Vulnerabilities in popular tech, major WordPress plugin attacks and phishing, highlight this week’s cybersecurity news. Here are the latest threats and advisories for the week of September 16, 2022. Threat Advisories and Alerts Security Updates Released for Apple Zero-Day Vulnerabilities For the eighth time this year, Apple has addressed zero-day vulnerabilities in its Mac and iPhone operating systems. The vulnerabilities apply to Safari 16,  iOS 15.7, iOS 16, macOS Monterey 12.6, macOS Big Sur 11.7 and iPadOS 15.7. Threat actors could exploit the flaws to take control of affected devices. Users of these products are recommended to apply the security updates immediately. Source: https://www.cisa.gov/uscert/ncas/current-activity/2022/09/13/apple-releases-security-updates-multiple-products Microsoft’s September Patch Tuesday Addresses 63 Vulnerabilities In this month’s Patch Tuesday, Microsoft fixes 63 vulnerabilities,

Closing the gender and diversity gap in cybersecurity is critical if the profession is serious about addressing its current workforce crisis. (ISC)² estimates that the Cybersecurity Workforce Gap currently stands at 2.72 million professionals globally, but women only make up roughly 25% of the cybersecurity industry, compared to at least 40% of the global workforce. Every year, the SC Media Women in IT Security program celebrates significant contributions of those who have faced these challenges and made a positive impact on the advancement of cybersecurity in government or the private sector. (ISC)² CEO Clar Rosso was recognized as an advocate for her work in expanding and nurturing a new generation of cybersecurity practitioners. In an article announcing the honorees, Jill

We look forward to seeing you in the Exhibit Hall, the heart of Security Congress. On-site, we will be filling up the Octavius Ballroom at Caesars Palace with 30+ partners, sponsors and exhibitors and can’t miss events.  Kick off your first day of the conference as the Exhibit Hall doors open at 9:30 a.m. or pop by on one of your networking breaks. Partners will be on-site throughout the day on Monday and Tuesday to engage with you. Be sure to collect your Passport to Prizes card at the (ISC)² booth and keep it with you as you travel through the Exhibit Hall. Visit select vendors and get your passport card stamped for a chance to win big in Vegas! 

Earlier this year, (ISC)² hosted a webinar about a new kind of challenge facing cybersecurity: machine identity management. Although this security component has only received sizable attention over the last couple of years, Gartner ranked it among the top eight security trends for 2021. In the webinar, Kevin Bocek, Vice-President of Security Strategy & Threat Intelligence for Venafi, discussed the problems that arise when machine identities fail, infamous machine identity attacks and the protective measures organizations can take. Machine identities – TLS, SSH, and code signing keys and certificates – control encryption, authentication, and code execution for software-based machines such as: Load balancers and application servers Open-source software Microservices Service meshes Kubernetes Cloud-to-cloud integrations API to API integrations Distributed ledger

A ransomware onslaught, a massive IRS data leak and cyberattacks on public transit and school systems…. Here are the latest threats and advisories for the week of September 9, 2022. Threat Advisories and Alerts Ransomware Group Vice Society Preys on School Systems The FBI, CISA and the MS-ISAC are now warning educational institutions of an uptick in ransomware attacks by the cybercriminal group Vice Society. Ransomware can wreak havoc on a school, causing canceled school days, delayed exams and theft of personal student information. With children returning to school in many parts of the world at this time after summer breaks, attacks are expected to increase. To mitigate them, educational institutions are advised to maintain offline data backups, review the