By John E. Dunn  It’s been nearly seven years since the 1.1 revision of NIST’s Cybersecurity Framework. What might be coming in version 2.0?   Since its release in 2014, NIST’s Cybersecurity Framework (CSF) has grown into the one of the world’s most influential cybersecurity references for best practice and planning.  In January, the world finally caught sight of the draft CSF Concept Paper that will form the basis of the next version 2.0 overhaul due for release around mid-2023.    From this draft, it is clear that the CSF is developing fast, taking on new and much wider ambitions since the version 1.1 refresh in 2016. The first and perhaps most significant of these is what NIST calls “increased international collaboration engagement.”

By Joe Fay Derivatives traders, trainer trainers, and finger lickers all hit by ransomware. Russian hackers lash out after Ukraine tanks deal announced. Apple patches decade old devices.   ION Markets Hit by “Cyber Security Event”  Dublin-based data and software firm ION Markets has been hit by a “cyber event” which has had a knock-on effect on financial futures and derivatives markets worldwide. The attack is thought to have been ransomware related. ION Markets said the attack on its ION Cleared Derivatives division was “contained to a specific environment”, all the affected servers are disconnected, and remediation of services is ongoing. Traders were left having to complete business manually.  https://iongroup.com/press-release/markets/cleared-derivatives-cyber-event/  Hackers target trainers, fast food giants  Sportswear retailer JD Sports said

Digitization has evolved to include cloud computing in the delivery of computing services, reduction of costs, improvement of agility, and cloud security. The emergence of various cloud solutions has led organizations towards migrating assets from on-prem to the cloud with further diversifying by using multicloud and hybrid solutions to satisfy customers' needs. Multicloud is on the rise, and organizations are rapidly turning to the idea of multicloud strategies, with some even dedicating a cloud to run single applications. COVID-19 has sped up migration to cloud computing, and organizations choosing to work with multiple cloud service providers for diverse reasons create room for individuals with the proper certifications. The top reasons businesses implement multicloud solutions are better security, flexibility, and customer

Cybercriminals for hire, Hive ransomware is busted and the JD Sports breach impacts millions of sportswear buyers. Here are the latest threats and advisories for the week of February 3, 2023.   Threat Advisories and Alerts  U.S. Security Agencies Warn of Malicious Use of RMM Software  A joint cybersecurity advisory issued by the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) warns that legitimate remote monitoring and management (RMM) software is being used for malicious purposes. After cybercriminals gain access to target networks, they use the software as a “backdoor for persistence and/or command and control (C2),” warned the agencies. Network defenders are encouraged to view the full advisory

Dependence on the cloud in the modern era is no secret. The growth in cloud applications for both professional and personal use has proved unrelenting as critical applications and services are made solely available through cloud access. In a press release, Gartner predicted a 20.4% increase in end-user spend on cloud applications in 2022, and forecasts another 20% growth in 2023. As spend increases, so does availability, creating an ongoing chicken-and-egg dynamic that will only strengthen the need for robust security measures. The Importance of Cloud Security Despite its ubiquity, cloud adoption remains a point of concern for many organizations. Moving from on prem to cloud-based applications often brings a sense of fear or lack of control, generating anxiety particularly