By John Weiler  Microsoft patches the “aCropalypse” vulnerability, ChatGPT leaks users’ billing information and the Latitude Financial breach expands to 14 million records. Here are the latest threats and advisories for the week of March 31, 2023. Threat Advisories and Alerts  FBI Alerts U.S. Companies of Email Scam Targeting Commercial Goods  The U.S. Federal Bureau of Investigation (FBI) has warned companies of a new type of business email compromise (BEC) fraud. Threat actors are impersonating known and reputable U.S.-based companies by spoofing email domains and display names of employees to place large orders for material goods without paying upfront. When vendors try to collect payment, they find that the purchaser was an impersonator using fake credentials or credit references.   Windows

Looking to earn your (ISC)² CISSP certification? Make sure you follow these updated steps to register for your exam. Here is how you can register for the CISSP exam: Log in to your account at www.isc2.org and visit the Register for Your Certification Exam If you don’t have an (ISC)² account, you’ll need to create one before you register for your CISSP exam. We recommend signing up as an (ISC)² Candidate so you can take advantage of discounted CISSP training and other benefits. You’ll then visit https://my.isc2.org/s/ISC2-Pearson to fill out your Exam Account Information form. Once completed, review for accuracy to ensure it matches your required identification that you’ll provide at your test center. Submit the form and then you’ll

Anxiety about the security of hot wallets grows as General Bytes customers are hit by a zero-day flaw in the company’s Bitcoin ATMs.  By John E. Dunn  It’s fair to say that crypto has an image problem. What it didn’t need was a Bitcoin ATM (BATM) hack to generate even more bad publicity.  Unfortunately, that’s exactly what happened on March 17-18, according to General Bytes, one of the best-known makers of BATMs on the market. Hackers exploited a zero-day flaw in a video interface that’s part of the General Bytes CAS server platform to steal 56 Bitcoins (worth $1.5 million) and a small volume of Ethereum from customers running the BATMs.  The attacker first identified BATMs running vulnerable CAS servers and

Today, all members should’ve received an email with a link to a survey inviting feedback on the (ISC)² 2023 Bylaws which closes on April 7, 2023. The URL starts with https://schlesinger.focusvision.com/. We encourage all members to read the bylaws located on the (ISC)² Governance webpage. The (ISC)² Bylaws set forth the rules concerning the operation of our association and actions of our members. It guides how our Board of Directors and staff manage our nonprofit corporation. The (ISC)² Amended and Restated Bylaws establish fundamental principles about key governance policies, members’ rights and Board operations.  As (ISC)² begins the 2023 Bylaws review process, the Board of Directors are looking for feedback from the membership. This will allow members to provide input and

By Joe Fay The U.K. writes a cybersecurity prescription for the NHS and for social care, data protection hardware is becoming a big security gap, security specialist MITRE partners up to tackle supply chain security threats, while the E.U. turns its cyber attention to transport.  UK Prescribes Dose of Cyber Security for Health Service  The U.K. government has sketched out a strategy to protect the National Health Service from cyberattacks. The plan, which also covers social care services, has five key pillars, including identifying areas where disruption could produce the most harm to patients, building unified responses, and embedding security into the framework of emerging technology. Full details will be laid out this summer, with the strategy implemented over the