Blog

Anxiety about the security of hot wallets grows as General Bytes customers are hit by a zero-day flaw in the company’s Bitcoin ATMs.  By John E. Dunn  It’s fair to say that crypto has an image problem. What it didn’t need was a Bitcoin ATM (BATM) hack to generate even more bad publicity.  Unfortunately, that’s exactly what happened on March 17-18, according to General Bytes, one of the best-known makers of BATMs on the market. Hackers exploited a zero-day flaw in a video interface that’s part of the General Bytes CAS server platform to steal 56 Bitcoins (worth $1.5 million) and a small volume of Ethereum from customers running the BATMs.  The attacker first identified BATMs running vulnerable CAS servers and

Today, all members should’ve received an email with a link to a survey inviting feedback on the (ISC)² 2023 Bylaws which closes on April 7, 2023. The URL starts with https://schlesinger.focusvision.com/. We encourage all members to read the bylaws located on the (ISC)² Governance webpage. The (ISC)² Bylaws set forth the rules concerning the operation of our association and actions of our members. It guides how our Board of Directors and staff manage our nonprofit corporation. The (ISC)² Amended and Restated Bylaws establish fundamental principles about key governance policies, members’ rights and Board operations.  As (ISC)² begins the 2023 Bylaws review process, the Board of Directors are looking for feedback from the membership. This will allow members to provide input and

By Joe Fay The U.K. writes a cybersecurity prescription for the NHS and for social care, data protection hardware is becoming a big security gap, security specialist MITRE partners up to tackle supply chain security threats, while the E.U. turns its cyber attention to transport.  UK Prescribes Dose of Cyber Security for Health Service  The U.K. government has sketched out a strategy to protect the National Health Service from cyberattacks. The plan, which also covers social care services, has five key pillars, including identifying areas where disruption could produce the most harm to patients, building unified responses, and embedding security into the framework of emerging technology. Full details will be laid out this summer, with the strategy implemented over the

This March, Women’s History Month, we shared the legacy of Grace Hopper and her trailblazing innovations in software development and computing, highlighted the must-watch webinars by in cybersecurity and met with cyber newcomer and (ISC)² Candidate Nidhi Kannoujia on the (ISC)² Blog. We also asked a group of volunteer members to share their experiences working in cyber and to offer some insights into their careers so far, along with their aspirations. You can find their shared experiences in (ISC)² Listens: Women Working in Cybersecurity.  To wrap up the month, we collected some key statistics that focus on women in cybersecurity today from the 2022 (ISC)² Cybersecurity Workforce Study.  According to study respondents, 30% of women and 18% of non-white employees

By John E. Dunn  Nobody predicted how rapidly AI chatbots would change perceptions of what is possible. Some worry how it might improve phishing attacks. More likely, experts think, will be its effect on targeting.  Much has been said about the game-changing abilities of ChatGPT since it was launched in November 2022. One of the most interesting is that the chatbot will prime a new generation of sophisticated phishing attacks, still the most important technique cybercriminals use to harvest user credentials and personal identifiable information (PII).  ChatGPT, of course, is not the only chatbot that uses a machine learning large learning model (LLM) that could be abused through its web interface or API. There are at least half a dozen

By John Weiler   FBI arrests Breached hacking forum leader, smartphones hijacked without any user involvement and 330,000 customers compromised in Australia by a data breach. Here are the latest threats and advisories for the week of March 24, 2023. Threat Advisories and Alerts  CISA and FBI Release Advisory on LockBit Ransomware  The U.S. Federal Bureau of Investigation (FBI) and U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) #StopRansomware campaign continued last week, this time with an advisory for today’s most notorious ransomware gang: LockBit. The cybergroup’s prolific attack spree has been responsible for 52% of all ransomware attacks worldwide and struck major organizations, like Royal Mail, Accenture and Ion Trading. LockBit 3.0 functions as a Ransomware-as-a-Service (RaaS) model and an affiliate-based