October Cybersecurity Awareness Month Register TODAY for free, exciting, and engaging Cybersecurity Awareness Month Virtual Activities.Held every October, Cybersecurity Awareness Month is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. University of Maryland Global Campus and the Center for Security Studies are proud to be champions in support of this essential online safety, awareness, and education initiative.Click here for more information.
- Oct 06,
Position: Cybersecurity Senior Specialist #5373 Department: Cybersecurity / Information Assurance / Governance, Risk and Compliance Position Description: Cybersecurity Senior Specialist Salary: $89,820 - $134,722 Link to Apply: https://sen.gov/729V Posting Date: Wednesday, September 30, 2020 Deadline Date: Until Filled
Oct 01,This white paper examines two recent case studies of criminal attacks against critical financial infrastructure and local government information. Both attacks had direct costs for the victim organizations, and second-order effects were felt by the organizations’ clients that suffered potential identity theft. This paper provides technical recommendations, including practices to mitigate future attacks, to organizational management and information security practitioners. These case studies are cautionary tales - of many in 2019 – that are informative lessons for examination by security professionals who want to improve their defenses, policies, practices and core capabilities.About the AuthorsTravis Howard, CISSP, and (ISC) National Capital Region chapter member is an active duty U.S. Naval officer specializing in information warfare, currently assigned to the Pentagon in
Oct 23,We are pleased to introduce two new opportunities for members in good standing to receive tuition assistance or ISC2 exam registration fee assistance. We look forward to you taking advantage of these opportunities as outlined below. Submission instructions can be found in the online application.If you have additional questions, please forward them to bod@isc2ncrchapter.org; Attention: Dr. Loyce Best Pailen, CISSP, ISC2-NCR – Education Chair For Tuition Assistance applicants must submit the following documents: A complete Application Form (see link below)A well-written, one-page (double-spaced) ESSAY, in Section 3 of the application form, clearly articulating “WHY YOUR APPLICATION SHOUD BE CONSIDERED FOR THIS SCHOLARSHIP.”A current resume or curriculum vitae (CV).Copy of recent university transcripts with a 2.5 minimum GPA (official transcript may
Sep 15,Register to attend CyberMaryland 2018 to hear industry leaders—including UMUC faculty—talk about the job of a chief information security officer (CISO). At the UMUC-sponsored Education Track (What CISOs Worry About), you can hear insights from academic leaders and professionals in the public and private sectors as they discuss how the right certifications, training, and education can help prepare you to deal with threats and job concerns.At this event, you can:• Hear from industry thought leaders including UMUC's own Dr. Lawrence Awuah and Dr. Balakrishnan Dasarathy• Network with CISOs from the public and private sectors and find out how their education got them where they are• Talk to former and current students, including members of the UMUC Cyber Padawans - the
Sep 13,Dear (ISC)² National Capital Region Chapter member, As a member of the NCR Chapter, you are eligible to receive a 10% discount on (ISC)² Direct Training Seminars. The upcoming local (ISC)² Direct Training Seminars are: CCSP and CAP Stafford, Virginia July 16 – 20 HCISPP and CSSLP Stafford, Virginia July 23 – 27 While the focus is on classroom-based, instructor-led training, if you are only able to attend remotely, you can get a 10% discount on recorded sessions, which are available at www.isc2.org under the “Education & Training” tab. All (ISC)² Direct instructor-led training comes with an Education Guarantee. This means that if you attend an (ISC)² Direct instructor-led training seminar and happen to be unsuccessful in your exam attempt,
Jun 27,Greetings, As an active (ISC)2 NCR chapter member you are eligible for a 15% discount to the ISC2 Secure Summit DC event being held on May 7th and 8th. Just enter the coupon code ”Chapter18” when checking out.Here’s a link to the event:http://www.cvent.com/events/securesummitdc/event-summary-a73abe5f2a50473fa0f143415094cbb9.aspxIf you attend, please be sure to visit our Chapter’s vendor booth.We hope to see you there!
Apr 13,By Joe Fay Not even a pyramid scheme – they just convince people to give away their money. A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the video platform’s safety team, researchers at WithSecure have said. The network used YouTube to post and boost videos encouraging victims to take part in fraudulent USDT (Tether) cryptocurrency investment schemes. Users were promised lucrative returns when they moved cryptocurrency from their wallets into wallets associated with the “apps” highlighted in the videos. WithSecure Intelligence Researcher Andy Patel tracked over 700 URLs hosting the suspect apps, although thousands more could be implicated. Patel said his analysis during the latter half of
Feb 28,By Joe Fay Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok. Australia to Overhaul Cybersecurity Rules The Australian government is overhauling its approach to cybersecurity and will create a new agency to coordinate responses to cyberattacks and manage investment. The plans follow publication of a discussion paper on cybersecurity following recent high-profile attacks, including one that affected telco Optus. The minister for home affairs, Clare O’Neil, described the current regime as “bloody useless.” AT&T Selling a Cybersecurity Business, Trend Micro Buying One AT&T plans to offload its cybersecurity division. The
Feb 28,As part of its expanded diversity, equity and inclusion (DEI) initiative, (ISC)² and its partner, BUiLT (Blacks United in Leading Technology, Inc.), are releasing four new toolkits aimed at increasing the number of Black and underrepresented professionals entering, staying and advancing in the cybersecurity profession. “Diversity continues to lag in the tech and cyber industries – and in order to meet the workforce gap head on, we need to create racial equity by helping the Black community explore new career possibilities within these fields,” said Peter Beasley, executive director and chairman of the board, BUiLT. “Partnering with (ISC)² encourages a shift we need – to convert, train and educate adults already in the workforce to meet the open roles in
Feb 27,An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023. Threat Advisories and Alerts NCSC Provides Recommendations on Supply Chain Security As the recent ransomware attack on ION Trading revealed, supply chain attacks can be devastating to a business and have knock-on effects for suppliers and customers alike. The U.K. National Cyber Security Centre recently published guidance on the topic to help companies address supply chain cyberthreats. The article provides detailed security recommendations, including how companies can map their supply chains, the type of supplier information to gather and how to address subcontractors in
Feb 24,By John E. Dunn Forget vanilla phishing attacks – cybercriminals today have much more interesting tricks up their sleeves. MFA Fatigue Attacks When push notification via smartphone first appeared, it looked as if the industry had finally found a type of MFA that was both easy to use while being more secure than rivals such as SMS one-time passwords (OTPs). Recently, attackers have dented this reputation with a series of simple MFA fatigue attacks. After using stolen credentials, these bombard users with repeat push notifications in the hope a few will agree to make the barrage stop. Several large companies have been successfully targeted this way. The mitigation is a combination of education – few users have even heard of
Feb 24,