E-Waste: Australia’s Hidden ESG Nightmare
Australia has an e-waste problem, and for all the conversations around climate change, energy use, plastics and other ESG matters, it’s surprising that more isn’t said about it.
risk
6 ChatGPT risks for legal and compliance leaders
Legal and compliance leaders should address their organization’s exposure to six specific ChatGPT risks, and what guardrails to establish to ensure responsible enterprise use of generative AI tools, according to Gartner. “The output generated by ChatGP…
#IdentityManagementDay – Best Practices to Help Keep Your Organization Secure
By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd. We kicked off the Identity and Access Management Processes from the Top-Level Management approach. The Identity and Access Management Security Steering Committee is a group of C-Suites leaders, also referred to as the respective Data and Asset Owners from the various Business Units of my organization. The group met and established the governing policy around the Identity and Access Management Processes. The governance covers the Mandatory Access Control Policy and Trust Policy of the organization which are automatically enforced as the baselines on default. The governance of…
Cybersecurity Industry News Review – March 21, 2023
KillNet is bad for your health, TikTok facing further bans, ransomware impacts cancer test results, Russia allegedly increasing its cyberwarfare efforts. By Joe Fay Microsoft Demonstrates How KillNet Is Bad for Our Healthcare Sector Microsoft has highlighted a rise in DDoS attacks on healthcare organizations, mapping a three-fold increase in attacks over three months. It said it tracked 10 to 20 attacks per day on healthcare organizations on Azure in November but was seeing 40 to 60 per day in February. The attack mix changed over this time, it added, with over half of attacks now being UDP floods, with…
Analysis: Lookalike Confusable Domains Fuel Phishing Attacks
By John E. Dunn Phishing attacks depend on creating huge numbers of lookalike ‘confusable’ domains. A new report has highlighted the most prevalent examples and suggested a way to detect phishing domains before they are used in anger. Ever since phishing attacks gathered steam two decades ago, the ability of criminals to create ‘confusable’ or typosquatting domains that look plausibly similar to real ones has been a thorn in everyone’s side. Companies have their brands hijacked, users are tricked into clicking on phishing emails that look genuine, and registrars are roundly criticized for allowing all of this to happen. Large…
SVB Collapse: A Stark Warning for Technology and Cybersecurity Startups!
By Dave Cartwright, CISSP A week is a long time in most business sectors. In the intertwined world of banking and startups, it feels like an eternity as both sides deal with the fallout from the collapse of Silicon Valley Bank (SVB); the financial crisis impacting a myriad of startups suffering cashflow loss and disruption, with other banks now seemingly in poor shape after experiencing runs. For the technology and cybersecurity startups, not just those in California, that used SVB as their banker or lender (or both), its failure could delay or derail at least part of the next wave…
Latest Cyberthreats and Advisories – March 17, 2023
Cybercriminals pounce on SVB collapse, privacy concerns around ChatGPT and the FBI warns of a rise in crypto scams. Here are the latest threats and advisories for the week of March 17, 2023. By John Weiler Threat Advisories and Alerts FBI Warning: Cryptocurrency Investment Schemes on the Rise The U.S. Federal Bureau of Investigation (FBI) is warning internet users of an increase in cryptocurrency investment scam schemes, which defrauded victims of over $2 billion in 2022. Cybercriminals (usually located overseas) use social media platforms, dating apps, professional networking apps and other online means to connect with targets. The criminals then…
Cybersecurity Industry News Review – March 14, 2023
The U.K. Online Safety Bill triggers a security rebuke from WhatsApp, the Czech Republic concerned about TikTok, an international law enforcement effort shuts down the NetWire RAT infrastructure, while a study suggests workforce malaise towards reporting security incidents. By Joe Fay WhatsApp Would Leave U.K. Rather Than Break Encryption WhatsApp would pull its end-to-end encrypted messaging service in the U.K., rather than submit to any requirement to weaken its privacy stance to comply with the U.K. government’s Online Safety Bill. WhatsApp chief Will Cathcart said that 98 per cent of its users were outside the U.K., and ALL users wanted…
Cybersecurity Industry News Review: March 7, 2023
Cybercrime may have less of a gender issue than cybersecurity, LastPass gives attack update, CISA warns on Royal ransomware gang while WHSmith and DISH Network count the cost after both suffer cyber attacks. Study: Gender No Barrier To Participating In “Meritocratic” Cybercriminal Community If the cybersecurity industry is struggling to achieve gender parity, it could learn some lessons from its criminal flipside. A study from Trend Micro suggests that the cyber underground “provides an open environment for individuals of any gender to find employment or a side business”. Its analysis suggested gender was not a barrier to finding work as…
What’s Driving the Demand for GRC Professionals in Critical Infrastructure?
As geopolitical tensions continue, cyberwarfare has taken its toll on the world. Last July, the FBI, CISA and the Department of the Treasury issued a joint advisory about North Korean hackers targeting U.S. healthcare systems. Another warning was issued about Russian state-sponsored CNI attacks aimed against Ukraine or organizations providing materiel support. Alarmingly, the last few years have seen cyberattacks on oil and gas (Colonial Pipeline), nuclear operations (Iranian nuclear facility, Kansas nuclear plant, Stuxnet) and water utilities (Oldsmar, Israeli facilities) among others. In response, more CNI-geared legislation is on the way. The most game-changing move on this front last…