Issue 37 May 1st 2025

Welcome

Hello and Welcome!

Be sure to attend our monthly meetings. Lots of good information there. Register for our Thursday May 29th Virtual Meeting on our site ISC2CT.org

Also come Join our (ISC)2 Connecticut Chapter Discord Server

Upcoming Training:

NII Training (CDSP) Certified DevOps Security Practitioner | 3 Day Event (4 Hrs per day) 12 CPE Credits | May 7th-9th, 2025, 9:00 AM – 1:00 PM EDT DevOps Security" typically encompasses an overview of the integration of security practices within DevOps methodologies. It involves understanding how to seamlessly embed security into the DevOps pipeline, ensuring that security is not an afterthought but an integral part of the development process. This introductory session would likely cover fundamental concepts such as threat modeling, secure coding practices, vulnerability management, compliance automation, and the use of security tools and technologies in a DevOps environment. Fees: Regular Participant $249 ISACA/ISC2 Member $199 Returning Participant/Clients $159 Please verify time in the registration link ISC2CT is not responsible for time discrepancy More Information & Registration Link

AmpcusCyber (CNSS) Certified Network Security Specialist | 3 Day Event May 12th-15th 2025 16 CPE Credits This expert-led program will prepare professionals to enhance network infrastructures in securing against threats and incorporating sophisticated security features into modern IT environments. Students will learn thoroughly about network vulnerabilities, secure architectures, and proactive defense mechanisms. Fees: Regular Partcipants $130 Local ISC2 Chapter Memebers $100 Returning Particpants $80 Please verify time in the registration link ISC2CT is not responsible for time discrepancy More Information & Registration Link

Upcoming events:

SANS Emerging Threats Summit 2025 | Free Live Online Summit: Wednesday, May 14 | Summit CPEs: 6 For 25 years, the cybersecurity community has struggled with reacting to today's attacks while remaining underprepared for future threats. Despite our efforts against nation-state actors and crime syndicates, we remain one step behind. Agenda and Registration Link

SANS Ransomware Summit 2025 | Free Online Summit: May 30 Live Online CPE Credits: 6 Stay Ahead of Ransomware: Learn to Defend, Detect, and Recover Ransomware attacks are widespread because they are highly profitable and effective for cybercriminals. Many organizations are unprepared for such attacks, leading to serious financial and operational damage. The SANS Ransomware Summit brings together cybersecurity professionals to share insights on preventing, detecting, and recovering from ransomware. Agenda and Registration Link

Thank you to our Sponsors

Quinnipiac University is committed to helping advance the field of cybersecurity through its School of Computing & Engineering. To support the growth of professionals within cybersecurity and computing, Quinnipiac offers flexible online and on-campus opportunities that deliver practical skills you can immediately apply on the job. Both its MS in Cybersecurity and MS in Computer Science programs feature hands-on experience in lab settings that simulate real-world scenarios. To learn more about these exciting opportunities, Visit Quinnipiac University

...

Cyber News

How Breaches Start: Breaking Down 5 Real Vulns

Real-world exploits show how overlooked bugs, like SSRF and IDOR, can trigger massive data breaches.

Mobile security is a frontline risk. Are you ready?

The mobile threat landscape has shifted. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over

MITRE CVE Program Gets Last-Hour Funding Reprieve

The US government's cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.

Remote access tools most frequently targeted as ransomware entry points

Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.

The legal blind spot of shadow IT

Shadow IT isn’t just a security risk — it’s a legal one. When teams use unsanctioned tools, they can trigger compliance violations.

Digital Twins Bring Simulated Security to the Real World

The next time your company faces a cyberattack, it may be limited to a virtual world, if digital twins — a technology pairing simulation and real-world data — takes off.

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024.

New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT

Security researchers uncovered malware using steganography to hide malicious code in innocent-looking image files.

North Korean operatives have infiltrated hundreds of Fortune 500 companies

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s regime.

Max severity RCE flaw discovered in widely used Apache Parquet

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.

House bill seeks better tech to combat financial fraud scams against elderly

The legislation calls on federal law enforcement to help state, local and tribal agencies with blockchain and other investigative tools to fight pig butchering and other schemes.

Apple Patches Everything

Apple Patches Everything: Apple released updates across all its products: iOS, iPadOS, macOS, tvOS, visionOS, Safari, and XCode. WatchOS was interestingly missing from the patch lineup. This is a feature update for the operating systems, but we get patches for 145 different vulnerabilities in addition to new features. This update includes a patch for CVE-2025-24200 and CVE-2025-24201, two already exploited iOS vulnerabilities, for older iOS/iPadOS versions. Current versions received this patch a few weeks ago.