we announced an upcoming update to the Certified Authorization Professional (CAP) certification. This (ISC)² certification exam will be updating on August 15, 2021. During the last Job Task Analysis (JTA), the decision was made to expand the CAP to reflect the more diverse day to day work of professionals who were earning the certification. What started built primarily for U.S. government professionals using the Risk Management Framework (RMF) has now expanded to professionals working in the private sector and or organizations around the world. We spoke with the Content Development Manager here at (ISC)², Toni Hahn, about... Read more →
Posted by (ISC)² Management on 13 April 2021 at 08:37 AM in Cybersecurity Certifications, Government , Risk | Permalink
|
Comments (0)
11 March 2021
Latest CrowdStrike Global Threat Report Finds Healthcare Orgs in the Social Engineering Crosshairs
While the world tried to cope with the COVID-19 pandemic in 2020, behind the scenes cybercriminals were taking advantage of “fear, concern and curiosity” to perpetrate a record-setting increase in social engineering attacks, according to a new report from CrowdStrike. A solid majority of cyberattacks (79%) resulted from hands-on-keyboard techniques, which means a human being was involved, according to the 2021 CrowdStrike Global Threat Report. Such attacks, the report says, have increased fourfold in the past four years. Healthcare continues to be a favorite target, even after some threat actors vowed to stay away from patient-treatment facilities during the pandemic.... Read more →
Posted by (ISC)² Management on 11 March 2021 at 09:22 AM in Risk | Permalink
|
Comments (0)
12 February 2021
Cybersecurity Predictions for 2021 from the (ISC)² Community of Security Professionals (Part 2)
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP John Martin, CISSP-ISSAP, CISM Richard Nealon, CISSP-ISSMP, SSCP, SCF In part one of this blog series, we discussed privacy, remote access (aka Work from Home), insider threats, data leakage, Zero Trust Architecture (ZTA) and security architecture. To continue this discussion, we believe that 2021 will still see folks working from home; thus, the risks due to insider threats and data leakage will continue to grow. However, we believe that there are other concerns for information security professionals, including edge computing, 5G, IoMT/IoT, AI and ransomware. Edge Computing Edge Computing is a distributed computing... Read more →
Posted by (ISC)² Management on 12 February 2021 at 07:45 AM in Cloud Security, Cybersecurity Workforce, Network Security, Operations Security, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
01 February 2021
Remote Work During the Pandemic: What We Got Wrong
By Stephen Fried, CISSP As COVID-19 began to spread rapidly across the globe in 2020, many organizations moved their employees off company premises and enabled large "work from home" efforts. Nobody knew how long this would last, but we assumed we could work remotely for a few months until this thing worked itself out, then return to the office and get back to "normal." We were very wrong. We weren’t just wrong about the length of the crisis; we were wrong about how our employees defined “home.” What we didn’t anticipate is that the pandemic would force companies to rethink... Read more →
Posted by (ISC)² Management on 01 February 2021 at 08:30 AM in IT Security, Network Security, Privacy, Risk | Permalink
|
Comments (1)
29 May 2020
Study: Pandemic Boosts Cybersecurity Demand
Demand is up for cybersecurity solutions and services as businesses try to cope with the effects of the COVID-19 pandemic. In a survey of technology firms, industry association CompTIA found that customer inquiries regarding cybersecurity were up by 36% in April -- second only to inquiries about communications, collaboration and A/V technologies. The increased demand for cybersecurity and collaboration technologies makes sense in light of the sudden increase in work-from-home (WFH) numbers. The ranks of remote workers shot up as a result of stay-at-home and lockdown directives issued by governments in efforts to manage the spread of COVID-19. Recent (ISC)2... Read more →
Posted by (ISC)² Management on 29 May 2020 at 08:00 AM in Cybersecurity Workforce, Government , Malware, Network Security, Operations Security, Risk | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (152)
- Center for Cyber Safety and Education (52)
- Cloud Security (128)
- Cybersecurity Certifications (373)
- Cybersecurity Training (305)
- Cybersecurity Workforce (232)
- Digital Forensics (28)
- Ethics (51)
- Government (112)
- Insider Risk (55)
- IT Security (362)
- Legal (43)
- Malware (107)
- Network Security (166)
- Operations Security (133)
- Privacy (108)
- Ransomware (75)
- Risk (188)
- Software Development (44)
- Spotlight (70)