Companies target sextortion victims, Google Play malware is hawked on dark marketplaces and zero-click spyware infects iPhones. Here are the latest threats and advisories for the week of April 14, 2023.   By John Weiler  Threat Advisories and Alerts  Predatory Companies Target Sextortion Victims   The U.S. Federal Bureau of Investigation (FBI) has issued a warning that for-profit companies are exploiting sextortion victims, charging them exorbitant fees for their services. The companies coerce victims into buying goods and services using threats, false claims and ..read more

Apple plugs security holes for Easter as cops bring Genesis to an end. The UK fines TikTok over underage data use. DDoS attacks surge and cybersecurity professionals keep quiet over breaches.  By Joe Fay  Apple Rolls Out Fixes for Zero Day Bugs Over Easter Weekend  Apple rushed out patches for its iOS, iPadOS and macOS operating systems on Good Friday after it emerged that the bugs they addressed had already been exploited. CVE-2023-28205 affects WebKit and could allow “arbitrary code execution” after a user processed “maliciously crafted web content” Apple warned, while CVE-202 ..read more

By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd.  We kicked off the Identity and Access Management Processes from the Top-Level Management approach. The Identity and Access Management Security Steering Committee is a group of C-Suites leaders, also referred to as the respective Data and Asset Owners from the various Business Units of my organization. The group met and established the governing policy around the Identity and Access Management Processes. The governance covers the Mandatory Access Control Policy and Trust Policy of the ..read more

Tomorrow, April 11 is Identity Management Day. This day serves as an annual reminder to increase awareness and education for leaders, IT decision-makers and the general public on the importance of identity management.   The dangers of improper management of digital identities are at an all-time high. We spoke with our blog volunteers to get their insights into what best practices their companies are following, along with how you can get on a path to better identity management.   Why is identity management and security important in 2023?  “In the current digital landscape, i ..read more

Forget SMS 2FA authentication – Twitter and others are making it less attractive by either charging for it or phasing it out altogether. But there’s a better alternative if only tech companies were willing to invest.  By John E. Dunn   Mention Twitter and two factor authentication (2FA) in the same breath right now and security watchers will immediately think about a puzzling announcement the company made less than two months ago. The gist was that anyone using or adding SMS 2FA to their account would have to buy a subscription to Twitter Blue for $8 per month to continue t ..read more

With more than 14,000 new Certified in Cybersecurity members joining (ISC)² last year and an additional 180,000+ Candidates gearing up to earn their first certification, (ISC)² will be supporting these cyber newcomers every step of the way.   Recently, the Center for Cyber Safety and Education held its first Birds of a Feather: Newbies in Cyber webinar to promote an open dialogue and space for those leaning toward a career in cybersecurity, career changers and anyone interested in joining the field with questions. Within this conversation, we heard many of the questions and concerns that ..read more

UK government potentially skimps on senior cyber role salary as the NCSC calls for more investment in people, Microsoft talks up the potential for ChatGPT and the US moves to ban spyware.  By Joe Fay  U.K. Treasury Tries to Drive Down Inflation with Paltry Cybersecurity Salary  The U.K.’s Treasury department is looking for an “experienced” Head of Cyber Security willing to work for £55,500. The successful candidate will be “working at the heart of Government in a time of momentous change and offering a level of exposure and challenge that is hard to find anywhere else”. Amongst ..read more

We all learn differently. And we all have different schedules and needs when it comes to certification training. In the past, finding the time to train has been limiting for some. Enter adaptive online training, a new and innovative way to prep for certification that uses artificial intelligence (AI) to tailor the learning journey to each individual’s needs. It provides a non-linear, personalized learning experience that works well for busy professionals who want to upskill without having to rely on traditional linear learning models, which can be restrictive about time and pace. How it works ..read more

In the latest of several recent announcements, the U.S. body responsible for cybersecurity is making a clear shift towards pre-emptive over reactionary reporting, alerting and advice for organizations.  By John E. Dunn  A defining characteristic of ransomware attacks is the element of surprise. By the time the victim receives the ransom note, it is usually already too late to contain an incident. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced a new pilot project, the Pre-Ransomware Notification Initiative, which it hopes will be able to notify mor ..read more

By John Weiler  Microsoft patches the “aCropalypse” vulnerability, ChatGPT leaks users’ billing information and the Latitude Financial breach expands to 14 million records. Here are the latest threats and advisories for the week of March 31, 2023. Threat Advisories and Alerts  FBI Alerts U.S. Companies of Email Scam Targeting Commercial Goods  The U.S. Federal Bureau of Investigation (FBI) has warned companies of a new type of business email compromise (BEC) fraud. Threat actors are impersonating known and reputable U.S.-based companies by spoofing email domains and display nam ..read more