Blog

By John E. Dunn  It’s little surprise that many people are skeptical about the rapid encroachment of artificial intelligence (AI) and machine learning (ML) into daily life. However, should cybersecurity professionals be more positive about the benefits for the field?  (ISC)² asked its members and candidates – experienced cybersecurity practitioners as well as those at the beginning of their career – whether or not they were concerned about the growth and adoption of both AI and ML in different scenarios. The results of the straw poll of 126 people revealed a consistently high degree of concern and skepticism about the increasing adoption and integration of AI and ML into all facets of consumer and business technology.  When asked whether they

By Joe Fay Not even a pyramid scheme – they just convince people to give away their money.  A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the video platform’s safety team, researchers at WithSecure have said.  The network used YouTube to post and boost videos encouraging victims to take part in fraudulent USDT (Tether) cryptocurrency investment schemes. Users were promised lucrative returns when they moved cryptocurrency from their wallets into wallets associated with the “apps” highlighted in the videos.  WithSecure Intelligence Researcher Andy Patel tracked over 700 URLs hosting the suspect apps, although thousands more could be implicated. Patel said his analysis during the latter half of

By Joe Fay  Australia to scrap cybersecurity rules as part of a new regime, ransoms bankroll further ransomware attacks, Dole and PyPi attacked, while the European Commission calls time on TikTok.  Australia to Overhaul Cybersecurity Rules  The Australian government is overhauling its approach to cybersecurity and will create a new agency to coordinate responses to cyberattacks and manage investment. The plans follow publication of a discussion paper on cybersecurity following recent high-profile attacks, including one that affected telco Optus. The minister for home affairs, Clare O’Neil, described the current regime as “bloody useless.”                       AT&T Selling a Cybersecurity Business, Trend Micro Buying One  AT&T plans to offload its cybersecurity division. The

As part of its expanded diversity, equity and inclusion (DEI) initiative, (ISC)² and its partner, BUiLT (Blacks United in Leading Technology, Inc.), are releasing four new toolkits aimed at increasing the number of Black and underrepresented professionals entering, staying and advancing in the cybersecurity profession.   “Diversity continues to lag in the tech and cyber industries – and in order to meet the workforce gap head on, we need to create racial equity by helping the Black community explore new career possibilities within these fields,” said Peter Beasley, executive director and chairman of the board, BUiLT. “Partnering with (ISC)² encourages a shift we need – to convert, train and educate adults already in the workforce to meet the open roles in

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023.  Threat Advisories and Alerts  NCSC Provides Recommendations on Supply Chain Security  As the recent ransomware attack on ION Trading revealed, supply chain attacks can be devastating to a business and have knock-on effects for suppliers and customers alike. The U.K. National Cyber Security Centre recently published guidance on the topic to help companies address supply chain cyberthreats. The article provides detailed security recommendations, including how companies can map their supply chains, the type of supplier information to gather and how to address subcontractors in

By John E. Dunn Forget vanilla phishing attacks – cybercriminals today have much more interesting tricks up their sleeves. MFA Fatigue Attacks  When push notification via smartphone first appeared, it looked as if the industry had finally found a type of MFA that was both easy to use while being more secure than rivals such as SMS one-time passwords (OTPs). Recently, attackers have dented this reputation with a series of simple MFA fatigue attacks. After using stolen credentials, these bombard users with repeat push notifications in the hope a few will agree to make the barrage stop. Several large companies have been successfully targeted this way.  The mitigation is a combination of education – few users have even heard of