Issue 2  

Welcome

Welcome to the Newsletter

Submissions welcome.

ISC2CT Newsletter Committee  

Member News

Welcome New Members

Hello and Welcome to all new members and those returning.

As we continue to increase membership and provide content, we like to encourage and keep open the opportunity for members to contribute. Please reach out to us if interested.

ISC2CT Welcome Committee  

Member Meeting - March 3 2022

Wow! Great job Jason.

Many Thanks for the great presentation. Thank you for those in attendance and the discussions that were had.

Here is the link to Jason's podcast:
https://vancordcybersound.buzzsprout.com/

Thank you and we look forward to seeing everyone at the next meeting.

ISC2CT Newsletter Committee  

End of March Meeting w. Jake Hildreth

Many thanks for a terrific presentation on PKI. It was very informative and nicely presented. Thank you. ISC2CT

ISC2CT  

Volunteer with ISC2.

Help prepare the next generation of information security professionals! Volunteer to help create new and updating existing exams. Interested? Send an email to examdevelopment@isc2.org with "Item Writer Volunteer" in the subj line and include your (ISC)² Member ID.

ISC2CT Newsletter Committee  

Training | ISC2 Southern Connecticut Chapter

ISC2CT Training: Network Intelligence brings together its consolidated expertise into a 3-day training on Certified Professional Forensic Analyst (CPFA) in the month of April 2022. The entire workshop is driven by exercises and case studies to ensure that all aspects have a real-life scenario-based approach explaining from start to end of digital forensics investigation, incident detection and response.

Registration Form: https://forms.office.com/r/cwbrzsXcZm

isc2ct.org  

GitTech (Use Caution)

GitHub calls for contributions to new cybersecurity Advisory Database | ZDNet

GitHub announced on Tuesday that their Advisory Database for security data is now open to contributions from experts.

zdnet.com  

Cyber News

Log4j postmortem: Developers are taking a hard look at software supply-chain security gaps | TechRepublic

Developers are exploring new tools and methodologies to ensure the next log4j doesn’t happen. Will it work?

techrepublic.com  

Dirty Pipe Privilege Escalation Vulnerability in Linux | CISA

CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (CVE-2022-0847). A local attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later.

cisa.gov  

Log4shell in google $1337.00. Looking through the google cloud…

Log4shell flaws continue to exist.

medium.com  

Russia May Use Ransomware Payouts to Avoid Sanctions | Threatpost

FinCEN warns financial institutions to be ware of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.

threatpost.com  

Nmap Firewall Evasion Techniques | LinuxSecurity.com

Nmap Firewall Evasion Techniques - A firewall penetration test's success is determined by a number of factors. Making sure firewall pol

linuxsecurity.com  

No spam, EVER. We'll never share your email address and you can opt out at any time. Newsletter is sent on the first of every month.