Welcome
Hello and Welcome!
Please join our new ISC2CT Discord Server
Upcoming events:
ISC2 Security Congress Las Vegas, NV + Virtual October 14-16, 2024
SANS HackFest Hollywood 2024 October 28-29, 2024 Live Online Summit Free
Upcoming Training:
Be sure to attend our meetings. Lots of good information there. Register for our October meeting on our site ISC2CT.org
Thank you to our Sponsors
Quinnipiac University is committed to helping advance the field of cybersecurity through its School of Computing & Engineering. To support the growth of professionals within cybersecurity and computing, Quinnipiac offers flexible online and on-campus opportunities that deliver practical skills you can immediately apply on the job. Both its MS in Cybersecurity and MS in Computer Science programs feature hands-on experience in lab settings that simulate real-world scenarios. To learn more about these exciting opportunities, visit Quinnipiac University
ISC2CT
Cyber News
NIST Drops Password Complexity, Mandatory Reset Rules
The latest draft version of NIST's password guidelines simplifies password management best practices and eliminates those that did not promote stronger security.
darkreading.com
New NIST program focuses on AI cybersecurity and privacy
The program seeks to adapt frameworks such as the NIST Cybersecurity Framework to address AI use.
scworld.com
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?
EPSS enhances vulnerability prioritization by predicting real-world threats, enabling businesses to address critical risks efficiently.
thehackernews.com
Microsoft Moves For New Security Platform
Microsoft plans to create a new security platform following millions of Windows PCs collisions due to the CrowdStrike update. TakeAway Points: Microsoft intends to enhance reliability following the CrowdStrike update issue by developing a new security platform that will run outside of kernel mode. The CrowdStrike update catastrophe, which impacted millions of people worldwide, sparked […]
techbullion.com
AI-Generated Malware Found in the Wild
HP has detected an email campaign comprising a standard malware payload delivered by an AI-generated dropper.
securityweek.com
How Cyber-Insurance Shifts Affect the Security Landscape
Ultimately, the goal of businesses and cyber insurers alike is to build more resilient IT environments to avoid cyberattacks and the ransom, downtime, and reputation hit that come along with them.
darkreading.com
Could APIs be the undoing of AI? - Help Net Security
The combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to combat security failings.
helpnetsecurity.com
MFA bypass becomes a critical security issue as ransomware tactics advance - Help Net Security
MFA bypass through session hijacking is now seen as the top emerging threat for organizations hit by ransomware in the past year.
helpnetsecurity.com
Critical CUPS Vulnerability Exposes Linux Systems to Remote Hijacking
It was recently discovered that CUPS contains a critical vulnerability that allows remote attackers
linuxsecurity.com
Third Recent Ivanti Vulnerability Exploited in the Wild
CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild.
securityweek.com
Hacking Kia: Remotely Hijack A Car Using Only Its License Plate
These days everything needs to be connected to remote servers via the internet, whether it’s one’s TV, fridge or even that new car you just bought. A recently discovered (and already pa…
hackaday.com
Israel army hacked the communication network of the Beirut Airport control tower
Israel allegedly hacked Beirut airport's control tower, warning an Iranian plane not to land, forcing it to return to Tehran.
securityaffairs.com