Cyber Security News Sources We're Following
Recent Cybersecurity News Highlights
2024 CISSP Now Cybersecurity News Highlights
- Dunn, J. (2024, April 12). "CISA orders US government agencies to check email systems for signs of Russian compromise." CSO Online. https://www.csoonline.com/article/2089558/cisa-orders-us-government-agencies-to-check-email-systems-for-signs-of-russian-compromise.html
See also: CISA. (2024, April 2). "ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System." https://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-system - Coker, J. (2024, April 8.)
"US Federal Data Privacy Law Introduced by Legislators: A bipartisan US federal data protection law has been drafted by two US lawmakers, aiming to codify and enforce privacy rights for all US citizens." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/us-federal-privacy-law-legislators/ - Sharma, S. (2024, April 4). "Cyberattack forces Omni Hotels to shut down its IT systems: Omni shut down its IT systems in response to an attack it faced on Friday, disrupting key operations including reservations, payments, and point-of-sale systems. " CSO Online. https://www.csoonline.com/article/2081598/cyberattack-forces-omni-hotels-to-shut-down-its-it-systems.html
- Muncaster, P. (2024, March 27). "Zero-Day Vulnerabilities Surged by Over 50% Annually, Says Google." (Infosecurity Magazine). https://www.infosecurity-magazine.com/news/zeroday-surged-50-annually-google/
- Sharma, S. (2024, March 22). "FBI and CISA warn government systems against increased DDoS attacks: The advisory describes the critical DDoS tactics, with recommendations to defend against such attacks. " https://www.csoonline.com/article/2073589/fbi-and-cisa-warn-government-systems-against-increased-ddos-attacks.html
- NSA. (2024, March 14). "Advancing Zero Trust Maturity Throughout the Network and Environment Pillar." Cyber Security Information Sheet. https://media.defense.gov/2024/Mar/05/2003405462/-1/-1/0/CSI-ZERO-TRUST-NETWORK-ENVIRONMENT-PILLAR.PDF
- 3/8/2024: Arghire, I. (2024, March 8). "CISA Outlines Efforts to Secure Open Source Software: Concluding a two-day OSS security summit, CISA details key actions to help improve open source security." https://www.securityweek.com/cisa-details-efforts-to-secure-open-source-software/
- 3/5/2024: Korolov, M. (2024, March 5). "How gen AI helps entry-level SOC analysts improve their skills: By automating repetitive triage and documentation tasks, generative AI systems allow entry-level security analysts to spend more time on investigations, response, and developing core skills." CSO Online. https://www.csoonline.com/article/1310938/how-genai-helps-entry-level-soc-analysts-improve-their-skills.html
- 2/27/2024: NIST #Cybersecurity Framework 2.0 officially released:
https://www.securityweek.com/nist-cybersecurity-framework-2-0-officially-released/ - Coker, J. (2024, February 22). "Cyber Pros Embrace AI, Over 80% Believe It Will Enhance Jobs." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/cyber-pros-ai-enhance-jobs/
- CISSP Exam Refresh FAQ: Here are the details about the April 15, 2024 CISSP exam update direct from ISC2. https://www.isc2.org/certifications/cissp/cissp-exam-refresh-faq
- Sharma, S. (2024, February 21). "Hackers using stolen credentials to launch attacks as info-stealing peaks." CSO. https://www.csoonline.com/article/1308864/hackers-using-stolen-credentials-to-launch-attacks-as-info-stealing-peaks.html
- Brumfield, C. (2024, February 16). "Lawmakers see power grid security risks from Chinese storage batteries: Lawmakers and experts fear that the use of Chinese storage batteries could threaten the power grid, but few alternatives are in the offing, at least in the short term." https://www.csoonline.com/article/1308152/lawmakers-see-power-grid-security-risks-from-chinese-storage-batteries.html
- Kaur, G. (2024, February 1). "US security agencies terminate China-backed hacking attempt: The court-authorized operation involved deleting the KV Botnet malware on routers owned by citizens and small office owners." CSO. https://www.csoonline.com/article/1303097/us-security-agencies-terminate-china-backed-hacking-attempt.html
- Honea, M. (2024, January 9). "Incident Response: Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cybersecurity: Despite the drastically newer and more complex technology, many of the core incident response principles remain the exact same and we should never forget the fundamentals. Security Week. https://www.securityweek.com/continuity-in-chaos-applying-time-tested-incident-response-to-modern-cybersecurity/
- CISA. (2024, January 19). "ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities." Cybersecurity * Infrastructure Security Agency. https://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities
- Quoting from the publication: "CISA has observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure solutions, hereafter referred to as “affected products.” Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems." Read the rest: https://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities
- Paganaini, P. (2024, January 19). "Ransomware attacks break records in 2023: the number of victims rose by 128%." Security Affairs. https://securityaffairs.com/157759/reports/ransomware-attacks-2023-report.html Cites. Cybernews Team. (2024, January 16, 2024). https://cybernews.com/security/ransomware-landscape-overview-2023/
- Shara, S. (2024, January 16). "Patched Windows SmartScreen bug actively exploited in Phemedrone infections." CSO. https://www.csoonline.com/article/1291037/patched-windows-smartscreen-bug-actively-exploited-in-phemedrone-infections.html
- Poremba, S. (2024, January 3). "What the cybersecurity workforce can expect in 2024." Security Intelligence. https://securityintelligence.com/articles/cybersecurity-workforce-trends-2024/
- ISC2. (2024, January 3). "New Guidance from DOJ and FBI on SEC Incident Disclosure Rules." ISC2 Insights. https://www.isc2.org/Insights/2024/01/New-Guidance-from-DOJ-and-FBI-on-SEC-Incident-Disclosure-Rules
- Mello, J.P. (2024, January 5). "US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers: As the DOD's Cybersecurity Maturity Model Certification cyber rules for suppliers inch closer to finish line, some vendors see more realistic expectations for compliance." CSO Online. https://www.csoonline.com/article/1287812/us-dods-cmmc-2-0-rules-lift-burdens-on-msps-manufacturers.html
About Certified Information Systems Security Professional
(CISSP) Certification:
(CISSP) Certification:
- ISC2. (2024, April 15). "CISSP Exam Refresh and Updated Official Training Now Live." ISC2 Insights. https://www.isc2.org/Insights/2024/04/CISSP-Exam-Refresh-and-Updated-Official-Training-Now-Live?queryID=7de1a62f322d6f13f548aca9641597fd Check out the 2024 Detailed Content Outline with Weights Final, Effective April 15, 2024, by clicking here.
- ISC2. (2024, February 25). "Computerized Adaptive Testing (CAT) for CISSP Examinations in All Languages." https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages From the announcement: "We are pleased to announce that as of April 15, 2024, all CISSP examinations worldwide will take place in Computerized Adaptive Testing (CAT) format." Read the rest: https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages
- CISSP Exam Refresh FAQ: Here are the details about the April 15, 2024 CISSP exam update direct from ISC2. https://www.isc2.org/certifications/cissp/cissp-exam-refresh-faq
- ISC2. (2024, February 12). "Asking All CISSP Holders to Help Shape the Certified in Cybersecurity (CC) Exam." ISC2 Insights. https://www.isc2.org/Insights/2024/02/Asking-All-CISSP-Holders-to-Help-Shape-the-Certified-in-Cybersecurity-CC-Exam?queryID=a1e205b26f8bb9f9d83cc62c123cc17b
- ISC2. (2023, November 30). "CISSP+CCSP: The Power of Duo Cybersecurity Certifications: Organizations worldwide put a premium on the strength CISSP + CCSP together bring to their defense. CISSPs save 20% on training now." ISC2
Learn more: https://www.isc2.org/landing/powerduo/cissptoccsp - ISC2. (2023, November 15). "Changes to the CISSP Exam Weighting – What You Need to Know: Effective from April 15, 2024, ISC2 will refresh the CISSP credential exam. ISC2 regularly updates the exams and domain weighting for its certifications."
ISC2 Insights. https://www.isc2.org/Insights/2023/11/Changes-to-CISSP-Exam-Weighting?queryID=f10ca4e454bd734ac66d02e365af9aca - Call to Action: Review the current outline for CISSP-ISSEP concentration exam and reply to questions.
Link to: (ISC)2 Management. (2023, July 12). "Calling All CISSP-ISSEPs! Help Shape Future CISSP-ISSEP Exams!" (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/07/calling-all-cissp-isseps-help-shape-future-cissp-issep-exams.html - (ISC)2 Management. (2023, March 30). "NEW CISSP EXAM REGISTRATION PROCESS FOR 2023: Looking to earn your (ISC)² CISSP certification? Make sure you follow these updated steps to register for your exam." (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/03/new-cissp-exam-registration-process-for-2023.html
- (ISC)2 Blog. (2022, December 13). "CALLING ALL CISSPS! HELP SHAPE THE CISSP EXAM." From the blog post: "Coming up next month, the CISSP will be taking its next step in the certification lifecycle with a JTA Study Workshop tentatively scheduled for January 17-19, 2023." Read more: https://blog.isc2.org/isc2_blog/2022/12/calling-all-cissps-help-shape-the-cissp-exam.html
- "Changes to the CISSP Exam Length Coming Soon. Beginning June 1, 2022, additional pretest items and time will be added to the CISSP exam for the Computerized Adaptive Testing (CAT) format." (ISC)2 blog (March 10, 2022). Read further: https://blog.isc2.org/isc2_blog/2022/03/changes-to-the-cissp-exam-length-coming-soon.html
- How is the CISSP-ISSMP Exam Changing? - (ISC)² Blog (isc2.org) (March 17, 2022)
- "A Cybersecurity Role Has Topped List of Best Jobs" ... by (ISC)2 Management, (ISC)2 Blog (January 14, 2022)
- Survey Says: CISSP and CCSP Among the Most In Demand IT Certifications of 2021 - (ISC)² Blog (isc2.org) (26 February 2021)
- (ISC)² Updates CISSP Cybersecurity Certification Exam Based on Expert-Led Domain Revision ... (ISC)2 news release (01 February 2021)
- "SURVEY: CISSP IS THE MOST VALUABLE SECURITY CERTIFICATION FOR 2021" ... (ISC)2 blog site (January 21, 2021)
- "STUDY: CERTIFICATIONS BOOST SALARIES SUBSTANTIALLY" ... (ISC)2 blog site (November 2020)
CISSP Tips and Topics
News Sites of Interest to the Certified Information Systems Security Professional (CISSP):
- (ISC)² insights: https://www.isc2.org/Insights
- Infosecurity Magazine: https://www.infosecurity-magazine.com/
- Dark Reading: https://www.darkreading.com/
- The Hacker News: https://thehackernews.com/
- CSO Online: https://www.csoonline.com/news/
- Security Week: https://www.securityweek.com/
- Wired: https://wired.com
- Threatpost: https://threatpost.com
News Feeds
Thinking about taking the CISSP certification exam?
- What are the benefits of CISSP certification?
- What are the requirements for CISSP certification?
- What experience do you need to have before you take the CISSP certification exam?
- How should you prepare to take the CISSP certification exam?
CISSP - Certified Information Systems Security Professional - About the CISSP NOW! method:
- The CISSP NOW! method, documented in the CISSP NOW! ebook, references official (ISC)² study material, which may be purchased from Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119787637
- If you do not have access to the official (ISC)² study material, you will not be able to follow the CISSP NOW! method.
- The CISSP NOW! method is built around continuous self-assessment and quantitative feedback.