By Joe Fay Derivatives traders, trainer trainers, and finger lickers all hit by ransomware. Russian hackers lash out after Ukraine tanks deal announced. Apple patches decade old devices.   ION Markets Hit by “Cyber Security Event”  Dublin-based data and software firm ION Markets has been hit by a “cyber event” which has had a knock-on effect on financial futures and derivatives markets worldwide. The attack is thought to have been ransomware related. ION Markets said the attack on its ION Cleared Derivatives division was “contained to a specific environment”, all the affected servers are disconnected, and remediation of services is ongoing. Traders were left having to complete business manually.  https://iongroup.com/press-release/markets/cleared-derivatives-cyber-event/  Hackers target trainers, fast food giants  Sportswear retailer JD Sports said

The LockBit ransomware gang apologizes, Google settles privacy lawsuits and cybercriminals impersonate brands and the U.K. government. Here are the latest threats and advisories for the week of January 6, 2023. Threat Advisories and Alerts Cybercriminals Impersonate Brands with Search Ads And Fake Sites The U.S. Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are directing internet browsers to malicious sites via search ads. How does the scam work? Bad actors build a fake website that impersonates a legitimate brand and then advertises it to appear at the top of search results. Once browsers click the ad, the malicious site prompts them to enter login credentials, financial information or download ransomware that’s disguised as a program. Source:

The SSCP certification is held by more than 7,000 professionals around the world. Known for its technical rigor, the members who hold this qualification are typically working in areas like IT administration, networks security, security operations or incident response. The exam was last refreshed in November 2021 which that means it is time for us to begin the process again. We announced last week that the CISSP will be starting the revision process in January and so will the SSCP. We need to hear from you, the certification holders. As we prepare for a Job Task Analysis (JTA) Study Workshop in January (tentatively scheduled for January 23-25), we are asking all SSCP-holders to review the current SSCP exam outline (now

Beware the BatLoader, the NSA calls for more memory-safe programming language use and ransomware causes more trouble in Australia….Here are the latest threats and advisories for the week of November 18, 2022. Threat Advisories and Alerts Researchers Sound Alarm on Dangerous BatLoader Malware Dropper A dangerous new malware loader with features for determining whether it's running on business or home computers has begun rapidly infecting systems worldwide over the past few months. Researchers at VMware Carbon Black claim the threat, dubbed BatLoader, is being used to distribute a variety of malware tools including a banking Trojan, an information stealer, and the Cobalt Strike post-exploit toolkit on victim systems. Source: https://www.darkreading.com/attacks-breaches/researchers-alarm-batloader-malware-dropper Windows Kerberos Authentication Impacted by November Patches Microsoft is investigating

High profile ransomware attacks, vulnerabilities in popular technology products and a widespread investment scam in Europe. Here are the latest cybersecurity threats and advisories for the week of August 5, 2022. Threat Advisories and Alerts Critical Vulnerability Found in VMware Products VMware has released a security update to patch a critical vulnerability in several of their products, including VMware Workspace ONE Access, vRealize Automation and Identity Manager. If the vulnerability isn’t patched, bad actors with network access could obtain admin privileges. VMware customers using the affected products are recommended to upgrade to the latest version immediately. ​​Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-033 CISA Warns of Confluence Security Flaw CISA has added the recent Atlassian security flaw (CVE-2022-26138) to its catalog of Known Exploited Vulnerabilities.