Cyberattacks on the video game industry, big-name brand data breaches and the Tea Pot gangster make headlines this week. Here are the latest threats and advisories for the week of September 23, 2022. Threat Advisories and Alerts Iranian Cybercriminals Target Western Nations Bad actors associated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) have been exploiting Microsoft Exchange, Fortinet and VMware Horizon Log4j vulnerabilities. The attacks have hit critical US infrastructure sectors as well as Canadian, Australian and U.K. organizations. Rather than targeting specific sectors or entities, the cybercriminals are exploiting known vulnerabilities on unprotected networks to extort data and encrypt discs in support of their ransom operations. Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-257a Cybercriminals Steal Millions via Healthcare Payment Processors The FBI

The Deadline is Approaching, Your Voice Can Make a Difference in Protecting Privacy The U.S. Federal Trade Commission (FTC) is looking for public input regarding new cybersecurity regulations. (ISC)² members and trained cybersecurity professionals can provide valuable insight into best practices in protecting people’s privacy.   The FTC is seeking public comment on whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies collect, aggregate, protect, use, analyze, and retain consumer data, as well as transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive.  On August 22, the Federal Trade Commission (FTC) published its advance notice of proposed rulemaking (ANPR). This is a request for public

This year’s (ISC)² Security Congress will feature increased opportunities to network with your peers and will be engaging whether you are joining in-person or virtually. We are looking forward to our first ever hybrid Security Congress where we will be live streaming across the globe from Caesars Palace in Las Vegas. Whether you have attended in the past or are gearing up for your first (ISC)² event, this year’s Security Congress has something fun for everyone! In addition to the 100+ educational sessions throughout the live event, you will hear from dynamic keynote speakers and learn about new products from vendors in the Solutions Theater. Attendees can make new friends and continue the day’s conversation with a dose of healthy

Vulnerabilities in popular tech, major WordPress plugin attacks and phishing, highlight this week’s cybersecurity news. Here are the latest threats and advisories for the week of September 16, 2022. Threat Advisories and Alerts Security Updates Released for Apple Zero-Day Vulnerabilities For the eighth time this year, Apple has addressed zero-day vulnerabilities in its Mac and iPhone operating systems. The vulnerabilities apply to Safari 16,  iOS 15.7, iOS 16, macOS Monterey 12.6, macOS Big Sur 11.7 and iPadOS 15.7. Threat actors could exploit the flaws to take control of affected devices. Users of these products are recommended to apply the security updates immediately. Source: https://www.cisa.gov/uscert/ncas/current-activity/2022/09/13/apple-releases-security-updates-multiple-products Microsoft’s September Patch Tuesday Addresses 63 Vulnerabilities In this month’s Patch Tuesday, Microsoft fixes 63 vulnerabilities,

Closing the gender and diversity gap in cybersecurity is critical if the profession is serious about addressing its current workforce crisis. (ISC)² estimates that the Cybersecurity Workforce Gap currently stands at 2.72 million professionals globally, but women only make up roughly 25% of the cybersecurity industry, compared to at least 40% of the global workforce. Every year, the SC Media Women in IT Security program celebrates significant contributions of those who have faced these challenges and made a positive impact on the advancement of cybersecurity in government or the private sector. (ISC)² CEO Clar Rosso was recognized as an advocate for her work in expanding and nurturing a new generation of cybersecurity practitioners. In an article announcing the honorees, Jill