• Romance scams, high-profile attacks on major U.S. companies and an inside look at Royal Mail/Lockbit negotiations. Here are the latest threats and advisories for the week of February 17, 2023. Threat Advisories and Alerts U.S. And South Korean Governments Publish Advisory on Healthcare Cyberattacks In light of the rise in ransomware attacks on U.S. and South Korean healthcare networks, a group of six government agencies, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Republic of Korea (ROK) National Intelligence Service (NIS), released a joint advisory highlighting the trend. North-Korean state-sponsored actors, who are believed to be behind the attacks, demand payment in cryptocurrency and reportedly use their earnings to fund further cyber operations against U.S. and South

    Feb 17,
  • By Joe Fay  Resiliency is the endgame of the U.S. approach to internet and software security.  The U.S. has a vested interest in creating a secure and resilient internet and software ecosystem, even if it means its “adversaries” also benefit, a White House cybersecurity leader told the State of Open Conference in London late last week.  During a panel session on international security policy, Sal Kimmich, director of open source at EscherCloudAI, AI DevSecOps, said researchers uncovering vulnerabilities could face pressure from nation states, and there needs to be a way of protecting them.  Microsoft director of open source strategy, Sarah Novotny, added, “You have to align incentives and a nation state offering incentives for Zero Day is a really

    Feb 17,
  • Cybersecurity will defy the tech recession hurting other job roles in 2023, c-suite survey suggests.   Every department loses good people in a recession or economic downturn, unless you work in cybersecurity in 2023 it seems. According to a new (ISC)² report and survey of 1,000 global c-suite executives in the U.S., U.K., Germany, Japan, and Singapore, cybersecurity will be the best place to work in the year ahead as job losses hit other departments and job roles. The report, How the Cybersecurity Workforce Will Weather a Recession, assesses the impact of a potential economic downturn on cybersecurity teams.  Across the regions surveyed, 42% of managers predicted cybersecurity headcount would increase, 46% thought it would remain the same, with only 10% believing it

    Feb 16,
  • Effective today, the (ISC)² Certified Authorization Professional (CAP) certification is known as the Certified in Governance, Risk and Compliance (CGRC)TM. This name better represents the knowledge, skills and abilities required to earn and maintain this certification. Those who earn and hold the CGRC have the knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within the organization while helping the organization achieve objectives, address uncertainty and act with integrity. CGRC professionals can align IT goals with organizational objectives as they manage cyber risks and achieve regulatory needs. They utilize frameworks to integrate security and privacy with the organization’s overall objectives, allowing stakeholders to make informed decisions regarding data security and privacy risks.  If you’re thinking of

    Feb 15,
  • By Joe Fay NHS still recovering from ransomware incidents. Network firm employee confesses to data extortion, as U.S. cyber ambassador admits their Twitter account was hacked as the President turns to industry leaders to advise him. NHS Still Reconnecting After 2022 Lockbit Attack on Supplier Just how disruptive ransomware can be was illustrated this past week, six months after an attack on UK health software supplier Advanced. The attack on Advanced first emerged in August 2022, causing disruption across a range of NHS services. Health and secondary care minister Will Quince said that while most affected NHS organizations were up and running or in “in the restoration phase” some are “still undergoing reconnecting”. The recovery had affected the gathering of

    Feb 15,