Monthly Archives: February 2023

There is a lot to learn from Reddit’s recent data breach, which was the result of an employee falling for a “sophisticated and highly-targeted” spear phishing attack.

A survey by Tanium has found that IT security professionals in the UK say that 64% of avoidable cyber attacks are due to human error, which usually involves falling for phishing attacks. More than half of the respondents said that … Read More

Effective today, the (ISC)² Certified Authorization Professional (CAP) certification is known as the Certified in Governance, Risk and Compliance (CGRC)TM. This name better represents the knowledge, skills and abilities required to earn and maintain this certification. Those who earn and … Read More

By Joe Fay NHS still recovering from ransomware incidents. Network firm employee confesses to data extortion, as U.S. cyber ambassador admits their Twitter account was hacked as the President turns to industry leaders to advise him. NHS Still Reconnecting After … Read More

By John E. Dunn In a fully digital world, organizations are no longer isolated islands. It seems the profession is finally coming to terms with the dark possibilities. What’s the worst thing a bad cyberattack could do to an organization? … Read More

CyberheistNews Vol 13 #07  |   February 14th, 2023 [Scam of the Week] The Turkey-Syria Earthquake Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria. Less than … Read More

Attackers are abusing a legitimate service called “GeoTargetly” to launch localized phishing attacks, according to Jeremy Fuchs at Avanan. GeoTargetly is meant to be used by advertisers to display ads in countries’ local languages. Avanan observed a phishing campaign that’s … Read More

The (ISC)² Certified in Cybersecurity exam, designed for entry- and junior-level practitioners or career changers looking to start a new cybersecurity career, is now available in six languages, including Chinese, Japanese, Korean, German, Spanish and English.   Making this exam … Read More

The Center for Cyber Safety and Education is seeking the guidance and leadership of volunteers willing to serve on its Board of Trustees beginning July 1, 2023 to help achieve its mission. The Center, the charitable foundation of (ISC)², serves … Read More

Cyberattacks wreak havoc on the U.K., LockBit brings big business to its knees and a massive VMware ransomware campaign. Here are the latest threats and advisories for the week of February 10, 2023.    Threat Advisories and Alerts  Massive Ransomware Campaign … Read More

(ISC)² has adopted a new approach to creating and publishing editorial content such as our news, features, opinions and other educational journalism. Helping our members navigate the cybersecurity landscape is an essential part of what we do. Creating topical, engaging … Read More

Active discussions in hacker forums on the dark web showcase how using a mixture of the Open AI API and automated bot from the Telegram messenger platform can create malicious emails.

In the wake of the rising cost of living, new scams targeting those in less-than-optimal financial situations based on “deprived” areas throughout the country.

Impersonation of users, domains, and brands is on the rise, as is the use of malicious links, in response to security vendors improving their ability to detect malicious attachments.

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP  In part one of this series, we discussed what lies ahead in 2023, including a rise in wiperware and ransomware attacks plus challenges with OT infrastructure and staffing shortages.   In our part two … Read More

By John E. Dunn The industry is taking a fresh look at the security around multi-factor authentication (MFA) in the face of recent bypass attacks. Multi-factor authentication (MFA) is coming under sustained pressure from attackers, with a striking example being … Read More

With the ever-changing landscape of the cybersecurity industry, it is important to keep certifications current, accurate and relevant – and we need help from you, the cybersecurity professionals, who hold certifications in the field.   (ISC)² is exploring a new … Read More

The success of the TV adaption of this PlayStation game ‘The Last of Us’ has been a huge hit for fans. Unfortunately, this new series has attracted bad actors to exploit for their own financial gain.

Online surveys are too often scams designed to steal personal or financial information, warns Phil Muncaster at ESET. Muncaster explains that these surveys are usually distributed via phishing or by ads on websites, impersonating trusted brands and offering phony rewards:

By John E. Dunn  It’s been nearly seven years since the 1.1 revision of NIST’s Cybersecurity Framework. What might be coming in version 2.0?   Since its release in 2014, NIST’s Cybersecurity Framework (CSF) has grown into the one of the … Read More