Issue 36  

Welcome

Welcome

Hello and Welcome!

Be sure to attend our monthly meetings. Lots of good information there. Register for our Thursday April 24th Virtual Meeting on our site ISC2CT.org

Also come Join our (ISC)2 Connecticut Chapter Discord Server

Upcoming Training:

Chapter members, Please check out the training on AIMS Lead Auditor, which focuses on the recently published ISO standard on AIMS. The course equips participants with the skills and knowledge required to understand how an AIMS is implemented based on Annex B of ISO/IEC 42001:2023, lead Artificial Intelligence audits effectively, ensuring compliance with ISO 42001:2023. It covers audit planning, execution, and reporting while emphasizing risk management, governance, and continual improvement.

ISO 42001:2023 Lead Auditor | April 14 – 16, 2025 1:00 pm – 8:00 pm GMT | 7 hours for 3 days (21 hours of online training) Fees: USD 799 (regular participant) USD 699 (ISACA/ISC2 members) USD 575 (registering by 5th April 2025) Registration Link

Upcoming events:

SANS Cybersecurity Leadership Summit 2025 | Free Virtual Summit: Thursday, April 24 Learn, share, and engage with fellow cybersecurity leaders. In a rapidly evolving threat landscape, leaders can’t just keep up—they must set the standard. The SANS Cybersecurity Leadership Summit is for industry leading CISOs, directors and managers looking to empower themselves with the knowledge and tools to not just participate, but to set the pace in cybersecurity leadership. This Summit provides invaluable insights from industry trailblazers who will share their strategies, lessons learned, and best advice. Agenda and Registration Link

Thank you to our Sponsors

Quinnipiac University is committed to helping advance the field of cybersecurity through its School of Computing & Engineering. To support the growth of professionals within cybersecurity and computing, Quinnipiac offers flexible online and on-campus opportunities that deliver practical skills you can immediately apply on the job. Both its MS in Cybersecurity and MS in Computer Science programs feature hands-on experience in lab settings that simulate real-world scenarios. To learn more about these exciting opportunities, Visit Quinnipiac University

ISC2CT  

Cyber News

Microsoft isn't fixing 8-year-old zero day used for spying

An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.

theregister.com  

Attacks Launched from Cloud Platforms

The cloud continues to provide huge opportunities to organizations, offering flexibility, economy and processing power on demand. However, it can offer bad actors the exact same facilities and opportunities, presenting additional defensive challenges for cybersecurity teams.

isc2.org  

DOGE to Fired CISA Staff: Email Us Your Personal Data

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections

krebsonsecurity.com  

FBI warns of malicious free online document converters spreading malware

The FBI warns of a significant increase in scams involving free online document converter tools to infect users with malware.

securityaffairs.com  

The State of Secrets Sprawl 2025

State of Secrets Sprawl 2025 report, GitGuardian’s latest deep dive into the widespread exposure of sensitive credentials. This year’s findings show no improvement in the fight against secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024, marking a 25% year-over-year increase.

securityboulevard.com  

Hottest cybersecurity open-source tools of the month: March 2025

This article features open-source cybersecurity tools that are gaining attention for strengthening security across various environments.

helpnetsecurity.com  

Majority of ransomware claims involved compromise of perimeter security devices

A report by cyber insurance firm Coalition shows six of every 10 ransomware claims involved compromised VPN or firewall.

cybersecuritydive.com  

Microsoft's killing script used to avoid Microsoft Account in Windows 11

Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system.

bleepingcomputer.com  

Ransomware Groups Increasingly Adopting EDR Killer Tools

ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.

securityweek.com  

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Phishing Office files and CVE-2017-11882 exploits still active in 2025, exposing unpatched systems to malware.

thehackernews.com  

Actively Exploited ChatGPT Bug Puts Organizations at Risk

A server-side request forgery vulnerability in OpenAI's chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.

darkreading.com  

Critical Zero-Day Vulnerabilities Found in These VMware Products

A year after VMware ESXi servers faced ransomware attacks, new zero-day vulnerabilities are being exploited, posing risks to organizations worldwide.

techrepublic.com  

No spam, EVER. We'll never share your email address and you can opt out at any time. Newsletter is sent on the first of every month.