• In late 2021, the Open Web Application Security Project® (OWASP®) Foundation released a revised list of the 10 most critical security risks to web applications. The OWASP Top 10 list is the foundation’s flagship project for guidance on securing web applications. (ISC)² hosted a webinar in which Byron McNaught from the application security company F5 discussed key changes in the Top 10 and how to use the list as a foundation for protecting applications. The webinar highlighted the fact that while the OWASP Top 10 had remained largely unchanged for nearly 20 years, the 2021 version included significant updates. For example, the list previously focused on traditional web applications but now includes modern application architectures. This particular update takes into

    Aug 10,
  • On July 21, The National Institute of Standards and Technology (NIST) published revised Special Publication 800-66, “Implementing the [HIPAA] Security Rule: A Cybersecurity Resource Guide,” and is accepting comments on the revised draft guidance until September 21.  (ISC)² is encouraging members with expertise in this area to submit their comments on the proposed changes to NIST prior to deadline. This updated guidance is aimed at helping healthcare organizations that fall under the regulatory umbrella of the Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule. According to NIST, the updated NIST SP 800-53’s latest draft has mapped all the elements of the HIPAA Security Rule to the Cybersecurity Framework subcategories. NIST describes these changes as a refresh rather than an overhaul and an emphasis has

    Aug 09,
  • The (ISC)² Security Congress 2022 theme is EMPOWER and together, we intend to do just that! Empower your future by joining thousands of leading cybersecurity experts from around the world October 10-12 to collaborate in- person at Caesars Palace in Las Vegas, NV or virtually from your home or office.    Join us as we empower a safer, more secure cyber world with 100+ inspiring sessions covering topics such as: cloud security, human factors, information security management, cyber crime, data protection, mobile security, ransomware, Zero Trust and many more. Once registered, search by your topic of interest to strategically plan out your daily schedule using the agenda.    You won't want to miss the dynamic keynote presentations from Ciaran Martin, Robert

    Aug 08,
  • High profile ransomware attacks, vulnerabilities in popular technology products and a widespread investment scam in Europe. Here are the latest cybersecurity threats and advisories for the week of August 5, 2022. Threat Advisories and Alerts Critical Vulnerability Found in VMware Products VMware has released a security update to patch a critical vulnerability in several of their products, including VMware Workspace ONE Access, vRealize Automation and Identity Manager. If the vulnerability isn’t patched, bad actors with network access could obtain admin privileges. VMware customers using the affected products are recommended to upgrade to the latest version immediately. ​​Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-033 CISA Warns of Confluence Security Flaw CISA has added the recent Atlassian security flaw (CVE-2022-26138) to its catalog of Known Exploited Vulnerabilities.

    Aug 05,
  • (ISC)² Security Congress is the must-attend cybersecurity conference delivering high-value education, training and networking to attendees for over a decade. “The grown-up version of Black Hat”, according to IT Pro, cybersecurity experts from all over the supply chain gather at Security Congress to share their ideas, challenges and goals, plus discuss the future of the industry. You can expect to encounter representatives from all sectors of the field, from vendors to public officials and CEOs to students. (ISC)² Security Congress is a collaborative mind meld that will leave you feeling empowered and engaged in the cybersecurity community.   If it’s your first time attending, you can expect to build new relationships and gain a heightened knowledge of vulnerabilities while expanding your

    Aug 05,