Cyber Security News Sources We're Following
Recent Cybersecurity News Highlights
2024 CISSP Now Cybersecurity News Highlights
- Ribeiro, A. (2024, August 30). "CISA, FBI, partners issue joint advisory on RansomHub ransomware threat to critical infrastructure sectors." Industrial Cyber. https://industrialcyber.co/ransomware/cisa-fbi-partners-issue-joint-advisory-on-ransomhub-ransomware-threat-to-critical-infrastructure-sectors/
- Townsend, K. (2024, August 19). "National Public Data Says Breach Impacts 1.3 Million People: National Public Data (NPD) has confirmed suffering a data breach, but the company says the incident only affects 1.3 million people in the US." https://www.securityweek.com/national-public-data-says-breach-impacts-1-3-million-people/
- Weinberg, N. (2024, 6 August). "6 hot cybersecurity trends — and 2 going cold: Artificial intelligence is altering not only the threat landscape but also how security teams can defend their organizations. But AI isn’t the only trend cybersecurity pros should be on top of." CSO Online. https://www.csoonline.com/article/564860/hot-cybersecurity-trends.html
- Durbin, S. (2024, August 1). "Opinion: 5 recommendations for acing the SEC cybersecurity rules: SEC risk management and disclosure rules can be overwhelming and fraught with difficulties. Steve Durbin, chief executive of the Information Security Forum, offers advice for coping with the hassles." CSO Online. https://www.csoonline.com/article/3479653/5-recommendations-for-acing-the-sec-cybersecurity-rules.html
- Ingram, N., Goldberg, M., Hollingsworth, H. (2024, July 25). "North Korean charged in cyberattacks on US bases, defense firms: KANSAS CITY, Kan. — A North Korean military intelligence operative has been indicted in a conspiracy to hack into American health care providers, NASA, U.S. military bases and international entities, stealing sensitive information and installing ransomware to fund more attacks, federal prosecutors announced Thursday." Military Times. https://www.militarytimes.com/news/your-military/2024/07/26/north-korean-charged-in-cyberattacks-on-us-bases-defense-firms/
See also: AP News: https://apnews.com/article/north-korea-hacker-military-intelligence-hospitals-b3153dc0ad16652a80a9263856d63444 - CIO Staff. (23 July 2024). "CrowdStrike failure: What you need to know: A flawed update to CrowdStrike Falcon sent Windows servers and PCs across the globe into an endless reboot cycle that IT organizations are still working to remediate." CIO. https://www.cio.com/article/3476789/crowdstrike-failure-what-you-need-to-know.html
- Coker, J. (2024, July 22). "Cybercriminals Exploit CrowdStrike Outage Chaos: Cybercriminals are leveraging the ongoing mass global IT outage to launch phishing campaigns, according to reports." Infosecurity Magazine https://www.infosecurity-magazine.com/news/cybercriminals-exploit-crowdstrike/
- Burgess, M. (2024, July 19). "Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World: A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally." Wired. https://www.wired.com/story/microsoft-windows-outage-crowdstrike-global-it-probems/
Quote from Crowdstrike CEO, George Kurtz: 'This is not a security incident or cyberattack,” Kurtz said. “The issue has been identified, isolated, and a fix has been deployed.' - Call for Presentations / Registration: The Original ICS/SCADA Cybersecurity Conference: October 21-24, 2024. https://www.icscybersecurityconference.com/
- Nihill, C. (2024, July 11). "White House to require increased cybersecurity protocols for R&D institutions: The Office of Science and Technology Policy said federal research agencies must certify proper security requirements for covered institutions, including in higher education." FEDSCOOP. https://fedscoop.com/white-house-to-require-increased-cybersecurity-protocols-for-rd-institutions/
- Weinberg, N. (2024, July 2). "10 most powerful cybersecurity companies today: With AI and generative AI capabilities on the rise, a shift toward consolidation and platforms over point solutions is redefining the IT security market — as well as its leading vendors." CSO Feature. https://www.csoonline.com/article/569075/the-10-most-powerful-cybersecurity-companies.html
- Murphy, J. (2024, June 26). "What qualifies as a material cybersecurity incident? In SEC rules, a cyberincident's materiality hinges on its potential impact on a public company's standing. Learn what this means for cybersecurity disclosure requirements." Tech Target. https://www.techtarget.com/searchsecurity/tip/What-qualifies-as-a-material-cybersecurity-incident
- GovConWire. (2024, June 20). "4 Tips to Elevate Your Company’s Cybersecurity." https://www.govconwire.com/2024/06/4-tips-to-elevate-your-companys-cybersecurity/. Quote from the article: "If you have any kind of intellectual property, any kind of novel technology or business system, what have you, you would implement NIST SP 800-171 as a national standard,” Kiernan said at the Potomac Officers Club’s 2024 Cyber Summit."
- From The Bureau of Labor Statistics Occupational Outlook. " Employment of information security analysts is projected to grow 32 percent from 2022 to 2032, much faster than the average for all occupations. About 16,800 openings for information security analysts are projected each year, on average, over the decade. Many of those openings are expected to result from the need to replace workers who transfer to different occupations or exit the labor force, such as to retire."
Reference: Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, Information Security Analysts, at https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm (visited June 06, 2024). Updated April 17, 2024. - Nichols, S. (2024, June 7). "FCC Approves $200M for cybersecurity in schools." SC Magazine. https://www.scmagazine.com/news/fcc-approves-200m-for-cybersecurity-in-schools
- Seals, T. (2024, June 3). "Ticketmaster Confirms Cloud Breach, Amid Murky Details
Ticketmaster parent Live Nation has filed a voluntary SEC data breach notification, while one of its cloud providers, Snowflake, also confirmed targeted cyberactivity against some of its customers." Dark Reading. https://www.darkreading.com/cyberattacks-data-breaches/ticketmaster-confirms-cloud-breach-murky-details - Manuel, R. (2024, May 28). "US to Explore Establishment of Independent Cyber Force Branch." The Defense Post. https://www.thedefensepost.com/2024/05/28/us-independent-cyber-force-branch/
- Fruhlinger, J. (2024, May 24). "What is spear phishing? Examples, tactics, and techniques: Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack." CSO. https://www.csoonline.com/article/566789/what-is-spear-phishing-examples-tactics-and-techniques.html
- SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, and IBM (NYSE: IBM), a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver AI-powered security outcomes for customers. The announcement is a testament to Palo Alto Networks' and IBM's commitment to each other's platforms and innovative capabilities. https://newsroom.ibm.com/2024-05-15-Palo-Alto-Networks-and-IBM-to-Jointly-Provide-AI-powered-Security-Offerings-IBM-to-Deliver-Security-Consulting-Services-Across-Palo-Alto-Networks-Security-Platforms
- Schuman, E. (2024, May 8). "Massive security hole in VPNs shows their shortcomings as a defensive measure: Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there." CSO Online. https://www.csoonline.com/article/2099467/massive-security-hole-in-vpns-shows-their-shortcomings-as-a-defensive-measure.html
- Dunn, J. (2024, May 1). "NIST publishes new guides on AI risk for developers and CISOs." CSO Online.
https://www.csoonline.com/article/2097119/nist-publishes-new-guides-on-ai-risk-for-developers-and-cisos.html - Lemos, R. (2024, April 23). "Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs: State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices." Dark Reading. https://www.darkreading.com/endpoint-security/edge-vpns-firewalls-nonexistent-telemetry-apts
- Dunn, J. (2024, April 12). "CISA orders US government agencies to check email systems for signs of Russian compromise." CSO Online. https://www.csoonline.com/article/2089558/cisa-orders-us-government-agencies-to-check-email-systems-for-signs-of-russian-compromise.html
See also: CISA. (2024, April 2). "ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System." https://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-system - Coker, J. (2024, April 8.)
"US Federal Data Privacy Law Introduced by Legislators: A bipartisan US federal data protection law has been drafted by two US lawmakers, aiming to codify and enforce privacy rights for all US citizens." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/us-federal-privacy-law-legislators/ - Sharma, S. (2024, April 4). "Cyberattack forces Omni Hotels to shut down its IT systems: Omni shut down its IT systems in response to an attack it faced on Friday, disrupting key operations including reservations, payments, and point-of-sale systems. " CSO Online. https://www.csoonline.com/article/2081598/cyberattack-forces-omni-hotels-to-shut-down-its-it-systems.html
- 2/27/2024: NIST #Cybersecurity Framework 2.0 officially released:
https://www.securityweek.com/nist-cybersecurity-framework-2-0-officially-released/
About Certified Information Systems Security Professional
(CISSP) Certification:
(CISSP) Certification:
- Great blog! ISC2. (2024, May 17). "My Route to Cybersecurity: Studying for the ISC2 Certified in Cybersecurity exam is no simple task, but as Louise Esporlas, CC explains, earning the certification helped define education and career pathways." ISC2 Insights. https://www.isc2.org/Insights/2024/05/My-Route-to-Cybersecurity-CC
- ISC2. (2024, April 15). "CISSP Exam Refresh and Updated Official Training Now Live." ISC2 Insights. https://www.isc2.org/Insights/2024/04/CISSP-Exam-Refresh-and-Updated-Official-Training-Now-Live?queryID=7de1a62f322d6f13f548aca9641597fd Check out the 2024 Detailed Content Outline with Weights Final, Effective April 15, 2024, by clicking here.
- ISC2. (2024, February 25). "Computerized Adaptive Testing (CAT) for CISSP Examinations in All Languages." https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages From the announcement: "We are pleased to announce that as of April 15, 2024, all CISSP examinations worldwide will take place in Computerized Adaptive Testing (CAT) format." Read the rest: https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages
- CISSP Exam Refresh FAQ: Here are the details about the April 15, 2024 CISSP exam update direct from ISC2. https://www.isc2.org/certifications/cissp/cissp-exam-refresh-faq
- ISC2. (2024, February 12). "Asking All CISSP Holders to Help Shape the Certified in Cybersecurity (CC) Exam." ISC2 Insights. https://www.isc2.org/Insights/2024/02/Asking-All-CISSP-Holders-to-Help-Shape-the-Certified-in-Cybersecurity-CC-Exam?queryID=a1e205b26f8bb9f9d83cc62c123cc17b
CISSP Tips and Topics
News Sites of Interest to the Certified Information Systems Security Professional (CISSP):
- (ISC)² insights: https://www.isc2.org/Insights
- Infosecurity Magazine: https://www.infosecurity-magazine.com/
- Dark Reading: https://www.darkreading.com/
- The Hacker News: https://thehackernews.com/
- CSO Online: https://www.csoonline.com/news/
- Security Week: https://www.securityweek.com/
- Wired: https://wired.com
- Threatpost: https://threatpost.com
News Feeds
Thinking about taking the CISSP certification exam?
- What are the benefits of CISSP certification?
- What are the requirements for CISSP certification?
- What experience do you need to have before you take the CISSP certification exam?
- How should you prepare to take the CISSP certification exam?
CISSP - Certified Information Systems Security Professional - About the CISSP NOW! method:
- The CISSP NOW! method, documented in the CISSP NOW! ebook, references official (ISC)² study material, which may be purchased from Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119787637
- If you do not have access to the official (ISC)² study material, you will not be able to follow the CISSP NOW! method.
- The CISSP NOW! method is built around continuous self-assessment and quantitative feedback.