Welcome
Welcome
Hello and Welcome!
Please join our new ISC2CT Discord Server
Upcoming events:
SANS Leveraging AI in Cybersecurity September 9th, 2024 Free Live Online | Select Content
Security Week Attack Surface Management Summit September 18, 2024 | Virtual Event & Free
Upcoming Training:
Be sure to attend our meetings. Lots of good information there. Register for our September 2024 meeting on our site ISC2CT.org
Thank you to our Sponsors
Quinnipiac University is committed to helping advance the field of cybersecurity through its School of Computing & Engineering. To support the growth of professionals within cybersecurity and computing, Quinnipiac offers flexible online and on-campus opportunities that deliver practical skills you can immediately apply on the job. Both its MS in Cybersecurity and MS in Computer Science programs feature hands-on experience in lab settings that simulate real-world scenarios. To learn more about these exciting opportunities, visit Quinnipiac University
ISC2CT
Cyber News
Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data
A server-side request forgery (SSRF) bug in Microsoft's tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.
darkreading.com
NIST releases finalized post-quantum encryption standards - Help Net Security
NIST has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer.
helpnetsecurity.com
When it comes to online scams, 'ChatGPT is the new crypto'
Researchers at Meta have seen a rise in ChatGPT-themed attacks, the company said in an overview of cybersecurity issues on its platforms.
cyberscoop.com
Hackers Calling Employees to Steal VPN Credentials from US Firms
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread
hackread.com
Zero trust: How the ‘Jia Tan’ hack complicated open-source software
The volunteers that maintain open-source software have always been knocked around by the tech community. The Jia Tan hack made it all so much worse.
cyberscoop.com
Hundreds of LLM Servers Expose Corporate, Health & Other Online Data
LLM automation tools and vector databases can be rife with sensitive data — and vulnerable to pilfering.
darkreading.com
Bypassing airport security via SQL injection
We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
ian.sh
Unconfirmed Hack of 2.9 Billion Records at National Public Data Sparks Media Frenzy Amid Lawsuits
National Public Data (NPD) is at the center of controversy with allegations of a massive data breach involving 2.9 billion records. Despite media coverage and a class action lawsuit, verifiable proof remains scarce
securityweek.com
Downgrade Attacks Using Windows Updates | SafeBreach
Downgrade attacks: researchers took over the Windows Update process to make the term “fully patched” meaningless on any Windows machine.
safebreach.com
Mac and Windows users infected by software updates delivered over hacked ISP
DNS poisoning attack worked even when targets used DNS from Google and Cloudflare.
arstechnica.com