Category: Cybersecurity Insiders

It’s obvious that all of us would love to have access to the social media accounts of our loved ones in the event of their death. As this allows to know the life of the bereaved and how they spent…

Read more →

As soon as Tesla Chief Elon Musk took over the reins of Twitter in the October 2022, many users who weren’t happy with his takeover jumped to Mastodon, a Germany-based social media platform. The aversion was such that the user…

Read more →

According to a press release of Hospital Clinic de Barcelona, the computer systems at a ransomware attack disrupted the said hospital, this cancelling nearly 90 emergency operations and disallowing 3000 patients going for a general checkup. The attackers conducted the…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  This blog was jointly authored with Arjun Patel.…

Read more →

Firewall optimization (also known as firewall analysis) is the process of analyzing and adjusting the configuration and policy set of a firewall to improve performance and security. This process involves reviewing and corelating log data and device configurations, identifying potential…

Read more →

Can you believe that threat actors can easily steal data from Google Cloud Platform (GCP) leaving no forensic trace about their activities? It’s true! Mitiga researchers recently discovered that hackers are stealing data from GCP storage buckets as the differentiating-log…

Read more →

Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their…

Read more →

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers. Executive summary As we move towards more automation,…

Read more →

Cisco, the networking giant that also into the business of cloud and Cybersecurity business, has announced that it is soon going to acquire Valtix, a start-up in the business of cloud security. Information is out that the deal might take…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  A radius server uses a network protocol for…

Read more →

Read the previous blog on Governance of Zero Trust in manufacturing in the series here. Manufacturers are some of the most ambitious firms on the planet when it comes to harnessing the power of edge technology to modernize their businesses. As they…

Read more →

Major U.S. government and corporate breaches, the White House enforces TikTok ban and the NCSC issues zero trust guidance. Here are the latest threats and advisories for the week of March 3, 2023.  Threat Advisories and Alerts  NCSC Publishes Guidance…

Read more →

We’re so excited to announce our 2023 Partner of the Year awards. These annual awards recognize AT&T Cybersecurity partners that demonstrate excellence in growth, innovation, and implementation of customer solutions based on our AT&T USM Anywhere platform. AT&T Cybersecurity’s 2023…

Read more →

By Joe Fay Not even a pyramid scheme – they just convince people to give away their money.  A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  When strategizing a security approach for the coming…

Read more →

CISA of the United States has issued a warning to all public and private entities to stay away from the Royal Ransomware group. They issued an advisory as a part of StopRansomware Campaign and issued some tips that help raise…

Read more →

By Joe Fay  Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok.  Australia to Overhaul Cybersecurity Rules  The Australian government is…

Read more →

Any priced item in the world, mostly electronics, gets duplicated in China and is thereafter sold as a cost-effective product. Meaning, those who cannot afford a branded good can get the Chinese product for half or quarter of the price.…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Integrating Cybersecurity in UX design The digital landscape…

Read more →

By Amit Shaked, CEO and co-founder, Laminar Out of the total reported data breaches in 2022 in the U.S., nearly half (45%) happened in the cloud and cost organizations over $9 million. While the statistics paint a bleak picture, the…

Read more →

As part of its expanded diversity, equity and inclusion (DEI) initiative, (ISC)² and its partner, BUiLT (Blacks United in Leading Technology, Inc.), are releasing four new toolkits aimed at increasing the number of Black and underrepresented professionals entering, staying and…

Read more →

In today's world, cybersecurity is an ever-growing concern for businesses. With the rising threat of cyber threats and data breaches, it can be difficult for companies to keep up with the latest security technologies and stay ahead of the curve.…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  More and more, people are completing the entire…

Read more →

By Matt Lindley, COO and CISO at NINJIO As cyberattacks become increasingly frequent and destructive, cybersecurity education is no longer optional. When companies suffer a data breach, they’re liable to lose millions of dollars and the trust of their customers…

Read more →

WH Smith, United Kingdom’s most popular bookseller and stationary seller has become a target of a cyber attack that led to leak of information such as names, addresses, national insurance numbers and DOBs of staff members, both current and former.…

Read more →

By Amit Shaked, CEO and co-founder, Laminar Out of the total reported data breaches in 2022 in the U.S., nearly half (45%) happened in the cloud and cost organizations over $9 million. While the statistics paint a bleak picture, the…

Read more →

From early this year, two malware variants targeted almost 6-7 law firms spread through two separate incidents, alerting whole of the world about the lurking cyber threat. Cybersecurity firm eSentire was the first to uncover the truth as its security…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Recent trends show that car dealerships are becoming…

Read more →

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023.  Threat Advisories and Alerts …

Read more →

By John E. Dunn Forget vanilla phishing attacks – cybercriminals today have much more interesting tricks up their sleeves. MFA Fatigue Attacks  When push notification via smartphone first appeared, it looked as if the industry had finally found a type…

Read more →

By Vivek Soni, CCSP Key Risk Indicators (KRIs) are critical predictors/indicators of undesirable events that can adversely impact the organisation. These are the kind of metrics which are forward looking and contribute to the early warning sign that facilitates enterprise…

Read more →

Practitioners from across the cybersecurity industry and the (ISC)² member community are invited to submit their session proposals as the cyber world begins its journey to Nashville.  (ISC)² today launched its call for presentations for its annual (ISC)² Security Congress…

Read more →

Some of the biggest prevailing challenges in the cybersecurity world over the last year have been those revolving around securing the software supply chain across the enterprise. The software that enterprises build for internal use and external consumption by their…

Read more →

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers. Executive summary As we move towards more automation,…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  This blog was jointly authored with Arjun Patel.…

Read more →

Belgium government has made an official announcement that Beijing launched cyber-attacks on a prominent MP of the nation and tagged the activity as a “Crime against Humanity”. Samuel Cogolati is the MP who was targeted by spear phishing attack from…

Read more →

At (ISC)², we pride ourselves in our steadfast dedication to maintaining the relevance and quality of all the certifications in our portfolio. (ISC)² certifications are constantly being reviewed and updated to make sure they are serving the needs of professionals…

Read more →

Read the previous blog on Governance of Zero Trust in manufacturing in the series here. Manufacturers are some of the most ambitious firms on the planet when it comes to harnessing the power of edge technology to modernize their businesses. As they…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  A radius server uses a network protocol for…

Read more →

It is a well-known fact that those spreading malware like ransomware strike the same victim twice, if/when the victim shows negligence in fixing up the vulnerability that previously led to a data breach. The same thing happened with LastPass, a…

Read more →

No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. If you suffer a breach, the loss of data…

Read more →

By Joe Fay Aviva subsidiary assessing impact on data and customers. Wider group unaffected.  Financial services giant Aviva’s recently acquired subsidiary Succession Wealth has been hit by a cyberattack, leaving it trying to assess the impact on a customer base…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  When strategizing a security approach for the coming…

Read more →

We’re so excited to announce our 2023 Partner of the Year awards. These annual awards recognize AT&T Cybersecurity partners that demonstrate excellence in growth, innovation, and implementation of customer solutions based on our AT&T USM Anywhere platform. AT&T Cybersecurity’s 2023…

Read more →

Apple Inc has issued an update that it will soon release the fix to the two newly discovered vulnerabilities that are plaguing iPhone users for the past two weeks. According to an update released by privacy experts at VPNOverview, these…

Read more →

Ransomware attacks seem to surge day by day on the servers belonging to government agencies and the latest to fall as the victim is the computer network of the US Marshals Service, aka USMS. According to the update provided by…

Read more →

The latest (ISC)² research report, How the Cybersecurity Workforce Will Weather a Recession, found that despite looming recession concerns, cybersecurity teams will be least impacted by staffing cuts in 2023.   To assess the impact of a potential economic downturn…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  In a world where you can scan the…

Read more →

Attacks on software supply chains surged in 2022. A few years after word of the SolarWinds hack first spread, software supply chain attacks show no sign of abating. In the commercial sector, attacks that leverage malicious, open source modules continue to…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Integrating Cybersecurity in UX design The digital landscape…

Read more →

Stanford University, one of the top ranked Universities of the United States and world, has become a victim to a cyber attack leading to data leak or unauthorized access of sensitive information. The leaked details include first and last names…

Read more →

A suspected cyber attack of ransomware genre has reportedly downed the entire websites, apps, and internal systems of American Television service provider Dish Network for the past two days and information is out that it could take at least a…

Read more →

By Joe Fay Think tank warns as economic, political, and cybersecurity risks collide. Accenture heads to Brazil, quantum security firm Sandbox fills up on cash and Biden loses cyber director. Washington Think Tank Warns on Economic Risk and Cybersecurity  Increased…

Read more →

The Center for Cyber Safety and Education, the charitable foundation of (ISC)² founded in 2011, aims to grow the cybersecurity profession and its positive impact on the world by raising awareness, building a diverse pipeline of cybersecurity professionals and activating…

Read more →

In today's world, cybersecurity is an ever-growing concern for businesses. With the rising threat of cyber threats and data breaches, it can be difficult for companies to keep up with the latest security technologies and stay ahead of the curve.…

Read more →

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023.  Threat Advisories and Alerts …

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Recent trends show that car dealerships are becoming…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.   Most, if not all, industries are evolving on…

Read more →

Microsoft has unveiled a new set of malware, known as MagicWeb in the wild and has concluded that the said malicious tool is the work of state-funded hacking group Nobelium that changes its trade crafts as per the machine status…

Read more →

Dole, the online retailer that sells fresh fruits and vegetables, suffered a ransomware attack, disruption its operations and order full fulling to a large extent. Thus, with the latest, the Irish Mega Corp is the second largest company after JBS…

Read more →

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers.  Executive summary Since mid-June 2022, AT&T Managed Extended…

Read more →

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers. Executive summary As we move towards more automation,…

Read more →

A new variant of ransomware, named Nevada Group by some security researchers reportedly targeted about 5000 victims in US and Europe and this took place after the threat actors started exploiting a software vulnerability in Cloud Servers almost 3 weeks…

Read more →

Microsoft has made it official that it is going to introduce the services of its AI ChatGPT on all its premium upcoming mobile phones. Therefore, by June this year, the Bing Chatbot will be offered as Bing Smartphone app and…

Read more →

Romance scams, high-profile attacks on major U.S. companies and an inside look at Royal Mail/Lockbit negotiations. Here are the latest threats and advisories for the week of February 17, 2023. Threat Advisories and Alerts U.S. And South Korean Governments Publish…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  This blog was jointly authored with Arjun Patel.…

Read more →

Manufacturers are some of the most ambitious firms on the planet when it comes to harnessing the power of edge technology to modernize their businesses. As they make plans in 2023 to     enhance business outcomes through the use of technologies such…

Read more →

The latest (ISC)² research report, How the Cybersecurity Workforce Will Weather a Recession, found that despite looming recession concerns, cybersecurity teams will be least impacted by staffing cuts in 2023.   To assess the impact of a potential economic downturn…

Read more →

Every professional in cybersecurity dreams of being a CTO or CIO someday. They think the job is having fewer worries and offers a pay-cheque. But in reality, the practical situation is different and isn’t rosy as said. According to an…

Read more →

After two days in this month, the war between Ukraine and Russian will enter its second year after completing one full year. And to make things worse, the Putin led nation is also found launching digital attacks simultaneously on the…

Read more →

By Joe Fay  Resiliency is the endgame of the U.S. approach to internet and software security.  The U.S. has a vested interest in creating a secure and resilient internet and software ecosystem, even if it means its “adversaries” also benefit,…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  A radius server uses a network protocol for…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  When strategizing a security approach for the coming…

Read more →

All these days we have read about ransomware spreading groups stealing data and then threatening to release it online, if the victim fails to pay heed to their demands. But now a new file encrypting malware variant has emerged onto…

Read more →

Samsung, one of the leading smartphone sellers in the world, has released a new feature to its users that protects them from threats disguised in image attachments. The feature is said to assist users in keeping their devices from cyber…

Read more →

IBM Chief felt ChatGPT, an OpenAI developed a platform of Microsoft, has the potential to replace white-collar jobs such as insurance consultants, lawyers, accountants, computer programmers and admin roles. Arvind Krishna, the lead of the technology at IBM, predicts that…

Read more →

Cybersecurity will defy the tech recession hurting other job roles in 2023, c-suite survey suggests.   Every department loses good people in a recession or economic downturn, unless you work in cybersecurity in 2023 it seems. According to a new (ISC)² report and…

Read more →

First is the news related to China. However, this time it’s different and is interesting. To go on with, all these days we have N number of stories about Chinese hackers infiltrating networks across the world. But the current news…

Read more →

Effective today, the (ISC)² Certified Authorization Professional (CAP) certification is known as the Certified in Governance, Risk and Compliance (CGRC)TM. This name better represents the knowledge, skills and abilities required to earn and maintain this certification. Those who earn and…

Read more →

Romance scams, high-profile attacks on major U.S. companies and an inside look at Royal Mail/Lockbit negotiations. Here are the latest threats and advisories for the week of February 17, 2023. Threat Advisories and Alerts U.S. And South Korean Governments Publish…

Read more →

By John E. Dunn In a fully digital world, organizations are no longer isolated islands. It seems the profession is finally coming to terms with the dark possibilities. What’s the worst thing a bad cyberattack could do to an organization?…

Read more →

Cyberattacks wreak havoc on the U.K., LockBit brings big business to its knees and a massive VMware ransomware campaign. Here are the latest threats and advisories for the week of February 10, 2023.    Threat Advisories and Alerts  Massive Ransomware Campaign…

Read more →

(ISC)² has adopted a new approach to creating and publishing editorial content such as our news, features, opinions and other educational journalism. Helping our members navigate the cybersecurity landscape is an essential part of what we do. Creating topical, engaging…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  In a world where you can scan the…

Read more →

By Joe Fay  Resiliency is the endgame of the U.S. approach to internet and software security.  The U.S. has a vested interest in creating a secure and resilient internet and software ecosystem, even if it means its “adversaries” also benefit,…

Read more →

The Center for Cyber Safety and Education is seeking the guidance and leadership of volunteers willing to serve on its Board of Trustees beginning July 1, 2023 to help achieve its mission. The Center, the charitable foundation of (ISC)², serves…

Read more →

In today's world, cybersecurity is an ever-growing concern for businesses. With the rising threat of cyber threats and data breaches, it can be difficult for companies to keep up with the latest security technologies and stay ahead of the curve.…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the authors in this article. This blog was jointly written with David Maimon,…

Read more →

Succession Wealth, a financial wealth management service offering company, has released a press statement that a cyber attack targeted its servers and it can only reveal details after the investigation gets concluded. Prima Facie revealed that hackers accessed no client…

Read more →

Yes, what you’ve read is right! Within a few years, the technology of Artificial Intelligence(AI) could bring-in the doomsday and kill the entire humanity. And these are not the words analyzed by either Twitter chief Elon Musk or Apple CEO…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  Recent trends show that car dealerships are becoming…

Read more →

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.   Most, if not all, industries are evolving on…

Read more →

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP  In part one of this series, we discussed what lies ahead in 2023, including a rise in wiperware and ransomware attacks plus challenges with OT infrastructure and staffing shortages.   In our part two…

Read more →

John Fokker, Head of Threat Intelligence, Trellix Amidst sustained geopolitical and economic turmoil, it’s perhaps unsurprising that 2022 was an eventful year for cybersecurity. The emergence of the widespread Log4J vulnerability in January set the tone, with the ongoing cyber…

Read more →

We all know that backup servers are only the sole saviors to an organization when a ransomware incident strikes their IT infrastructure. So, to avoid such troubles from file encrypting malware, the following are the steps to follow to protect…

Read more →

First is the news about the compromise of a SAS network as hackers disrupted Scandinavian airlines computer network and accessed information related to thousands of customers. Karin Nyman, the in-charge spokesperson of SAS, stated that his company was working on…

Read more →

With the ever-changing landscape of the cybersecurity industry, it is important to keep certifications current, accurate and relevant – and we need help from you, the cybersecurity professionals, who hold certifications in the field.   (ISC)² is exploring a new…

Read more →

By John E. Dunn The industry is taking a fresh look at the security around multi-factor authentication (MFA) in the face of recent bypass attacks. Multi-factor authentication (MFA) is coming under sustained pressure from attackers, with a striking example being…

Read more →

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers.  Executive summary Since mid-June 2022, AT&T Managed Extended…

Read more →

By Joe Fay Derivatives traders, trainer trainers, and finger lickers all hit by ransomware. Russian hackers lash out after Ukraine tanks deal announced. Apple patches decade old devices.   ION Markets Hit by “Cyber Security Event”  Dublin-based data and software firm…

Read more →