Welcome
Hello and Welcome!
We hope that your Summer is going fantastic!
Our chapter has been asked to participate with other ISC2 chapters in planning, and running a large scale security conference at a large venue, such as Mohegan Sun. This would be a new security conference, and if successful, would likely be an annual event. We would like to get your opinions on some questions we have. Your answers will help shape the event and our participation in it. ==> Please Complete this Short Survey <==Thank you
Also join our new ISC2CT Discord Server
Upcoming events:
Cloud Security Summit | July 17, 2024 Virtual Free to Attend
Automotive API Security Conference July 25, 2024 Virtual Free to Attend No Sponsors No Agendas
Zero Trust Meet & Expo Stamford August 26 – 27, 2024 | Stamford, CT
Upcoming Training:
ISO 42001-AI Management System Lead Auditor by Exemplar Global, USA + 21 hours of CPE Credits July 22 – 24, 2024 ISC2 members discount of 20%
Be sure to attend our meetings. Lots of good information there. Register for our July 2024 meeting on our site ISC2CT.org
Thank you to our Sponsors
ISC2CT
Cyber News
1 out of 3 breaches go undetected - Help Net Security
Organizations continue to struggle in detecting breaches as they become more targeted and sophisticated, according to Gigamon.
helpnetsecurity.com
Multifactor Authentication Is Not Enough to Protect Cloud Data
Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication.
darkreading.com
Still use Kaspersky antivirus? The US is banning it, so prepare to switch
The US government has decided to bar sales and updates of Kaspersky's antivirus software. If you're a user, you need to switch.
pcworld.com
Using LLMs to Exploit Vulnerabilities - Schneier on Security
Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.”The LLMs aren’t finding new vulnerabilities. They’re exploiting zero-days—which means they are not trained on them—in new ways. So think about this sort of thing combined with another AI that finds new vulnerabilities in code. These kinds of developments are important to follow, as they are part of the puzzle of a fully autonomous AI cyberattack agent
schneier.com
The Software Licensing Disease Infecting Our Nation's Cybersecurity
Forcing Microsoft to compete fairly is the most important next step in building a better defense against foreign actors.
darkreading.com
Only 19% of MITRE ATT&CK tactics are covered by SIEMs
CardinalOps has released its State of SIEM Detection Risk report. The report, which analyzed 3,000 detection rules and 1.2 million log sources, found that SIEMs only cover 19% of MITRE ATT&CK tactics. This accounts for 38 out of the 201 techniques in the MITRE ATT&CK v14 framework. Yet, the report also found that organizations have the ability to cover 87% of the techniques.
securitymagazine.com
New MOVEit critical bug sees swift exploitation attempts
The PoC exploit for the authentication bypass vulnerability is available; patch immediately.
scmagazine.com
CDK Attack Shows Value of SaaS Contingency Planning
Operations at 15,000 automotive dealers remain impacted as CDK works on restoring its cloud offerings after an apparent ransomware attack last week.
darkreading.com
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack
Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites.
thehackernews.com
Space: The Final Frontier for Cyberattacks
A failure to imagine — and prepare for — threats to outer-space related assets could be a huge mistake at a time when nation-states and private companies are rushing to deploy devices in a frantic new space race.
darkreading.com