Blog

We are less than 200 days away from the 2023 (ISC)² Security Congress conference. Our team is hard at work reviewing the presentations many of you submitted for breakout sessions this year. This year’s event will feature more than 100 educational sessions, compelling keynotes and peer-to-peer knowledge exchanges over two and a half days.   Stay tuned for keynote announcements, as well as the full conference agenda, which will be released this summer. The theme for this year is Lead with Confidence and the following tracks will be featured:  Governance, Risk and Compliance  Cyber Leadership  Cloud Security  Security Operations  Software Security  Network Security  Emerging Technologies   We’re excited to host this year’s event October 25-27 in the heart of Nashville,

Apple plugs security holes for Easter as cops bring Genesis to an end. The UK fines TikTok over underage data use. DDoS attacks surge and cybersecurity professionals keep quiet over breaches.  By Joe Fay  Apple Rolls Out Fixes for Zero Day Bugs Over Easter Weekend  Apple rushed out patches for its iOS, iPadOS and macOS operating systems on Good Friday after it emerged that the bugs they addressed had already been exploited. CVE-2023-28205 affects WebKit and could allow “arbitrary code execution” after a user processed “maliciously crafted web content” Apple warned, while CVE-2023-28206 effects IOSurfaceAccelerator, and potentially allows the execution of arbitrary code with kernel privileges. Both bugs had been exploited in the wild, Apple admitted. Apple credited Clément Lecigne

By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd.  We kicked off the Identity and Access Management Processes from the Top-Level Management approach. The Identity and Access Management Security Steering Committee is a group of C-Suites leaders, also referred to as the respective Data and Asset Owners from the various Business Units of my organization. The group met and established the governing policy around the Identity and Access Management Processes. The governance covers the Mandatory Access Control Policy and Trust Policy of the organization which are automatically enforced as the baselines on default. The governance of our organization also mandates that the Identity and Access Management Framework, like other frameworks, align with local and international regulations

Tomorrow, April 11 is Identity Management Day. This day serves as an annual reminder to increase awareness and education for leaders, IT decision-makers and the general public on the importance of identity management.   The dangers of improper management of digital identities are at an all-time high. We spoke with our blog volunteers to get their insights into what best practices their companies are following, along with how you can get on a path to better identity management.   Why is identity management and security important in 2023?  “In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI. These attacks have become more complex and

Forget SMS 2FA authentication – Twitter and others are making it less attractive by either charging for it or phasing it out altogether. But there’s a better alternative if only tech companies were willing to invest.  By John E. Dunn   Mention Twitter and two factor authentication (2FA) in the same breath right now and security watchers will immediately think about a puzzling announcement the company made less than two months ago. The gist was that anyone using or adding SMS 2FA to their account would have to buy a subscription to Twitter Blue for $8 per month to continue to use the feature. Charitably, this was probably intended as a nudge to make people upgrade to more secure options such as

The U.S. government takes down another dark web forum, Western Digital suffers a cyberattack and the fastest acting ransomware to date. Here are the latest threats and advisories for the week of April 7, 2023.   By John Weiler  Threat Advisories and Alerts  Websites Built with Elementor Pro and WooCommerce under Attack  Millions of WordPress websites using the popular Elementor Pro website builder and the WooCommerce plugin have been exposed to a serious security vulnerability. The flaw, which affects Elementor Pro versions 3.11.6 and earlier, allows malicious actors to change the default user privileges to include administrator access. The vulnerability was patched in a March 22 update, but the number of reported incidents indicates that most website administrators have yet to