Category: (ISC)² Blog

Companies target sextortion victims, Google Play malware is hawked on dark marketplaces and zero-click spyware infects iPhones. Here are the latest threats and advisories for the week of April 14, 2023. By John Weiler Threat Advisories and Alerts Predatory Companies…

Read more →

We are less than 200 days away from the 2023 (ISC)² Security Congress conference. Our team is hard at work reviewing the presentations many of you submitted for breakout sessions this year. This year’s event will feature more than 100…

Read more →

Apple plugs security holes for Easter as cops bring Genesis to an end. The UK fines TikTok over underage data use. DDoS attacks surge and cybersecurity professionals keep quiet over breaches. By Joe Fay Apple Rolls Out Fixes for Zero…

Read more →

By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd. We kicked off the Identity and Access Management Processes from the Top-Level Management approach. The Identity and Access Management Security Steering Committee is a group of C-Suites…

Read more →

Tomorrow, April 11 is Identity Management Day. This day serves as an annual reminder to increase awareness and education for leaders, IT decision-makers and the general public on the importance of identity management. The dangers of improper management of digital…

Read more →

Forget SMS 2FA authentication – Twitter and others are making it less attractive by either charging for it or phasing it out altogether. But there’s a better alternative if only tech companies were willing to invest. By John E. Dunn…

Read more →

The U.S. government takes down another dark web forum, Western Digital suffers a cyberattack and the fastest acting ransomware to date. Here are the latest threats and advisories for the week of April 7, 2023. By John Weiler Threat Advisories…

Read more →

With more than 14,000 new Certified in Cybersecurity members joining (ISC)² last year and an additional 180,000+ Candidates gearing up to earn their first certification, (ISC)² will be supporting these cyber newcomers every step of the way. Recently, the Center…

Read more →

UK government potentially skimps on senior cyber role salary as the NCSC calls for more investment in people, Microsoft talks up the potential for ChatGPT and the US moves to ban spyware. By Joe Fay U.K. Treasury Tries to Drive…

Read more →

We all learn differently. And we all have different schedules and needs when it comes to certification training. In the past, finding the time to train has been limiting for some. Enter adaptive online training, a new and innovative way…

Read more →

In the latest of several recent announcements, the U.S. body responsible for cybersecurity is making a clear shift towards pre-emptive over reactionary reporting, alerting and advice for organizations. By John E. Dunn A defining characteristic of ransomware attacks is the…

Read more →

By John Weiler Microsoft patches the “aCropalypse” vulnerability, ChatGPT leaks users’ billing information and the Latitude Financial breach expands to 14 million records. Here are the latest threats and advisories for the week of March 31, 2023. Threat Advisories and…

Read more →

Looking to earn your (ISC)² CISSP certification? Make sure you follow these updated steps to register for your exam. Here is how you can register for the CISSP exam: Log in to your account at www.isc2.org and visit the Register…

Read more →

Anxiety about the security of hot wallets grows as General Bytes customers are hit by a zero-day flaw in the company’s Bitcoin ATMs. By John E. Dunn It’s fair to say that crypto has an image problem. What it didn’t…

Read more →

Today, all members should’ve received an email with a link to a survey inviting feedback on the (ISC)² 2023 Bylaws which closes on April 7, 2023. The URL starts with https://schlesinger.focusvision.com/. We encourage all members to read the bylaws located…

Read more →

By Joe Fay The U.K. writes a cybersecurity prescription for the NHS and for social care, data protection hardware is becoming a big security gap, security specialist MITRE partners up to tackle supply chain security threats, while the E.U. turns…

Read more →

By Joe Fay The U.K. writes a cybersecurity prescription for the NHS and for social care, data protection hardware is becoming a big security gap, security specialist MITRE partners up to tackle supply chain security threats, while the E.U. turns…

Read more →

This March, Women’s History Month, we shared the legacy of Grace Hopper and her trailblazing innovations in software development and computing, highlighted the must-watch webinars by in cybersecurity and met with cyber newcomer and (ISC)² Candidate Nidhi Kannoujia on the…

Read more →

By John E. Dunn Nobody predicted how rapidly AI chatbots would change perceptions of what is possible. Some worry how it might improve phishing attacks. More likely, experts think, will be its effect on targeting. Much has been said about…

Read more →

By John Weiler FBI arrests Breached hacking forum leader, smartphones hijacked without any user involvement and 330,000 customers compromised in Australia by a data breach. Here are the latest threats and advisories for the week of March 24, 2023. Threat…

Read more →

Red Team 2, Ferrari 0? Italian luxury sports car maker Ferrari has warned its small but extremely wealthy list of customers that their personal information may have been exposed in a “cyber incident.” The apparent data grab was disclosed five…

Read more →

“Cloud is the present, and the future. It affects everything, every day, both in business and our personal lives.” With these words Panagiotis Soulos summarizes his philosophy of why the CCSP credential is important to any cybersecurity professional. Panagiotis holds…

Read more →

KillNet is bad for your health, TikTok facing further bans, ransomware impacts cancer test results, Russia allegedly increasing its cyberwarfare efforts. By Joe Fay Microsoft Demonstrates How KillNet Is Bad for Our Healthcare Sector Microsoft has highlighted a rise in…

Read more →

This month, we asked women in the (ISC)² Blog Volunteers group to weigh in on a few questions from their perspective as a female working in cybersecurity. While their experiences in the industry have varied, this group unanimously responded that…

Read more →

Are you ready to take your (ISC)² exam? If so, there is a slight change to the process! When you’re ready to schedule your exam, please log in to your account at isc2.org.* Whether you’re pursuing your first (ISC)² certification,…

Read more →

By Dave Cartwright, CISSP A week is a long time in most business sectors. In the intertwined world of banking and startups, it feels like an eternity as both sides deal with the fallout from the collapse of Silicon Valley…

Read more →

Cybercriminals pounce on SVB collapse, privacy concerns around ChatGPT and the FBI warns of a rise in crypto scams. Here are the latest threats and advisories for the week of March 17, 2023. By John Weiler Threat Advisories and Alerts…

Read more →

By John E. Dunn Two arrests for alleged ransomware crimes and some useful intel. But will the latest Europol action make any difference? Following an international operation encompassing law enforcement agencies in Germany, Ukraine, the Netherlands and the U.S., Europol…

Read more →

You spoke, and we listened – you want more opportunities to be involved and contribute to the decision-making process at (ISC)². Let’s get started. The (ISC)² Board of Directors Bylaws Committee will host the first in a series of webinars…

Read more →

The U.K. Online Safety Bill triggers a security rebuke from WhatsApp, the Czech Republic concerned about TikTok, an international law enforcement effort shuts down the NetWire RAT infrastructure, while a study suggests workforce malaise towards reporting security incidents. By Joe…

Read more →

By John Weiler Mexico timeshare scams, the DoppelPaymer ransomware gang gets busted and a major data leak rocks Oakland, California. Here are the latest threats and advisories for the week of March 10, 2023. Threat Advisories and Alerts FBI Issues…

Read more →

By John Weiler Mexico timeshare scams, the DoppelPaymer ransomware gang gets busted and a major data leak rocks Oakland, California. Here are the latest threats and advisories for the week of March 10, 2023. Threat Advisories and Alerts FBI Issues…

Read more →

By Dave Cartwright, CISSP In February 2023, something very unusual happened. Following a ransomware attack on Royal Mail International, a division of the U.K.’s (formerly state-owned) mail and parcel delivery service, the negotiation between the firm’s representatives and the LockBit…

Read more →

By Nidhi Kannoujia, (ISC)² Candidate The cybersecurity industry is a dynamic and promising field that welcomes diverse perspectives. It requires individuals who understand the intricacies of other industries since security is a collective responsibility. While the security industry is embracing…

Read more →

What have all these webinars got in common? They feature women at the top their cybersecurity game. March 8, 2023, is International Women’s Day, a focal point for recognizing the achievements and contributions that women have made to every element…

Read more →

On International Women’s Day, we look back at the legacy of Rear Admiral Grace Hopper, an innovator and trailblazer in software development and standards for testing computer systems and components. It would be wrong, as we reach International Women’s Day…

Read more →

Spoiler alert: the obvious answer is not always the correct one! Migrating services, apps and data to the cloud is both promising and challenging. The advantages of scalability, flexibility, reduced operational costs and supporting a hybrid workforce can be eliminated…

Read more →

Cybercrime may have less of a gender issue than cybersecurity, LastPass gives attack update, CISA warns on Royal ransomware gang while WHSmith and DISH Network count the cost after both suffer cyber attacks. Study: Gender No Barrier To Participating In…

Read more →

We are continuing the popular bi-monthly CPE credit quiz as we transition from InfoSecurity Professional to our new web-based content platform. The first (ISC)² News and Insights CPE Credit Quiz of 2023 is now live. Every two months, we publish…

Read more →

Major U.S. government and corporate breaches, the White House enforces TikTok ban and the NCSC issues zero trust guidance. Here are the latest threats and advisories for the week of March 3, 2023. Threat Advisories and Alerts NCSC Publishes Guidance…

Read more →

By Joe Fay China is ‘most active, and most persistent threat’ as government pinpoints need for a bigger and more diverse cybersecurity workforce to meet the long-term challenge. The Biden administration has unveiled its long-awaited cybersecurity strategy, effectively putting the…

Read more →

By Dave Cartwright, CISSP The mysterious world of cybersecurity can sometimes be wildly misrepresented on-screen, causing challenges for professionals charged with educating colleagues and other users. Movie and TV screenwriters have been known to play fast and loose with the…

Read more →

By Joe Fay Workers told to make more use of cyber ranges, conferences and webinars as skills gap just gets bigger. The US Department of Defense (DoD) is overhauling the recruitment and training of its cyberspace workforce, providing a template…

Read more →

As geopolitical tensions continue, cyberwarfare has taken its toll on the world. Last July, the FBI, CISA and the Department of the Treasury issued a joint advisory about North Korean hackers targeting U.S. healthcare systems. Another warning was issued about…

Read more →

By John E. Dunn It’s little surprise that many people are skeptical about the rapid encroachment of artificial intelligence (AI) and machine learning (ML) into daily life. However, should cybersecurity professionals be more positive about the benefits for the field?…

Read more →

By Joe Fay Not even a pyramid scheme – they just convince people to give away their money. A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the…

Read more →

By Joe Fay Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok. Australia to Overhaul Cybersecurity Rules The Australian government is…

Read more →

As part of its expanded diversity, equity and inclusion (DEI) initiative, (ISC)² and its partner, BUiLT (Blacks United in Leading Technology, Inc.), are releasing four new toolkits aimed at increasing the number of Black and underrepresented professionals entering, staying and…

Read more →

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023. Threat Advisories and Alerts…

Read more →

By John E. Dunn Forget vanilla phishing attacks – cybercriminals today have much more interesting tricks up their sleeves. MFA Fatigue Attacks When push notification via smartphone first appeared, it looked as if the industry had finally found a type…

Read more →

By Vivek Soni, CCSP Key Risk Indicators (KRIs) are critical predictors/indicators of undesirable events that can adversely impact the organisation. These are the kind of metrics which are forward looking and contribute to the early warning sign that facilitates enterprise…

Read more →

Practitioners from across the cybersecurity industry and the (ISC)² member community are invited to submit their session proposals as the cyber world begins its journey to Nashville. (ISC)² today launched its call for presentations for its annual (ISC)² Security Congress…

Read more →

At (ISC)², we pride ourselves in our steadfast dedication to maintaining the relevance and quality of all the certifications in our portfolio. (ISC)² certifications are constantly being reviewed and updated to make sure they are serving the needs of professionals…

Read more →

By Joe Fay Aviva subsidiary assessing impact on data and customers. Wider group unaffected. Financial services giant Aviva’s recently acquired subsidiary Succession Wealth has been hit by a cyberattack, leaving it trying to assess the impact on a customer base…

Read more →

By Joe Fay Think tank warns as economic, political, and cybersecurity risks collide. Accenture heads to Brazil, quantum security firm Sandbox fills up on cash and Biden loses cyber director. Washington Think Tank Warns on Economic Risk and Cybersecurity Increased…

Read more →

The Center for Cyber Safety and Education, the charitable foundation of (ISC)² founded in 2011, aims to grow the cybersecurity profession and its positive impact on the world by raising awareness, building a diverse pipeline of cybersecurity professionals and activating…

Read more →

Romance scams, high-profile attacks on major U.S. companies and an inside look at Royal Mail/Lockbit negotiations. Here are the latest threats and advisories for the week of February 17, 2023. Threat Advisories and Alerts U.S. And South Korean Governments Publish…

Read more →

By Joe Fay NHS still recovering from ransomware incidents. Network firm employee confesses to data extortion, as U.S. cyber ambassador admits their Twitter account was hacked as the President turns to industry leaders to advise him. NHS Still Reconnecting After…

Read more →

By Joe Fay Resiliency is the endgame of the U.S. approach to internet and software security. The U.S. has a vested interest in creating a secure and resilient internet and software ecosystem, even if it means its “adversaries” also benefit,…

Read more →

The (ISC)² Certified in Cybersecurity exam, designed for entry- and junior-level practitioners or career changers looking to start a new cybersecurity career, is now available in six languages, including Chinese, Japanese, Korean, German, Spanish and English. Making this exam available…

Read more →

Cybersecurity will defy the tech recession hurting other job roles in 2023, c-suite survey suggests. Every department loses good people in a recession or economic downturn, unless you work in cybersecurity in 2023 it seems. According to a new (ISC)²…

Read more →

Effective today, the (ISC)² Certified Authorization Professional (CAP) certification is known as the Certified in Governance, Risk and Compliance (CGRC)TM. This name better represents the knowledge, skills and abilities required to earn and maintain this certification. Those who earn and…

Read more →

By Joe Fay NHS still recovering from ransomware incidents. Network firm employee confesses to data extortion, as U.S. cyber ambassador admits their Twitter account was hacked as the President turns to industry leaders to advise him. NHS Still Reconnecting After…

Read more →

By John E. Dunn In a fully digital world, organizations are no longer isolated islands. It seems the profession is finally coming to terms with the dark possibilities. What’s the worst thing a bad cyberattack could do to an organization?…

Read more →

The (ISC)² Certified in Cybersecurity exam, designed for entry- and junior-level practitioners or career changers looking to start a new cybersecurity career, is now available in six languages, including Chinese, Japanese, Korean, German, Spanish and English. Making this exam available…

Read more →

The Center for Cyber Safety and Education is seeking the guidance and leadership of volunteers willing to serve on its Board of Trustees beginning July 1, 2023 to help achieve its mission. The Center, the charitable foundation of (ISC)², serves…

Read more →

By John E. Dunn It’s been nearly seven years since the 1.1 revision of NIST’s Cybersecurity Framework. What might be coming in version 2.0? Since its release in 2014, NIST’s Cybersecurity Framework (CSF) has grown into the one of the…

Read more →

Cyberattacks wreak havoc on the U.K., LockBit brings big business to its knees and a massive VMware ransomware campaign. Here are the latest threats and advisories for the week of February 10, 2023. Threat Advisories and Alerts Massive Ransomware Campaign…

Read more →

(ISC)² has adopted a new approach to creating and publishing editorial content such as our news, features, opinions and other educational journalism. Helping our members navigate the cybersecurity landscape is an essential part of what we do. Creating topical, engaging…

Read more →

By John E. Dunn The industry is taking a fresh look at the security around multi-factor authentication (MFA) in the face of recent bypass attacks. Multi-factor authentication (MFA) is coming under sustained pressure from attackers, with a striking example being…

Read more →

With the ever-changing landscape of the cybersecurity industry, it is important to keep certifications current, accurate and relevant – and we need help from you, the cybersecurity professionals, who hold certifications in the field. (ISC)² is exploring a new security…

Read more →

By John E. Dunn It’s been nearly seven years since the 1.1 revision of NIST’s Cybersecurity Framework. What might be coming in version 2.0? Since its release in 2014, NIST’s Cybersecurity Framework (CSF) has grown into the one of the…

Read more →

By Joe Fay Derivatives traders, trainer trainers, and finger lickers all hit by ransomware. Russian hackers lash out after Ukraine tanks deal announced. Apple patches decade old devices. ION Markets Hit by “Cyber Security Event” Dublin-based data and software firm…

Read more →

Digitization has evolved to include cloud computing in the delivery of computing services, reduction of costs, improvement of agility, and cloud security. The emergence of various cloud solutions has led organizations towards migrating assets from on-prem to the cloud with…

Read more →

Dependence on the cloud in the modern era is no secret. The growth in cloud applications for both professional and personal use has proved unrelenting as critical applications and services are made solely available through cloud access. In a press…

Read more →

Cybercriminals for hire, Hive ransomware is busted and the JD Sports breach impacts millions of sportswear buyers. Here are the latest threats and advisories for the week of February 3, 2023. Threat Advisories and Alerts U.S. Security Agencies Warn of…

Read more →

By: Joe Fay U.S. looks for half a million cybersecurity professionals, ransomware victims less likely to pay up, analyst warns on Chinese smart device spy threat…but RSA encryption safe from Quantum cracking for now. U.S. struggles with shortage of cybersecurity…

Read more →

Dependence on the cloud in the modern era is no secret. The growth in cloud applications for both professional and personal use has proved unrelenting as critical applications and services are made solely available through cloud access. In a press…

Read more →

By: Joe Fay U.S. looks for half a million cybersecurity professionals, ransomware victims less likely to pay up, analyst warns on Chinese smart device spy threat…but RSA encryption safe from Quantum cracking for now. U.S. struggles with shortage of cybersecurity…

Read more →

By: Joe Fay Simon Thompson, CEO of the U.K.’s Royal Mail, has confirmed in a session with MPs that the crippling of its ability to send parcels and letters abroad was down to a “cyberattack” and that it was “ongoing”.…

Read more →

By: Joe Fay Data Privacy Day (known as Data Protection Day in Europe) falls this Saturday (January 28) and if you haven’t worked out how to mark the day yet, tech vendors and organizations are more than willing to help.…

Read more →

Alerts from national cybersecurity agencies, gaming developer attacks and the Mailchimp/FanDuel breach. Here are the latest threats and advisories for the week of January 27, 2023. Threat Advisories and Alerts CISA Publishes Report to Help Protect Schools from Cyberthreats The…

Read more →

Alerts from national cybersecurity agencies, gaming developer attacks and the Mailchimp/FanDuel breach. Here are the latest threats and advisories for the week of January 27, 2023. Threat Advisories and Alerts CISA Publishes Report to Help Protect Schools from Cyberthreats The…

Read more →

(ISC)² launched a new initiative for individuals pursuing or considering a career in cybersecurity. The goal? To create new pathways to cybersecurity career success and decrease the global workforce gap. Within three months of launching this initiative, we had more…

Read more →

We are excited to have more than 130,000 individuals become (ISC)² Candidates since launching in September 2022. Many of them will go on to earn their Certified in Cybersecurity (CC) as part of our One Million Certified in Cybersecurity pledge.…

Read more →

TikTok is fined for a privacy violation, major corporations suffer breaches and Vice Society attacks another school. Here are the latest threats and advisories for the week of January 20, 2023. Threat Advisories and Alerts U.K. School Survey Reveals Surprising…

Read more →

We often hear that cybersecurity certifications have a global reach. When we spoke with Vanessa Leite we learned how true that actually is. Vanessa holds several certifications, including vendor-specific ones, along with the CISSP and CCSP credentials from (ISC)². She…

Read more →

Cybercriminals attack schools, the FCC looks to change data breach rules and artificial intelligence alters the cybersecurity landscape. Here are the latest threats and advisories for the week of January 13, 2023. Threat Advisories and Alerts How Businesses Can Securely…

Read more →

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP In recent years, we have seen the threat landscape become increasingly complex as threat actors use sophisticated techniques to exploit vulnerabilities of weak passwords, missing patches and antiquated software, thus gaining access to…

Read more →

As practitioners know all too well, it is paramount to remain up to date with the changing landscape of cybersecurity. We regularly conduct Job Task Analysis (JTA) studies to review exam content and outlines to ensure the accuracy, relevance and…

Read more →

The LockBit ransomware gang apologizes, Google settles privacy lawsuits and cybercriminals impersonate brands and the U.K. government. Here are the latest threats and advisories for the week of January 6, 2023. Threat Advisories and Alerts Cybercriminals Impersonate Brands with Search…

Read more →

The (ISC)² New Jersey Chapter held their first virtual international event, which hosted more than 20 thought leaders and 500 registered chapter member attendees. The International (ISC)² Chapter Conference, SECON International, took place virtually, on December 1, 2022, and delivered…

Read more →

With more than 150,000 CISSPs around the world, some of you have asked – what’s the next step? For many of you, that next step is one of the CISSP concentrations focused on security architecture, engineering or management. The CISSP-ISSAP…

Read more →

By Aaron Weathersby, CISSP. Aaron is the Chief Information Officer for Charles R. Drew University of Medicine and Science and holds a Doctor of Science in Cyber Security from Marymount University. He is an Information Technology professional with over 18…

Read more →

Ransomware hits hard around the world – again, Cybercriminals steal food and Fortnite’s developer is fined millions. Here are the latest threats and advisories for the week of December 23, 2022. Threat Advisories and Alerts Criminal Actors Use BEC Attacks…

Read more →

From fighting the ever-present ransomware threat to securing cloud infrastructures to honing identity management practices, the past year’s showcase of (ISC)² webinar topics was wide-ranging and thought-provoking. A cursory look at the topics we tackled throughout 2022 provides a reflection…

Read more →

Dear (ISC)² Members, Associates and Candidates: I hope this message finds you well. As 2022 comes to an end, I am grateful for the opportunity to reflect on the past year and all we have achieved together. Launching an entry-level…

Read more →

By Aaron Weathersby, CISSP. Aaron is the Chief Information Officer for Charles R. Drew University of Medicine and Science and holds a Doctor of Science in Cyber Security from Marymount University. He is an Information Technology professional with over 18…

Read more →

UK cybersecurity leaders recently gathered for a Chatham House members event panel in London to discuss the heightened need for a skilled workforce, the effects the COVID-19 pandemic had on the global cyber workforce and developing skills for the next…

Read more →

The SSCP certification is held by more than 7,000 professionals around the world. Known for its technical rigor, the members who hold this qualification are typically working in areas like IT administration, networks security, security operations or incident response. The…

Read more →