Welcome
Welcome Chapter Hello and Welcome!
We hope that your 2024 is starting off fantastic.
To help boost the GREATNESS, be sure to attend our meetings. Lots of good information there.
Also join our new discord server https://discord.gg/awtVpkkKnp
Be sure to register for our March 2024 meeting from our site. https://ISC2CT.org
ISC2CT
Cyber News
NIST Cybersecurity Framework 2.0 Officially Released
NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.
securityweek.com
Outsmarting Ransomware’s New Playbook
By ensuring that all sensitive data is effectively encrypted, organizations render any exfiltrated data useless to attackers.
securityweek.com
Surge in high-risk open-source vulnerabilities found in commercial codebases - SiliconANGLE
Surge in high-risk open-source vulnerabilities found in commercial codebases - SiliconANGLE
siliconangle.com
New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
Researchers have disclosed a new attack technique, "Silver SAML," targeting applications that use cloud identity providers such as Microsoft Entra ID.
thehackernews.com
President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations
President Biden signs Executive Order to prevent mass data transfers to 'countries of concern'. A bold move to protect Americans' genomic, biometric,
thehackernews.com
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
UEFIs booting Windows and Linux devices can be hacked by malicious logo images.
arstechnica.com
Chinese APT Developing Exploits to Defeat Patched Ivanti Users
Ivanti customers: soon, even if you've patched, you still might not be safe from relentless attacks from high-level Chinese threat actors.
darkreading.com
8,000+ Reputable Domains Hijacked in a Massive Spam Campaign
Guardio Labs is tracking the coordinated malicious activity, known as SubdoMailing, that has been ongoing since at least September 2022.
itsecuritywire.com
Secure Cloud Browser Enables a Safer Enterprise Workspace
Instead of trying to force users to embrace a new browser -- and thus expand the enterprise attack surface -- Menlo's add-on tools protect data and users with end-to-end visibility and dynamic policy enforcement directly inside browser sessions to block zero-hour phishing, malware, and ransomware attacks.
technewsworld.com
Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks
A tool intended for security, SSH-Snake, now aids attackers in exploiting networks. Discover the depths of its reach and how to safeguard your infrast
thehackernews.com
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.
bleepingcomputer.com