Welcome
Welcome
Hello and Welcome!
Be sure to attend our monthly meetings. Lots of good information there. Register for our Thursday April 24th Virtual Meeting on our site ISC2CT.org
Also come Join our (ISC)2 Connecticut Chapter Discord Server
Upcoming Training:
Chapter members, Please check out the training on AIMS Lead Auditor, which focuses on the recently published ISO standard on AIMS. The course equips participants with the skills and knowledge required to understand how an AIMS is implemented based on Annex B of ISO/IEC 42001:2023, lead Artificial Intelligence audits effectively, ensuring compliance with ISO 42001:2023. It covers audit planning, execution, and reporting while emphasizing risk management, governance, and continual improvement.
ISO 42001:2023 Lead Auditor | April 14 – 16, 2025 1:00 pm – 8:00 pm GMT | 7 hours for 3 days (21 hours of online training) Fees: USD 799 (regular participant) USD 699 (ISACA/ISC2 members) USD 575 (registering by 5th April 2025) Registration Link
Upcoming events:
SANS Cybersecurity Leadership Summit 2025 | Free Virtual Summit: Thursday, April 24 Learn, share, and engage with fellow cybersecurity leaders. In a rapidly evolving threat landscape, leaders can’t just keep up—they must set the standard. The SANS Cybersecurity Leadership Summit is for industry leading CISOs, directors and managers looking to empower themselves with the knowledge and tools to not just participate, but to set the pace in cybersecurity leadership. This Summit provides invaluable insights from industry trailblazers who will share their strategies, lessons learned, and best advice. Agenda and Registration Link
Thank you to our Sponsors
Quinnipiac University is committed to helping advance the field of cybersecurity through its School of Computing & Engineering. To support the growth of professionals within cybersecurity and computing, Quinnipiac offers flexible online and on-campus opportunities that deliver practical skills you can immediately apply on the job. Both its MS in Cybersecurity and MS in Computer Science programs feature hands-on experience in lab settings that simulate real-world scenarios. To learn more about these exciting opportunities, Visit Quinnipiac University
Cyber News

Microsoft isn't fixing 8-year-old zero day used for spying
An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.

Attacks Launched from Cloud Platforms
The cloud continues to provide huge opportunities to organizations, offering flexibility, economy and processing power on demand. However, it can offer bad actors the exact same facilities and opportunities, presenting additional defensive challenges for cybersecurity teams.

DOGE to Fired CISA Staff: Email Us Your Personal Data
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections

FBI warns of malicious free online document converters spreading malware
The FBI warns of a significant increase in scams involving free online document converter tools to infect users with malware.

The State of Secrets Sprawl 2025
State of Secrets Sprawl 2025 report, GitGuardian’s latest deep dive into the widespread exposure of sensitive credentials. This year’s findings show no improvement in the fight against secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024, marking a 25% year-over-year increase.

Hottest cybersecurity open-source tools of the month: March 2025
This article features open-source cybersecurity tools that are gaining attention for strengthening security across various environments.

Majority of ransomware claims involved compromise of perimeter security devices
A report by cyber insurance firm Coalition shows six of every 10 ransomware claims involved compromised VPN or firewall.

Microsoft's killing script used to avoid Microsoft Account in Windows 11
Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system.

Ransomware Groups Increasingly Adopting EDR Killer Tools
ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
Phishing Office files and CVE-2017-11882 exploits still active in 2025, exposing unpatched systems to malware.

Actively Exploited ChatGPT Bug Puts Organizations at Risk
A server-side request forgery vulnerability in OpenAI's chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.

Critical Zero-Day Vulnerabilities Found in These VMware Products
A year after VMware ESXi servers faced ransomware attacks, new zero-day vulnerabilities are being exploited, posing risks to organizations worldwide.