risk

LATEST CYBERTHREATS AND ADVISORIES – FEBRUARY 10, 2023

Cyberattacks wreak havoc on the U.K., LockBit brings big business to its knees and a massive VMware ransomware campaign. Here are the latest threats and advisories for the week of February 10, 2023. Threat Advisories and Alerts Massive Ransomware Campaign Targets VMware ESXi Servers The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a script for retrieving VMware ESXi servers encrypted by the massive ESXiArgs ransomware campaign. The attack began last week when cybercriminals launched their attack. At the time of writing, 2,800 servers are know to have been encrypted. As for the script, the U.S. cybersecurity organization has…

February 10, 2023
0 comment
Read More >>

Analysis: Could NIST’s Cybersecurity Framework 2.0 be the beginning of international best practice?

By John E. Dunn It’s been nearly seven years since the 1.1 revision of NIST’s Cybersecurity Framework. What might be coming in version 2.0? Since its release in 2014, NIST’s Cybersecurity Framework (CSF) has grown into the one of the world’s most influential cybersecurity references for best practice and planning. In January, the world finally caught sight of the draft CSF Concept Paper that will form the basis of the next version 2.0 overhaul due for release around mid-2023. From this draft, it is clear that the CSF is developing fast, taking on new and much wider ambitions since the…

February 8, 2023
0 comment
Read More >>

Cybersecurity Industry News Review: February 7, 2023

By Joe Fay Derivatives traders, trainer trainers, and finger lickers all hit by ransomware. Russian hackers lash out after Ukraine tanks deal announced. Apple patches decade old devices. ION Markets Hit by “Cyber Security Event” Dublin-based data and software firm ION Markets has been hit by a “cyber event” which has had a knock-on effect on financial futures and derivatives markets worldwide. The attack is thought to have been ransomware related. ION Markets said the attack on its ION Cleared Derivatives division was “contained to a specific environment”, all the affected servers are disconnected, and remediation of services is ongoing….

February 8, 2023
0 comment
Read More >>

LATEST CYBERTHREATS AND ADVISORIES – FEBRUARY 3, 2023

Cybercriminals for hire, Hive ransomware is busted and the JD Sports breach impacts millions of sportswear buyers. Here are the latest threats and advisories for the week of February 3, 2023. Threat Advisories and Alerts U.S. Security Agencies Warn of Malicious Use of RMM Software A joint cybersecurity advisory issued by the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) warns that legitimate remote monitoring and management (RMM) software is being used for malicious purposes. After cybercriminals gain access to target networks, they use the software as a “backdoor…

February 3, 2023
0 comment
Read More >>

Help Shape the CGRC Exam – Formerly Known As CAP

As practitioners know all too well, it is paramount to remain up to date with the changing landscape of cybersecurity. We regularly conduct Job Task Analysis (JTA) studies to review exam content and outlines to ensure the accuracy, relevance and excellence of all (ISC)² exams. The Certified in Governance, Risk and Compliance (CGRC), formerly known as the Certified Authorization Professional (CAP) exam, was last refreshed in 2021. The certification is undergoing a name change to more accurately reflect the knowledge, skills and abilities required to earn and maintain this certification. As part of our regular updates to exams, it is…

January 9, 2023
0 comment
Read More >>

Latest Cyberthreats and Advisories – January 6, 2023

The LockBit ransomware gang apologizes, Google settles privacy lawsuits and cybercriminals impersonate brands and the U.K. government. Here are the latest threats and advisories for the week of January 6, 2023. Threat Advisories and Alerts Cybercriminals Impersonate Brands with Search Ads And Fake Sites The U.S. Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are directing internet browsers to malicious sites via search ads. How does the scam work? Bad actors build a fake website that impersonates a legitimate brand and then advertises it to appear at the top of search results. Once browsers click the ad,…

January 6, 2023
0 comment
Read More >>

Risk is …

 … when threat exploits vulnerability causing impact… tough to measure, express and control… the product of probability and impact… the gap between theory and practice… the root of pessimism and optimism … the once-in-a-hundred-years e…

August 8, 2022
0 comment
Read More >>

CISO workshop slides

A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title ‘CISO Workshop: Security Program and Strategy’ with ‘Your Name Here’ suggests it might be a template for use in a workshop/cou…

August 6, 2022
0 comment
Read More >>