Microsoft security updates, Trojans attack Google and the SEC announces enforcement action for SolarWinds….Here are the latest threats and advisories for the week of November 11, 2022. Threat Advisories and Alerts FBI Announces That Hacktivist DDoS Attacks Can Have Minimal Impact As Russian military attacks on Ukraine continue, hacktivists are using DDoS attacks to target critical infrastructure companies. The FBI has released a notification emphasizing that these attacks can have minimal impact with the right mitigations. Hacktivists often try to exaggerate and publicize the severity of their attacks by posting about them in the news and on social media. Their actions often cause greater psychological impact on victims than disruption of services. See the FBI notification in the link below

By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd. (ISC)² Security Congress 2022 was a huge success with engaging speakers from around the world filled with insights. The theme of this year’s event was Empower a Safer, More Secure Cyber World and they certainly inspired many to do so. In this blog, we would be sharing the excerpts from Top Cloud Security Fails and How to Avoid Them delivered by Karl Ots, CISSP, Head of Cloud Security, EPAM and Linkedin Learning Instructor. (ISC)² Security Congress attendees can earn CPE credits by watching this and all other sessions from the event on-demand. According to Karl, “Data breaches are more likely to happen because of mis-configured cloud services

Regardless of what the economy or job market is doing, a career in cybersecurity promises near limitless possibilties. And with the current threats to cyber stability around the world, there’s never been a greater urgency for cybersecurity professionals. The latest research reveals a formidable gap in available talent — the workforce needs an influx of 2.7 million cybersecurity professionals to meet global demand.1 The data is obvious in its message. Cybersecurity is in dire need of skilled professionals and it’s costing organizations money. A recent study finds 64% experienced breaches that resulted in lost revenue and/or fines in the past year.2 A key contributor to the challenges? The difficulty finding and retaining qualified cybersecurity professionals, according to the study: 60%

Cyberattacks on Dropbox, Europe’s biggest copper producer and another Australian business make this week’s headlines. Here are the latest threats and advisories for the week of November 4, 2022. Threat Advisories and Alerts Google Chrome Suffers Seventh Zero-Day Vulnerability of the Year Google has released an emergency update for its Chrome web browser to address its seventh zero-day vulnerability (CVE-2022-3723) of the year. If the security flaw is exploited, attackers could perform remote code execution, access memory regions that could crash applications or read sensitive information of other apps. Google Chrome users are advised to update their browsers immediately.  Source: https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html Patches Released for Two High-Severity OpenSSL Vulnerabilities The popular cryptography library OpenSSL has released an update to address high-severity

The 2022 (ISC)² Cybersecurity Workforce Study revealed a global workforce gap of 3.4 million professionals. While 55% of respondents believe diversity will increase among their teams within two years, it is no surprise that diversity in the cybersecurity industry is still lacking. To bridge the gap and effectively secure information and assets, we need to cast a wider net and embrace greater diversity within the profession – specifically, enabling individuals from all backgrounds to join the field and equip them with the right tools to succeed in their cybersecurity career journey. To empower individuals to continuously grow in their cybersecurity careers, this week, (ISC)² announced five global partnerships to support diversity, equity and inclusion initiatives. These partners include: Australian Women