Are you looking for a comprehensive guide to the latest technology strategies in the field of information security? Look no further than Infosecurity Magazine’s Insider’s Guide. Packed with insightful news articles, webinars, white papers, podcasts, and events, this guide provides you with the most up-to-date information on industry trends, expert insights, and dedicated content on information security. From the latest cyber threats and vulnerabilities to strategies for securing your supply chain, this guide covers it all. Don’t miss out – subscribe to their weekly newsletter and stay ahead of the game in the ever-evolving world of technology and cybersecurity.

News

Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit

In recent news, it has been discovered that Russia’s APT29 cyber espionage group has been targeting embassies using the Ngrok and WinRAR exploit. This sophisticated attack has raised concerns regarding the security of diplomatic channels and the potential implications it may have on international relations. Government agencies and security experts are closely monitoring the situation and working to mitigate the impact of this cyber threat.

NCSC Announces New Standard For Indicators of Compromise

The National Cyber Security Centre (NCSC) has recently announced a new standard for indicators of compromise (IoCs). This standard aims to improve the detection and response capabilities of organizations by establishing a framework for identifying and sharing information about cyber threats. By adopting this standard, organizations can enhance their cybersecurity posture and effectively combat evolving cyber threats.

Black Friday: Scammers Exploit Luxury Brands to Lure Victims

With the approach of Black Friday, scammers are leveraging the popularity of luxury brands to deceive unsuspecting victims. These malicious actors use various tactics, such as phishing emails and fake websites, to trick shoppers into providing sensitive information or making fraudulent purchases. Shoppers are advised to remain vigilant and exercise caution when engaging in online shopping during the holiday season.

FBI Lifts the Lid on Notorious Scattered Spider Group

The FBI has recently revealed insights into the operations of the notorious Scattered Spider cybercriminal group. This group, known for its sophisticated tactics and high-profile targets, has been involved in various cybercrimes, including data breaches and ransomware attacks. By shedding light on their activities, law enforcement agencies hope to disrupt their operations and bring the perpetrators to justice.

Royal Mail to Spend £10m on Ransomware Remediation

Royal Mail, the UK’s national postal service, has announced plans to invest £10 million in ransomware remediation. This significant investment reflects the growing threat of ransomware attacks and the need for robust cybersecurity measures. By allocating resources to improve their security infrastructure, Royal Mail aims to safeguard their operations and protect sensitive customer information.

British Library: Ransomware Recovery Could Take Months

The British Library, one of the world’s largest libraries, has recently disclosed that the recovery process from a ransomware attack could take months. This revelation highlights the extensive damage that ransomware attacks can cause and the complex nature of restoring systems and data. It serves as a reminder for organizations to prioritize cybersecurity measures and develop robust incident response plans.

Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware

A critical flaw in Apache ActiveMQ, an open-source messaging broker, has left Linux systems vulnerable to the Kinsing malware. This malware can compromise servers and install malicious cryptocurrency mining software, leading to financial losses and system instability. Linux system administrators are advised to patch the vulnerability promptly and monitor their systems for any signs of compromise.

Employee Policy Violations Cause 26% of Cyber Incidents

A recent study has revealed that employee policy violations account for 26% of cyber incidents. This statistic underscores the importance of proper cybersecurity training and establishing robust policies and procedures within organizations. By educating employees about cybersecurity best practices and enforcing policy compliance, organizations can significantly reduce their risk of falling victim to cyberattacks.

Why Ensuring Supply Chain Security in the Space Sector is Critical

The space sector faces unique cybersecurity challenges, and ensuring the security of the supply chain is of utmost importance. With increasing reliance on satellite technology and the growing commercialization of space, protecting critical infrastructure and systems is crucial. Organizations operating in the space sector must prioritize supply chain security to mitigate the risk of cyber threats and safeguard missions.

LockBit Affiliates are Exploiting Citrix Bleed, Government Agencies Warn

Government agencies have issued warnings about LockBit affiliates exploiting the Citrix Bleed vulnerability. This vulnerability allows attackers to gain unauthorized access to Citrix ADC and Gateway devices, leading to potential data breaches and system compromise. Organizations are advised to apply the necessary patches and closely monitor their systems for any signs of unauthorized activity.

Microsoft Launches Defender Bug Bounty Program

Microsoft has recently launched a bug bounty program for its Defender antivirus software. This program aims to incentivize security researchers to discover and report vulnerabilities in Defender, allowing Microsoft to improve the overall security of the software. By actively engaging with the cybersecurity community, Microsoft demonstrates its commitment to providing users with robust and secure antivirus protection.

Regulator Issues Privacy Ultimatum to UK’s Top Websites

The Information Commissioner’s Office (ICO) has issued an ultimatum to the UK’s top websites, warning of enforcement action if they fail to provide users with fair choices regarding their privacy. This ultimatum comes amid growing concerns about data privacy and the need for organizations to prioritize user consent and transparency. The ICO’s action serves as a reminder for organizations to comply with privacy regulations and prioritize user privacy.

Europol Launches OSINT Taskforce to Hunt For Russian War Crimes

Europol has launched an Open Source Intelligence (OSINT) task force to hunt for evidence of Russian war crimes. This initiative showcases the growing role of OSINT in law enforcement and intelligence gathering. By leveraging publicly available information, Europol aims to identify and prosecute individuals involved in various war crimes. This development highlights the importance of OSINT in combating cyber threats and criminal activities.

India Faces Surge in IM App Attacks With Trojan Campaigns

India has experienced a surge in instant messaging (IM) app attacks, primarily targeting mobile users through Trojan campaigns. These attacks aim to steal sensitive information, such as banking credentials and personal data. Indian users are urged to remain cautious while using IM apps and take necessary precautions, such as using strong passwords and enabling two-factor authentication, to protect themselves from cyber threats.

Webinars

The Next Frontier for Data Security: Insights from Safeguarding Fortune 500 Data Transfers

Join us for a webinar on November 23, 2023, at 15:00 GMT, 10:00 EST to gain valuable insights into the next frontier for data security. Learn from experts who have experience safeguarding Fortune 500 data transfers and discover best practices for protecting sensitive information in today’s rapidly evolving threat landscape. Don’t miss out on this opportunity to enhance your data security strategies.

Mastering Software Supply Chain Security with Strategic Defense Mechanisms

On November 30, 2023, at 14:00 EST, 11:00 PST, join our webinar to understand the importance of mastering software supply chain security. Discover strategic defense mechanisms that can help mitigate the risks associated with software supply chain vulnerabilities. Experts will share their insights and provide actionable steps to ensure the integrity and security of your software supply chain.

White papers

A CISO’s Guide to Post-Quantum Cryptography Migration

In the era of quantum computing, traditional cryptographic algorithms are prone to being cracked, leading to potential security vulnerabilities. This white paper serves as a guide for Chief Information Security Officers (CISOs) looking to understand and navigate the process of migrating to post-quantum cryptography. Stay ahead of the curve and ensure the long-term security of your organization’s sensitive data.

Corporates Up Their Cyber Preparedness As Cyber Attacks Become More Widespread

As cyber attacks become increasingly prevalent, corporates must prioritize their cyber preparedness efforts. This white paper explores the evolving threat landscape and provides insights into how organizations can strengthen their cybersecurity defenses. By adopting proactive cybersecurity measures, corporates can mitigate the risks associated with cyber attacks and safeguard their critical assets.

5 Ways to Strengthen Your Active Directory Password Policy

Passwords remain a critical component of cybersecurity, and organizations must ensure the strength of their Active Directory password policies. This white paper outlines five effective strategies for reinforcing Active Directory password policies and enhancing overall password security. Implementing these recommendations can significantly reduce the risk of unauthorized access and protect sensitive information.

On-demand webinars

Challenging the Rules of Security: A Better Way to Protect the Enterprise

In this on-demand webinar, discover a better way to protect your enterprise by challenging traditional security rules. Industry experts will discuss innovative approaches to cybersecurity and provide insights into emerging threats. Learn how to stay one step ahead of cybercriminals and develop a proactive and resilient cybersecurity strategy.

How to Secure Your Modern Corporate Perimeter with Endpoint Security

Protecting the corporate perimeter in today’s digital landscape is a complex task. Join our on-demand webinar to explore how to secure your modern corporate perimeter using advanced endpoint security solutions. Industry-leading experts will share their knowledge and provide practical tips for implementing effective endpoint security measures.

Reducing Downtime in ICS and OT: A Guide to Cyber Readiness and Response

Industrial control systems (ICS) and operational technology (OT) environments are vulnerable to cyber threats that can cause significant downtime and disruptions. This on-demand webinar offers a comprehensive guide to enhance cyber readiness and response in ICS and OT environments. Learn best practices for detecting, mitigating, and recovering from cyber incidents to minimize downtime and optimize operational resilience.

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Effective incident response is crucial for minimizing the impact of cyber incidents and protecting your business. Join our on-demand webinar to explore the four key cybersecurity measures that organizations should implement to bolster their incident response capabilities. Learn from real-world examples and gain practical insights into developing a robust incident response plan.

Forward-Thinking Practices to Manage IT Risk

Managing IT risk is essential for organizations to protect their critical assets and maintain operational continuity. In this on-demand webinar, experts will share forward-thinking practices for effective IT risk management. Discover strategies for identifying and mitigating IT risks, ensuring compliance, and creating a resilient cybersecurity framework.

Vulnerability Management: Why a Risk-Based Approach is Essential

Vulnerability management plays a vital role in a proactive cybersecurity strategy. This on-demand webinar explores why adopting a risk-based approach to vulnerability management is essential for organizations. Gain insights into effective vulnerability management techniques and learn how to prioritize vulnerabilities based on the potential impact they pose to your business.

Nation State Cyber-Attacks in the News: How Do They Affect You?

Nation-state cyber attacks continue to dominate the news headlines, and their implications can be far-reaching. Join our on-demand webinar to understand how nation-state cyber attacks can affect your organization and explore effective strategies for defending against these advanced threats. Stay informed and be prepared to mitigate the potential risks posed by nation-state actors.

Embracing ChatGPT: Unleashing the Benefits of LLMs in Security Operations

Language models such as ChatGPT have the potential to revolutionize security operations by augmenting human analysts’ capabilities. In this on-demand webinar, explore the benefits of using large language models (LLMs) like ChatGPT in security operations. Learn how LLMs can streamline threat intelligence analysis, incident response, and other security tasks to enhance operational efficiency.

How to Enhance Information Security Resilience with the New ISO/IEC 27001 Standard

Information security resilience is crucial for organizations to withstand and recover from cyber attacks and other security incidents. Join our on-demand webinar to discover how the new ISO/IEC 27001 standard can help enhance your organization’s information security resilience. Gain insights into the latest best practices and techniques for building a robust and adaptable security framework.

Identify How Cyber Criminals Use Generative AI in Business Email Compromise (BEC) Attacks

Generative AI techniques have empowered cyber criminals to launch sophisticated Business Email Compromise (BEC) attacks. In this on-demand webinar, experts will identify how cyber criminals leverage generative AI in BEC attacks and share strategies for detecting and mitigating these threats. Stay ahead of the curve and protect your organization against this evolving form of cyber crime.

What’s hot on Infosecurity Magazine?

CISA Unveils Healthcare Cybersecurity Guide

The Cybersecurity and Infrastructure Security Agency (CISA) has recently unveiled a comprehensive guide to healthcare cybersecurity. This guide provides healthcare organizations with valuable insights and recommendations to enhance their security posture against cyber threats. As the healthcare industry becomes increasingly targeted by malicious actors, implementing the guidelines outlined in this guide is crucial to safeguard patients’ sensitive data.

US Cybersecurity Lab Suffers Major Data Breach

In a significant breach, a US cybersecurity lab has fallen victim to a major data breach. This incident highlights the vulnerabilities even within organizations dedicated to cybersecurity. It serves as a reminder of the constant vigilance required by all organizations to protect against cyber threats and underscores the importance of effective cybersecurity measures and incident response planning.

NCSC Announces New Standard For Indicators of Compromise

The National Cyber Security Centre (NCSC) has announced a new standard for indicators of compromise (IoCs). This standard aims to improve the detection and response capabilities of organizations by establishing a framework for identifying and sharing information about cyber threats. By adopting this standard, organizations can enhance their cybersecurity posture and effectively combat evolving cyber threats.

Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit

Russia’s APT29 cyber espionage group has recently been targeting embassies using the Ngrok and WinRAR exploit. This sophisticated attack raises concerns regarding the security of diplomatic channels and the potential implications it may have on international relations. Government agencies and security experts are taking measures to mitigate the impact of this cyber threat.

Cybersecurity Executive Pleads Guilty to Hacking Hospitals

In a shocking development, a cybersecurity executive has pleaded guilty to hacking hospitals. This incident highlights the insider threat that organizations face, emphasizing the importance of strict access controls and employee monitoring. It serves as a reminder that cybersecurity must be a top priority and that organizations must remain vigilant against both external and internal threats.

Infostealer Lumma Evolves With New Anti-Sandbox Method

Infostealer Lumma, a notorious malware known for stealing sensitive information, has evolved with a new anti-sandbox method. This advancement in malware techniques poses a significant challenge for security professionals, as it allows the malware to evade detection and analysis in sandbox environments. Organizations must stay updated on emerging malware trends and implement advanced threat detection mechanisms to mitigate the risks posed by evolving threats.

British Library: Ransomware Recovery Could Take Months

The British Library, one of the world’s largest libraries, has revealed that the recovery process from a ransomware attack could take months. This delay underscores the complex nature of ransomware attacks and the extensive damage they can cause. It serves as a stark reminder for organizations to establish robust cybersecurity measures and develop comprehensive incident response plans to minimize the impact of such attacks.

Black Friday: Malwarebytes Warns of Credit Card Skimming Surge

As Black Friday approaches, security experts are warning about a surge in credit card skimming attacks. Cybercriminals take advantage of the increased online shopping activity during this holiday season to steal payment card information from unsuspecting victims. Shoppers are advised to exercise caution and ensure they are making purchases from reputable and secure websites to protect their financial information.

CSA Launches First Zero Trust Certification

The Cloud Security Alliance (CSA) has launched the first-ever zero trust certification program. Zero trust architecture is gaining traction as a proactive approach to cybersecurity, and this certification will enable organizations to assess and validate their zero trust implementations. Embracing zero trust principles can significantly enhance an organization’s overall security posture and protect against both internal and external threats.

Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams

The cyber skills gap continues to widen, with estimates suggesting that it has reached 4 million unfilled positions globally. This alarming statistic highlights the critical shortage of cybersecurity professionals, which has serious implications for organizations’ abilities to defend against cyber threats effectively. Additionally, recent layoffs in security teams have further exacerbated the skill shortage, making it imperative for organizations to invest in training and recruitment initiatives to bridge this gap.

Black Friday: Scammers Exploit Luxury Brands to Lure Victims

As Black Friday approaches, scammers are increasingly exploiting the popularity of luxury brands to deceive unsuspecting victims. By impersonating well-known luxury brands, these scammers lure victims into providing sensitive information or making fraudulent purchases. Consumers must remain vigilant, question suspicious offers, and only engage in online transactions with trusted retailers.

ICBC and Allen & Overy Hit By Ransomware

ICBC, one of the world’s largest banks, and Allen & Overy, a prominent law firm, have both fallen victim to ransomware attacks. These high-profile attacks highlight the indiscriminate nature of ransomware threats and the potential impacts on critical industries. Organizations must prioritize cybersecurity measures, including regular backups, network segmentation, and employee training, to mitigate the risks of ransomware attacks.