Cyber Security News Sources We're Following
Recent Cybersecurity News Highlights
2024 CISSP Now Cybersecurity News Highlights
- Mascellino, A. (2024, December 4). "Ransomware Costs Manufacturing Sector $17bn in Downtime: Ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/ransomware-manufacturing-dollar17b/
- Reuters. (2024, November 25). "Starbucks faces disruptions following ransomware attack on software supplier: Nov 25 (Reuters) - Starbucks (SBUX.O), opens new tab said the aftermath of a ransomware attack on a software supplier has been affecting its ability to pay baristas and manage their schedules, the company's spokesperson said on Monday." Reuters. https://www.reuters.com/business/retail-consumer/starbucks-faces-disruptions-following-ransomware-attack-software-supplier-2024-11-25/
- Webb, D. (2024, October 18). "Top 9 Trends In Cybersecurity Careers for 2025." Esecurity Planet. https://www.esecurityplanet.com/trends/cybersecurity-careers/
- Dugar, U. et al. (2024, November 15). "T-Mobile hacked in massive Chinese breach of telecom networks, WSJ reports." Reuters. https://finance.yahoo.com/news/t-mobile-hacked-massive-chinese-002126952.html
- Masscellino, A. (2024, November 14). "Microsoft Power Pages Misconfiguration Leads to Data Exposure." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/microsoft-power-pages/
- Mello, J.P. (2024, November 8). "The US Department of Defense has finalized cyber rules for its suppliers: Stringent requirements on DoD contractors to comply with existing protections are expected to take effect by the end of the year. CSO Online. https://www.csoonline.com/article/3600834/the-us-department-of-defense-has-finalized-cyber-rules-for-its-suppliers.html
- Heller, M. (2024, October 29). "How to Find the Right CISO: Great CISOs are in short supply, so choose wisely. Here are five ways to make sure you've made the right pick." Dark Reading. https://www.darkreading.com/cybersecurity-operations/how-find-right-ciso
- Gaston, E. (2024, October 24). "Why Cybersecurity Acumen Matters in the C-Suite: Until CEOs and boards prioritize learning more about mitigating threats, organizations are leaving themselves and their businesses open to the potential for disaster." Dark Reading. https://www.darkreading.com/vulnerabilities-threats/why-cybersecurity-acumen-matters-c-suite
- This is not hypothetical. It is definitely real: When the Internet Archive is hacked, and then taken offline as a result, there are huge, negative ramifications for those who need to locate rare, out-of-print, historical documents online for research, among other resources. Individual access to "digitized content" is clearly put at risk. Sharma, S. (2024, October 21). "Internet Archive breached twice within days: The second breach used stolen tokens from the first attack that remained un-rotated even days later." CSO. https://www.csoonline.com/article/3573962/internet-archive-breached-twice-within-days.html
- Washenko, A. (2024, October 9). "The Internet Archive taken down by DDoS attacks
It's been a tough week for the digital library." Engadget. https://www.engadget.com/cybersecurity/the-internet-archive-taken-down-by-ddos-attacks-222317044.html - ISC2. (2024, October 1). "#CybersecurityAwarenessMonth:What’s Defining Security in 2024, So Far..." : As we enter the final quarter of the year, here are the key security themes that have emerged from 2024 so far: risks are increasing, AI is here to stay, and the need for cybersecurity professionals and leaders is greater than ever. ISC2 Insights. https://www.isc2.org/Insights/2024/10/CybersecurityAwarenessMonth-Whats-Defining-Security-in-2024
- Suderman, A. (2024, October 4). "Collapse of national security elites’ cyber firm leaves bitter wake." AP News. https://apnews.com/article/keith-alexander-ironnet-cybersecurity-nsa-bankruptcy-eddd67f3a1b312face21c29c59400e05
- Mascellino, A. (2024, September 26). "Data Breach at MC2 Data Leaves 100 Million at Risk of Fraud: A massive data leak exposing the personal information of over 100 million US citizens has been reportedly uncovered by security researchers." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/mc2-data-breach-100-million-fraud/
- ISC2. (2024, September 25). "Attacks from the Cloud: There is no shortage of commentary and debate about the cybersecurity threats and challenges that target the operators of cloud-based applications and services, but not so much is said about how cloud resources are being used to launch cybersecurity attacks and disruption, be that at other cloud services or at end users and their endpoint devices." ISC2 Newsletter. https://www.isc2.org/Insights/2024/09/Cloud-Security-INSIGHTS-Attacks-from-the-Cloud
- Heller, M. (2024, September 18). "Do boards understand their new role in cybersecurity?: CIO and board member Julie Ragland provides guidance on governance in the era of digital risk." CIO. https://www.cio.com/article/3523667/do-boards-understand-their-new-role-in-cybersecurity.html
- Thatte, A. (2024, September 6). "Technology and Risk: Elevating Cybersecurity Strategies to the C-Suite and Board." ISC2 Insights. https://www.isc2.org/Insights/2024/09/Elevating-Cybersecurity-Strategies-to-the-C-Suite-and-Board?queryID=cf57db8556b1489d744e685ea6348002 #cybersecurity
- Ribeiro, A. (2024, August 30). "CISA, FBI, partners issue joint advisory on RansomHub ransomware threat to critical infrastructure sectors." Industrial Cyber. https://industrialcyber.co/ransomware/cisa-fbi-partners-issue-joint-advisory-on-ransomhub-ransomware-threat-to-critical-infrastructure-sectors/
- Townsend, K. (2024, August 19). "National Public Data Says Breach Impacts 1.3 Million People: National Public Data (NPD) has confirmed suffering a data breach, but the company says the incident only affects 1.3 million people in the US." https://www.securityweek.com/national-public-data-says-breach-impacts-1-3-million-people/
- Weinberg, N. (2024, 6 August). "6 hot cybersecurity trends — and 2 going cold: Artificial intelligence is altering not only the threat landscape but also how security teams can defend their organizations. But AI isn’t the only trend cybersecurity pros should be on top of." CSO Online. https://www.csoonline.com/article/564860/hot-cybersecurity-trends.html
- Durbin, S. (2024, August 1). "Opinion: 5 recommendations for acing the SEC cybersecurity rules: SEC risk management and disclosure rules can be overwhelming and fraught with difficulties. Steve Durbin, chief executive of the Information Security Forum, offers advice for coping with the hassles." CSO Online. https://www.csoonline.com/article/3479653/5-recommendations-for-acing-the-sec-cybersecurity-rules.html
- Ingram, N., Goldberg, M., Hollingsworth, H. (2024, July 25). "North Korean charged in cyberattacks on US bases, defense firms: KANSAS CITY, Kan. — A North Korean military intelligence operative has been indicted in a conspiracy to hack into American health care providers, NASA, U.S. military bases and international entities, stealing sensitive information and installing ransomware to fund more attacks, federal prosecutors announced Thursday." Military Times. https://www.militarytimes.com/news/your-military/2024/07/26/north-korean-charged-in-cyberattacks-on-us-bases-defense-firms/
See also: AP News: https://apnews.com/article/north-korea-hacker-military-intelligence-hospitals-b3153dc0ad16652a80a9263856d63444 - CIO Staff. (23 July 2024). "CrowdStrike failure: What you need to know: A flawed update to CrowdStrike Falcon sent Windows servers and PCs across the globe into an endless reboot cycle that IT organizations are still working to remediate." CIO. https://www.cio.com/article/3476789/crowdstrike-failure-what-you-need-to-know.html
- Coker, J. (2024, July 22). "Cybercriminals Exploit CrowdStrike Outage Chaos: Cybercriminals are leveraging the ongoing mass global IT outage to launch phishing campaigns, according to reports." Infosecurity Magazine https://www.infosecurity-magazine.com/news/cybercriminals-exploit-crowdstrike/
- Burgess, M. (2024, July 19). "Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World: A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally." Wired. https://www.wired.com/story/microsoft-windows-outage-crowdstrike-global-it-probems/
Quote from Crowdstrike CEO, George Kurtz: 'This is not a security incident or cyberattack,” Kurtz said. “The issue has been identified, isolated, and a fix has been deployed.' - Call for Presentations / Registration: The Original ICS/SCADA Cybersecurity Conference: October 21-24, 2024. https://www.icscybersecurityconference.com/
- Nihill, C. (2024, July 11). "White House to require increased cybersecurity protocols for R&D institutions: The Office of Science and Technology Policy said federal research agencies must certify proper security requirements for covered institutions, including in higher education." FEDSCOOP. https://fedscoop.com/white-house-to-require-increased-cybersecurity-protocols-for-rd-institutions/
- Weinberg, N. (2024, July 2). "10 most powerful cybersecurity companies today: With AI and generative AI capabilities on the rise, a shift toward consolidation and platforms over point solutions is redefining the IT security market — as well as its leading vendors." CSO Feature. https://www.csoonline.com/article/569075/the-10-most-powerful-cybersecurity-companies.html
About Certified Information Systems Security Professional
(CISSP) Certification:
(CISSP) Certification:
- Great blog! ISC2. (2024, May 17). "My Route to Cybersecurity: Studying for the ISC2 Certified in Cybersecurity exam is no simple task, but as Louise Esporlas, CC explains, earning the certification helped define education and career pathways." ISC2 Insights. https://www.isc2.org/Insights/2024/05/My-Route-to-Cybersecurity-CC
- ISC2. (2024, April 15). "CISSP Exam Refresh and Updated Official Training Now Live." ISC2 Insights. https://www.isc2.org/Insights/2024/04/CISSP-Exam-Refresh-and-Updated-Official-Training-Now-Live?queryID=7de1a62f322d6f13f548aca9641597fd Check out the 2024 Detailed Content Outline with Weights Final, Effective April 15, 2024, by clicking here.
- ISC2. (2024, February 25). "Computerized Adaptive Testing (CAT) for CISSP Examinations in All Languages." https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages From the announcement: "We are pleased to announce that as of April 15, 2024, all CISSP examinations worldwide will take place in Computerized Adaptive Testing (CAT) format." Read the rest: https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages
- CISSP Exam Refresh FAQ: Here are the details about the April 15, 2024 CISSP exam update direct from ISC2. https://www.isc2.org/certifications/cissp/cissp-exam-refresh-faq
- ISC2. (2024, February 12). "Asking All CISSP Holders to Help Shape the Certified in Cybersecurity (CC) Exam." ISC2 Insights. https://www.isc2.org/Insights/2024/02/Asking-All-CISSP-Holders-to-Help-Shape-the-Certified-in-Cybersecurity-CC-Exam?queryID=a1e205b26f8bb9f9d83cc62c123cc17b
CISSP Tips and Topics
News Sites of Interest to the Certified Information Systems Security Professional (CISSP):
- (ISC)² insights: https://www.isc2.org/Insights
- Infosecurity Magazine: https://www.infosecurity-magazine.com/
- Dark Reading: https://www.darkreading.com/
- The Hacker News: https://thehackernews.com/
- CSO Online: https://www.csoonline.com/news/
- Security Week: https://www.securityweek.com/
- Wired: https://wired.com
- Threatpost: https://threatpost.com
News Feeds
Thinking about taking the CISSP certification exam?
- What are the benefits of CISSP certification?
- What are the requirements for CISSP certification?
- What experience do you need to have before you take the CISSP certification exam?
- How should you prepare to take the CISSP certification exam?
CISSP - Certified Information Systems Security Professional - About the CISSP NOW! method:
- The CISSP NOW! method, documented in the CISSP NOW! ebook, references official (ISC)² study material, which may be purchased from Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119787637
- If you do not have access to the official (ISC)² study material, you will not be able to follow the CISSP NOW! method.
- The CISSP NOW! method is built around continuous self-assessment and quantitative feedback.