risk

Latest Cyberthreats and Advisories – March 17, 2023

Cybercriminals pounce on SVB collapse, privacy concerns around ChatGPT and the FBI warns of a rise in crypto scams. Here are the latest threats and advisories for the week of March 17, 2023. By John Weiler Threat Advisories and Alerts FBI Warning: Cryptocurrency Investment Schemes on the Rise The U.S. Federal Bureau of Investigation (FBI) is warning internet users of an increase in cryptocurrency investment scam schemes, which defrauded victims of over $2 billion in 2022. Cybercriminals (usually located overseas) use social media platforms, dating apps, professional networking apps and other online means to connect with targets. The criminals then…

March 17, 2023
0 comment
Read More >>

Cybersecurity Industry News Review – March 14, 2023

The U.K. Online Safety Bill triggers a security rebuke from WhatsApp, the Czech Republic concerned about TikTok, an international law enforcement effort shuts down the NetWire RAT infrastructure, while a study suggests workforce malaise towards reporting security incidents. By Joe Fay WhatsApp Would Leave U.K. Rather Than Break Encryption WhatsApp would pull its end-to-end encrypted messaging service in the U.K., rather than submit to any requirement to weaken its privacy stance to comply with the U.K. government’s Online Safety Bill. WhatsApp chief Will Cathcart said that 98 per cent of its users were outside the U.K., and ALL users wanted…

March 14, 2023
0 comment
Read More >>

Cybersecurity Industry News Review: March 7, 2023

Cybercrime may have less of a gender issue than cybersecurity, LastPass gives attack update, CISA warns on Royal ransomware gang while WHSmith and DISH Network count the cost after both suffer cyber attacks. Study: Gender No Barrier To Participating In “Meritocratic” Cybercriminal Community If the cybersecurity industry is struggling to achieve gender parity, it could learn some lessons from its criminal flipside. A study from Trend Micro suggests that the cyber underground “provides an open environment for individuals of any gender to find employment or a side business”. Its analysis suggested gender was not a barrier to finding work as…

March 7, 2023
0 comment
Read More >>

What’s Driving the Demand for GRC Professionals in Critical Infrastructure?

As geopolitical tensions continue, cyberwarfare has taken its toll on the world. Last July, the FBI, CISA and the Department of the Treasury issued a joint advisory about North Korean hackers targeting U.S. healthcare systems. Another warning was issued about Russian state-sponsored CNI attacks aimed against Ukraine or organizations providing materiel support. Alarmingly, the last few years have seen cyberattacks on oil and gas (Colonial Pipeline), nuclear operations (Iranian nuclear facility, Kansas nuclear plant, Stuxnet) and water utilities (Oldsmar, Israeli facilities) among others. In response, more CNI-geared legislation is on the way. The most game-changing move on this front last…

March 2, 2023
0 comment
Read More >>

Latest Cyberthreats and Advisories – February 24, 2023

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023. Threat Advisories and Alerts NCSC Provides Recommendations on Supply Chain Security As the recent ransomware attack on ION Trading revealed, supply chain attacks can be devastating to a business and have knock-on effects for suppliers and customers alike. The U.K. National Cyber Security Centre recently published guidance on the topic to help companies address supply chain cyberthreats. The article provides detailed security recommendations, including…

February 24, 2023
0 comment
Read More >>

The Significance of Key Risk Indicators in Organisations

By Vivek Soni, CCSP Key Risk Indicators (KRIs) are critical predictors/indicators of undesirable events that can adversely impact the organisation. These are the kind of metrics which are forward looking and contribute to the early warning sign that facilitates enterprise to report risks, prevent calamity and remediate them promptly. Risks to an organisation may vary based on their business environment and the respective business unit. For example, an IT service management team might worry about changes going into production without approvals, an Information Security Team might focus on preventing data compromise, a bank might be concerned with fraudulent bank accounts…

February 24, 2023
0 comment
Read More >>

Cybersecurity Industry News Review: February 15, 2023

By Joe Fay NHS still recovering from ransomware incidents. Network firm employee confesses to data extortion, as U.S. cyber ambassador admits their Twitter account was hacked as the President turns to industry leaders to advise him. NHS Still Reconnecting After 2022 Lockbit Attack on Supplier Just how disruptive ransomware can be was illustrated this past week, six months after an attack on UK health software supplier Advanced. The attack on Advanced first emerged in August 2022, causing disruption across a range of NHS services. Health and secondary care minister Will Quince said that while most affected NHS organizations were up…

February 15, 2023
0 comment
Read More >>

LATEST CYBERTHREATS AND ADVISORIES – FEBRUARY 10, 2023

Cyberattacks wreak havoc on the U.K., LockBit brings big business to its knees and a massive VMware ransomware campaign. Here are the latest threats and advisories for the week of February 10, 2023. Threat Advisories and Alerts Massive Ransomware Campaign Targets VMware ESXi Servers The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a script for retrieving VMware ESXi servers encrypted by the massive ESXiArgs ransomware campaign. The attack began last week when cybercriminals launched their attack. At the time of writing, 2,800 servers are know to have been encrypted. As for the script, the U.S. cybersecurity organization has…

February 10, 2023
0 comment
Read More >>

Analysis: Could NIST’s Cybersecurity Framework 2.0 be the beginning of international best practice?

By John E. Dunn It’s been nearly seven years since the 1.1 revision of NIST’s Cybersecurity Framework. What might be coming in version 2.0? Since its release in 2014, NIST’s Cybersecurity Framework (CSF) has grown into the one of the world’s most influential cybersecurity references for best practice and planning. In January, the world finally caught sight of the draft CSF Concept Paper that will form the basis of the next version 2.0 overhaul due for release around mid-2023. From this draft, it is clear that the CSF is developing fast, taking on new and much wider ambitions since the…

February 8, 2023
0 comment
Read More >>