Blog

World Cup fraud, Chinese tech bans and a social media cyberstorm hit headlines this week. Here are the latest threats and advisories for the week of December 2, 2022. Threat Advisories and Alerts NCSC Urges Christmas Shoppers to be Vigilant As Christmas shopping kicks into gear, the UK’s National Cyber Security Centre (NCSC) has launched a campaign releasing a series of secure online shopping articles to spread awareness about cybercrime this festive season. During this same time last year, thousands of holiday shoppers were scammed, resulting in £15.3m being stolen and victims losing on average £1,000 per person. Shoppers can protect themselves by setting up two-step verification where it’s offered, researching online retailers and using credit cards that protect online

A member recap of “Achieving Data Security and Analytics with AI” presented by Glendon Schmitz at (ISC)² Security Congress 2022. By Angus Chen, CISSP, CCSP, PMP, MBA Although “data is the new oil”, there are many problems with working on production data directly.  Organizations encounter regulations to protect privacy such as General Data Protection Regulation (GDPR). The fine for violating GDPR is 17 million British Pounds or 4% annual global turnover. Amazon was charged with U.S. $887 million, WhatsApp U.S. $267 million and Marriott 18 million British Pounds for data breaches. The list goes on and on. Furthermore, organizations sharing data with third parties infringe on user’s privacy without consent such as the Facebook and Cambridge Analytica cases. Production data

The following individuals were elected to the Board and will begin their three-year term in January 2023:  Laurie-Anne Bourdain, CISSP – Belgium   Edward Farrell, SSCP, CISSP – Australia   Nalneesh Gaur, CISSP-ISSAP – United States   Guy Ngambeket, CISSP – United Arab Emirates   Yiannis Pavlosoglou, CISSP – Greece  Congratulations to our directors! The election ran from November 1-14, 2022, and 4,717 (ISC)² certified members voted in the election and results were independently tabulated and verified by our third-party election facilitator and audited by an independent third-party.  The (ISC)² Board of Directors is responsible for:  Strategic direction, governance and oversight for (ISC)²  Developing policies and procedures  Granting certifications  Enforcing the (ISC)² Code of Ethics  For the first time this year, self-nominations to serve

A member recap of Dr. Thomas Scanlon’s session at (ISC)² Security Congress 2022 by Angus Chen, CISSP, CCSP, MBA, PMP. Dr. Scanlon started his talk by showing images of women and posing a question to the audience: Can you spot the fake person? See the image to left. To my surprise, none of them are a real person! These images are generated by an AI algorithm, generative adversarial network (GAN),  source: https://thispersondoesnotexist.com. In my opinion, it is a little creepy. Several websites today use data-driven unconditional generative image modeling to create deepfake images such as https://thisxdoesnotexist.com.  According to CISA, a deepfake is considered as misinformation, disinformation and malinformation (MDM). Misinformation is false, but not created or shared with the intention of

Beware the BatLoader, the NSA calls for more memory-safe programming language use and ransomware causes more trouble in Australia….Here are the latest threats and advisories for the week of November 18, 2022. Threat Advisories and Alerts Researchers Sound Alarm on Dangerous BatLoader Malware Dropper A dangerous new malware loader with features for determining whether it's running on business or home computers has begun rapidly infecting systems worldwide over the past few months. Researchers at VMware Carbon Black claim the threat, dubbed BatLoader, is being used to distribute a variety of malware tools including a banking Trojan, an information stealer, and the Cobalt Strike post-exploit toolkit on victim systems. Source: https://www.darkreading.com/attacks-breaches/researchers-alarm-batloader-malware-dropper Windows Kerberos Authentication Impacted by November Patches Microsoft is investigating

By Dr. Fulvio Arreghini, CSSLP, Head of International Sales at INFODAS GmbH. Fulvio is a CDR of the Italian Navy (reserve). He has an Master Degree in communication engineering and a PhD in Information engineering. During his active service in the Navy he’s been working mainly in the areas of Secure Tactical Communication and Command and Control systems, acting often also as security officer and risk manager. Since 2020 in the private sector, he joined Infodas at first as solution architect to later become head of international sales. Cyberattacks to operational technology (OT) are on the rise and the providers of critical services have to cope on one side with the requirement for high availability, preventing them from having long downtimes