Get ready to gain valuable insights into the world of technology strategy with Infosecurity Magazine. With a wealth of news, features, webinars, white papers, podcasts, and events, you’ll be equipped with the latest industry knowledge and expert insights to navigate the ever-evolving landscape of information security. From malware vulnerabilities and cybersecurity challenges to data breaches and emerging trends, Infosecurity Magazine covers it all. Don’t miss out on the opportunity to stay up-to-date with the latest developments in technology strategy – subscribe to their weekly newsletter today!
Overview
In the ever-evolving world of cybersecurity, staying informed is essential to protect yourself and your organization from potential threats. This comprehensive article will cover the latest news, webinars, white papers, and hot topics in the field of information security.
News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Recently, Russia’s APT29 has been making headlines for targeting embassies using the Ngrok and WinRAR exploit. These sophisticated cyber attacks pose a significant threat to national security. It is crucial to stay vigilant and ensure robust cybersecurity measures are in place to defend against such threats.
NCSC Announces New Standard For Indicators of Compromise
The National Cyber Security Centre (NCSC) has announced a new standard for indicators of compromise. This is a positive step towards enhancing the detection and response capabilities of organizations. By adopting these standards, businesses can better identify and mitigate potential cyber threats.
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
With Black Friday just around the corner, scammers are exploiting the popularity of luxury brands to deceive and defraud unsuspecting victims. It is essential to be cautious while shopping online, ensure secure payment methods, and verify the authenticity of websites before making any purchase.
FBI Lifts the Lid on Notorious Scattered Spider Group
The FBI has recently exposed the notorious Scattered Spider Group, shedding light on their malicious activities and cyber attacks. This revelation highlights the importance of collaboration between law enforcement agencies and the cybersecurity community to combat cybercrime effectively.
Royal Mail to Spend £10m on Ransomware Remediation
In response to the growing threat of ransomware attacks, the Royal Mail has committed £10 million to strengthen their ransomware remediation efforts. This investment is a crucial step towards protecting critical infrastructure and preventing potential disruptions to essential services.
British Library: Ransomware Recovery Could Take Months
The British Library has recently fallen victim to a ransomware attack, resulting in potential disruptions to their services. Recovering from such attacks can be a lengthy process, highlighting the need for effective cybersecurity measures to prevent and mitigate the impact of ransomware incidents.
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
A critical flaw in Apache ActiveMQ has been discovered, leaving Linux systems vulnerable to the Kinsing malware. This serves as a reminder of the importance of regular patching and updates to ensure system security and protect against malware infections.
Employee Policy Violations Cause 26% of Cyber Incidents
A significant number of cyber incidents are caused by employee policy violations. It is essential for organizations to prioritize cybersecurity awareness and training programs to educate employees about best practices and prevent inadvertent data breaches or security lapses.
Why Ensuring Supply Chain Security in the Space Sector is Critical
Securing the supply chain is of utmost importance in the space sector, where cybersecurity challenges are unique and the potential impact of a breach is significant. Organizations operating in this sector must prioritize robust supply chain security measures to safeguard critical infrastructure and sensitive data.
LockBit Affiliates are Exploiting Citrix Bleed, Government Agencies Warn
Government agencies have issued warnings about LockBit affiliates exploiting the Citrix Bleed vulnerability. Organizations that utilize Citrix software must ensure they have implemented the necessary patches and updates to prevent unauthorized access.
Microsoft Launches Defender Bug Bounty Program
Microsoft has launched a bug bounty program for its Defender cybersecurity software. This initiative encourages researchers and hackers to identify vulnerabilities and report them to Microsoft, ultimately strengthening the security of their software products.
Regulator Issues Privacy Ultimatum to UK’s Top Websites
The Information Commissioner’s Office (ICO) has issued an ultimatum to the UK’s top websites, warning of enforcement action if they fail to provide users with fair choices regarding privacy. This emphasizes the importance of transparency and user consent in data collection and processing practices.
Europol Launches OSINT Taskforce to Hunt For Russian War Crimes
Europol has established an OSINT task force to hunt for evidence of Russian war crimes. This initiative demonstrates the essential role of cybersecurity and intelligence agencies in leveraging open-source information to investigate and prosecute cybercriminals involved in large-scale attacks.
India Faces Surge in IM App Attacks With Trojan Campaigns
India is currently experiencing a surge in instant messaging (IM) app attacks, primarily through Trojan campaigns. Users must exercise caution while using IM apps, avoid clicking on suspicious links or downloading unknown files, and regularly update their devices’ security software.
Webinars
The Next Frontier for Data Security: Insights from Safeguarding Fortune 500 Data Transfers
This upcoming webinar will provide valuable insights into the next frontier of data security, specifically focusing on safeguarding Fortune 500 data transfers. Attendees will learn about the latest strategies and technologies to protect sensitive data and mitigate the risks associated with data transfers.
Mastering Software Supply Chain Security with Strategic Defense Mechanisms
In this webinar, experts will discuss strategic defense mechanisms to enhance software supply chain security. Attendees will gain a deeper understanding of the vulnerabilities and risks within the software supply chain and learn practical strategies to mitigate these risks effectively.
White papers
A CISO’s Guide to Post-Quantum Cryptography Migration White Paper
This white paper serves as a comprehensive guide for Chief Information Security Officers (CISOs) on migrating to post-quantum cryptography. With the advent of quantum computing, it is imperative for organizations to prepare for a future where current cryptographic algorithms may no longer be secure.
Corporates Up Their Cyber Preparedness As Cyber Attacks Become More Widespread White Paper
As cyber attacks become more widespread and sophisticated, this white paper explores how corporates are enhancing their cyber preparedness. It provides valuable insights into the latest trends and best practices in cybersecurity, allowing organizations to strengthen their defenses against evolving threats.
5 Ways to Strengthen Your Active Directory Password Policy White Paper
This white paper outlines five practical ways to strengthen an organization’s Active Directory password policy. By implementing these recommendations, organizations can significantly enhance the security of their Active Directory environment and protect against unauthorized access and cyber attacks.
On-demand webinars
Challenging the Rules of Security: A Better Way to Protect the Enterprise
In this on-demand webinar, industry experts challenge traditional approaches to security and present a new perspective on protecting the enterprise. Attendees will gain valuable insights into innovative security strategies and technologies that can effectively safeguard organizations against modern cyber threats.
How to Secure Your Modern Corporate Perimeter with Endpoint Security
This on-demand webinar focuses on securing the modern corporate perimeter using advanced endpoint security solutions. Participants will learn about the latest advancements in endpoint security and how they can effectively protect their organization’s network and endpoints from cyber attacks.
Reducing Downtime in ICS and OT: A Guide to Cyber Readiness and Response
Featuring experts in industrial control systems (ICS) and operational technology (OT) security, this on-demand webinar provides a comprehensive guide to reducing downtime and ensuring cyber readiness in critical infrastructure. Attendees will gain practical insights and strategies to enhance the resilience of their ICS and OT systems against cyber threats.
Incident Response: Four Key Cybersecurity Measures to Protect Your Business
This on-demand webinar highlights four key cybersecurity measures that organizations should implement to improve their incident response capabilities and protect their business from cyber attacks. Attendees will learn practical strategies to detect, analyze, and respond to security incidents effectively.
Forward-Thinking Practices to Manage IT Risk
In this on-demand webinar, industry experts discuss forward-thinking practices to manage IT risk. Participants will gain actionable insights into risk assessment, risk mitigation, and incident response, allowing them to proactively manage and minimize IT-related risks.
Vulnerability Management: Why a Risk-Based Approach is Essential
This on-demand webinar explores the importance of a risk-based approach to vulnerability management. Attendees will learn the fundamentals of vulnerability management, the key components of a risk-based approach, and practical strategies to effectively prioritize and remediate vulnerabilities.
Nation State Cyber-Attacks in the News: How Do They Affect You?
Featuring expert analysis of recent nation-state cyber attacks, this on-demand webinar examines the impact of these attacks on organizations and individuals. Attendees will gain a deeper understanding of the motivations, tactics, and potential consequences of nation-state cyber warfare.
Embracing ChatGPT: Unleashing the Benefits of LLMs in Security Operations
In this on-demand webinar, cybersecurity professionals explore the benefits of leveraging language model models (LLMs), specifically ChatGPT, in security operations. Participants will gain insights into how LLMs can enhance threat intelligence, incident response, and security automation.
How to Enhance Information Security Resilience with the New ISO/IEC 27001 Standard
This on-demand webinar provides a comprehensive guide to enhancing information security resilience using the latest ISO/IEC 27001 standard. Attendees will gain practical insights into implementing and maintaining an effective information security management system (ISMS) aligned with industry best practices.
Identify How Cyber Criminals Use Generative AI in Business Email Compromise (BEC) Attacks
In this on-demand webinar, experts delve into how cyber criminals are leveraging generative artificial intelligence (AI) in Business Email Compromise (BEC) attacks. Attendees will gain valuable insights into the techniques employed by cyber criminals and learn ways to detect and defend against BEC attacks.
Hot Topics
CISA Unveils Healthcare Cybersecurity Guide
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a comprehensive guide to healthcare cybersecurity. Given the critical nature of healthcare data and infrastructure, this guide provides valuable recommendations and best practices to ensure the security and privacy of sensitive patient information.
US Cybersecurity Lab Suffers Major Data Breach
A major data breach has recently occurred in a US cybersecurity lab, highlighting the vulnerabilities even within organizations with strong security measures. This incident serves as a reminder of the importance of continuously assessing and strengthening cybersecurity defenses to prevent data breaches.
NCSC Announces New Standard For Indicators of Compromise
The National Cyber Security Centre (NCSC) has introduced a new standard for indicators of compromise (IOCs), enhancing the detection and response capabilities of organizations. By adopting this standard, businesses can better identify and mitigate potential cyber threats, improving overall cybersecurity posture.
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Russia’s APT29 has been actively targeting embassies using the Ngrok and WinRAR exploit. This cyber espionage campaign poses a significant threat to national security. Organizations must collaborate with intelligence agencies and enhance their cybersecurity measures to protect against such advanced threats.
Cybersecurity Executive Pleads Guilty to Hacking Hospitals
A cybersecurity executive has recently pleaded guilty to hacking hospitals. This case highlights the need for stringent background checks and employee monitoring to prevent insider threats. Organizations must prioritize cybersecurity awareness and training programs to mitigate the risk of such incidents.
Infostealer Lumma Evolves With New Anti-Sandbox Method
Infostealer Lumma, a notorious malware variant, has evolved with a new anti-sandbox method. This discovery underscores the importance of robust cybersecurity measures, including advanced threat detection and prevention solutions, to protect against evolving malware variants and their sophisticated evasion techniques.
British Library: Ransomware Recovery Could Take Months
The British Library has recently experienced a ransomware attack, highlighting the disruptive and long-lasting effects of such incidents. Ransomware recovery can be a complex and time-consuming process, necessitating a proactive approach to cybersecurity to prevent such attacks from occurring.
Black Friday: Malwarebytes Warns of Credit Card Skimming Surge
As Black Friday approaches, cybersecurity experts have raised concerns about a surge in credit card skimming attacks. Consumers must remain vigilant while shopping online, using secure payment methods, and maintaining up-to-date antivirus and antimalware software to protect their financial information.
CSA Launches First Zero Trust Certification
The Cloud Security Alliance (CSA) has launched the first Zero Trust certification program. Zero Trust architecture is a proactive cybersecurity approach that requires continuous verification of user identities and strict access controls. This certification program can help organizations ensure they are following best practices in implementing Zero Trust principles.
Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams
The cyber skills gap continues to widen, with approximately 4 million unfilled cybersecurity positions worldwide. This shortage of skilled professionals poses a significant challenge to organizations in maintaining robust cybersecurity defenses. Layoffs in security teams further exacerbate the issue, highlighting the need for innovative solutions to bridge the skills gap.
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
As Black Friday approaches, scammers are leveraging the popularity of luxury brands to deceive and defraud unsuspecting victims. It is crucial for shoppers to exercise caution, verify the authenticity of websites, and utilize secure payment methods to safeguard against these fraudulent schemes.
ICBC and Allen & Overy Hit By Ransomware
Ransomware attacks have targeted ICBC and Allen & Overy, underscoring the indiscriminate nature of this cyber threat. Even large organizations with robust security measures can fall victim to ransomware attacks. It is essential for organizations of all sizes to prioritize cybersecurity and implement preventive measures to mitigate the risk of such incidents.
Blogs
Breaking down barriers: Social Links’ Mission to Democratize the OSINT Industry
This blog highlights the mission of Social Links to democratize the OSINT (Open-Source Intelligence) industry. By providing accessible and user-friendly tools, Social Links aims to bridge the gap between traditional information security practices and OSINT techniques, empowering organizations to effectively combat cyber threats.
How Security Awareness Training Can Help Bridge the Cybersecurity Skills Gap
This blog explores how security awareness training can play a crucial role in bridging the cybersecurity skills gap. By educating employees about the latest threats, best practices, and preventive measures, organizations can empower their workforce to become the first line of defense against cyber attacks.
Next-gen infosec: How to Prevent Data Leakages
This blog delves into next-generation information security practices to prevent data leakages. It highlights the importance of proactive monitoring, robust data loss prevention (DLP) solutions, and employee training in identifying and mitigating data leakage risks.
Top Cloud Misconceptions that Could Damage Your Organization
This blog uncovers common cloud misconceptions that could potentially harm an organization’s security posture. By dispelling these misconceptions and providing accurate information, organizations can make informed decisions regarding cloud adoption and ensure the implementation of appropriate security measures.
Improve Asset Visibility in OT Security With Hybrid AI-Cloud Approaches
This blog discusses the significance of asset visibility in operational technology (OT) security. By leveraging hybrid AI-cloud approaches, organizations can gain comprehensive visibility into their OT infrastructure, identify vulnerabilities, and proactively address potential cyber risks.
In conclusion, staying informed about the latest developments in cybersecurity is essential to protect yourself and your organization from evolving threats. By keeping up with news, participating in webinars, and exploring white papers, you can strengthen your knowledge and implement effective strategies to safeguard against cyber attacks.