By Joe Fay The U.K. writes a cybersecurity prescription for the NHS and for social care, data protection hardware is becoming a big security gap, security specialist MITRE partners up to tackle supply chain security threats, while the E.U. turns its cyber attention to transport.  UK Prescribes Dose of Cyber Security for Health Service  The U.K. government has sketched out a strategy to protect the National Health Service from cyberattacks. The plan, which also covers social care services, has five key pillars, including identifying areas where disruption could produce the most harm to patients, building unified responses, and embedding security into the framework of emerging technology. Full details will be laid out this summer, with the strategy implemented over the

This March, Women’s History Month, we shared the legacy of Grace Hopper and her trailblazing innovations in software development and computing, highlighted the must-watch webinars by in cybersecurity and met with cyber newcomer and (ISC)² Candidate Nidhi Kannoujia on the (ISC)² Blog. We also asked a group of volunteer members to share their experiences working in cyber and to offer some insights into their careers so far, along with their aspirations. You can find their shared experiences in (ISC)² Listens: Women Working in Cybersecurity.  To wrap up the month, we collected some key statistics that focus on women in cybersecurity today from the 2022 (ISC)² Cybersecurity Workforce Study.  According to study respondents, 30% of women and 18% of non-white employees

By John E. Dunn  Nobody predicted how rapidly AI chatbots would change perceptions of what is possible. Some worry how it might improve phishing attacks. More likely, experts think, will be its effect on targeting.  Much has been said about the game-changing abilities of ChatGPT since it was launched in November 2022. One of the most interesting is that the chatbot will prime a new generation of sophisticated phishing attacks, still the most important technique cybercriminals use to harvest user credentials and personal identifiable information (PII).  ChatGPT, of course, is not the only chatbot that uses a machine learning large learning model (LLM) that could be abused through its web interface or API. There are at least half a dozen

By John Weiler   FBI arrests Breached hacking forum leader, smartphones hijacked without any user involvement and 330,000 customers compromised in Australia by a data breach. Here are the latest threats and advisories for the week of March 24, 2023. Threat Advisories and Alerts  CISA and FBI Release Advisory on LockBit Ransomware  The U.S. Federal Bureau of Investigation (FBI) and U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) #StopRansomware campaign continued last week, this time with an advisory for today’s most notorious ransomware gang: LockBit. The cybergroup’s prolific attack spree has been responsible for 52% of all ransomware attacks worldwide and struck major organizations, like Royal Mail, Accenture and Ion Trading. LockBit 3.0 functions as a Ransomware-as-a-Service (RaaS) model and an affiliate-based

Red Team 2, Ferrari 0?  Italian luxury sports car maker Ferrari has warned its small but extremely wealthy list of customers that their personal information may have been exposed in a “cyber incident.” The apparent data grab was disclosed five months after the supercar icon denied it had been breached when the RansomEXX group posted 7GB of information it claimed to have stolen from Ferrari. The data released in October included internal documents, including data sheets and repair manuals.  The firm announced on March 20, 2023, that it “was recently contacted by a threat actor with a ransom demand related to certain client contact details.” We asked Ferrari if the two incidents are related or not. However, we have not