By John E. Dunn Nobody predicted how rapidly AI chatbots would change perceptions of what is possible. Some worry how it might improve phishing attacks. More likely, experts think, will be its effect on targeting. Much has been said about the game-changing abilities of ChatGPT since it was launched in November 2022. One of the most interesting is that the chatbot will prime a new generation of sophisticated phishing attacks, still the most important technique cybercriminals use to harvest user credentials and personal identifiable information (PII). ChatGPT, of course, is not the only chatbot that uses a machine learning large... Continue reading

By John Weiler FBI arrests Breached hacking forum leader, smartphones hijacked without any user involvement and 330,000 customers compromised in Australia by a data breach. Here are the latest threats and advisories for the week of March 24, 2023. Threat Advisories and Alerts CISA and FBI Release Advisory on LockBit Ransomware The U.S. Federal Bureau of Investigation (FBI) and U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) #StopRansomware campaign continued last week, this time with an advisory for today’s most notorious ransomware gang: LockBit. The cybergroup’s prolific attack spree has been responsible for 52% of all ransomware attacks worldwide and struck... Continue reading

Red Team 2, Ferrari 0? Italian luxury sports car maker Ferrari has warned its small but extremely wealthy list of customers that their personal information may have been exposed in a “cyber incident.” The apparent data grab was disclosed five months after the supercar icon denied it had been breached when the RansomEXX group posted 7GB of information it claimed to have stolen from Ferrari. The data released in October included internal documents, including data sheets and repair manuals. The firm announced on March 20, 2023, that it “was recently contacted by a threat actor with a ransom demand related... Continue reading

“Cloud is the present, and the future. It affects everything, every day, both in business and our personal lives.” With these words Panagiotis Soulos summarizes his philosophy of why the CCSP credential is important to any cybersecurity professional. Panagiotis holds the position of the Global Information Security Manager in Global Information Security at Intrum. We recently had the opportunity to learn more about his career. Q: What is your current position at Intrum? A: I recently changed positions, moving from Information Security Officer, into leading a new unit that will be help Intrum to manage and control all aspects of... Continue reading

KillNet is bad for your health, TikTok facing further bans, ransomware impacts cancer test results, Russia allegedly increasing its cyberwarfare efforts. By Joe Fay Microsoft Demonstrates How KillNet Is Bad for Our Healthcare Sector Microsoft has highlighted a rise in DDoS attacks on healthcare organizations, mapping a three-fold increase in attacks over three months. It said it tracked 10 to 20 attacks per day on healthcare organizations on Azure in November but was seeing 40 to 60 per day in February. The attack mix changed over this time, it added, with over half of attacks now being UDP floods, with... Continue reading

By John E. Dunn Phishing attacks depend on creating huge numbers of lookalike ‘confusable’ domains. A new report has highlighted the most prevalent examples and suggested a way to detect phishing domains before they are used in anger. Ever since phishing attacks gathered steam two decades ago, the ability of criminals to create ‘confusable’ or typosquatting domains that look plausibly similar to real ones has been a thorn in everyone’s side. Companies have their brands hijacked, users are tricked into clicking on phishing emails that look genuine, and registrars are roundly criticized for allowing all of this to happen. Large... Continue reading

This month, we asked women in the (ISC)² Blog Volunteers group to weigh in on a few questions from their perspective as a female working in cybersecurity. While their experiences in the industry have varied, this group unanimously responded that they currently receive equal pay to their male counterparts. These volunteers also feel that they receive the same opportunities for promotion and growth as the males on their teams. However, when asked if the ratio of women to men working around them has increased in recent years, the group was split, about 50/50, half agreeing yes, they have seen more... Continue reading

Are you ready to take your (ISC)² exam? If so, there is a slight change to the process! When you’re ready to schedule your exam, please log in to your account at isc2.org.* Whether you’re pursuing your first (ISC)² certification, a certified member pursuing an additional certification or an (ISC)² Candidate, you will log in to your account on the Register for Your Exam page. Then, visit https://my.isc2.org/s/ISC2-Pearson to fill out your Exam Account Information form. Once you fill it out, review the information to confirm it matches the ID you’ll use at your test center. Submit the form and... Continue reading

By Dave Cartwright, CISSP A week is a long time in most business sectors. In the intertwined world of banking and startups, it feels like an eternity as both sides deal with the fallout from the collapse of Silicon Valley Bank (SVB); the financial crisis impacting a myriad of startups suffering cashflow loss and disruption, with other banks now seemingly in poor shape after experiencing runs. For the technology and cybersecurity startups, not just those in California, that used SVB as their banker or lender (or both), its failure could delay or derail at least part of the next wave... Continue reading

Cybercriminals pounce on SVB collapse, privacy concerns around ChatGPT and the FBI warns of a rise in crypto scams. Here are the latest threats and advisories for the week of March 17, 2023. By John Weiler Threat Advisories and Alerts FBI Warning: Cryptocurrency Investment Schemes on the Rise The U.S. Federal Bureau of Investigation (FBI) is warning internet users of an increase in cryptocurrency investment scam schemes, which defrauded victims of over $2 billion in 2022. Cybercriminals (usually located overseas) use social media platforms, dating apps, professional networking apps and other online means to connect with targets. The criminals then... Continue reading

By John E. Dunn Two arrests for alleged ransomware crimes and some useful intel. But will the latest Europol action make any difference? Following an international operation encompassing law enforcement agencies in Germany, Ukraine, the Netherlands and the U.S., Europol announced the arrests in Germany and Ukraine of what it believes are two of the five core “masterminds” of the DoppelPaymer ransomware group. The first suspect was described as a German national, the second as a Ukrainian, in raids that also involved searching properties in Kiev and Kharkiv. Beyond that, details are scarce although Europol said the German suspect was... Continue reading

You spoke, and we listened – you want more opportunities to be involved and contribute to the decision-making process at (ISC)². Let’s get started. The (ISC)² Board of Directors Bylaws Committee will host the first in a series of webinars March 21 to introduce members to this year’s bylaws review and amendment process. Join us to learn how you can share your ideas to help build a better (ISC)² as we look to the future. The new Bylaws Committee, chaired by Board of Directors member Lisa Young, CISSP, consists of Directors and members-at-large. Join the webinar to hear directly from... Continue reading

The U.K. Online Safety Bill triggers a security rebuke from WhatsApp, the Czech Republic concerned about TikTok, an international law enforcement effort shuts down the NetWire RAT infrastructure, while a study suggests workforce malaise towards reporting security incidents. By Joe Fay WhatsApp Would Leave U.K. Rather Than Break Encryption WhatsApp would pull its end-to-end encrypted messaging service in the U.K., rather than submit to any requirement to weaken its privacy stance to comply with the U.K. government’s Online Safety Bill. WhatsApp chief Will Cathcart said that 98 per cent of its users were outside the U.K., and ALL users wanted... Continue reading

By John Weiler Mexico timeshare scams, the DoppelPaymer ransomware gang gets busted and a major data leak rocks Oakland, California. Here are the latest threats and advisories for the week of March 10, 2023. Threat Advisories and Alerts FBI Issues Warning About Mexico Timeshare Scam The U.S. Federal Bureau of Investigation (FBI) has issued an advisory about timeshare scams in Mexico, which affected over 600 people and resulted in roughly $39.6 million in victim losses last year. How does the scam work? Owners of timeshares in Mexico receive an unexpected email or phone call from fraudsters requesting to sell or... Continue reading