The CISO Times

16/02/2024

🚀 Elevate Your CISSP Prep Game! 🚀

Ditch the heavy books and step into the future of learning with our CISSP Monster Pack Practice Questions! 📚➡️💻

Why choose the CISSP Monster Pack?

🎯 Targeted Practice: Tailored questions that mirror the real CISSP exam environment.
🌍 Study Anywhere, Anytime: Access our tests on any device, making your prep truly mobile.
💡 Learn Smart: Understand the 'why' behind each answer, deepening your knowledge and retention.

Perfect for IT and cybersecurity professionals aiming for certification without the bulk and boredom of textbooks. 🛡️🔐

Join the ranks of certified professionals who've aced their exams with confidence! 💼🎉

Q&A with explanations on CISSP Domains: 1, 2 and 3 - Over 900 questions!

16/01/2024

https://cisotimes.com/ransomware-attacks-in-2023-a-startling-surge-and-the-ongoing-battle/

The Unprecedented Rise of Ransomware Incidents Cyberint, a forerunner in threat intelligence services, disclosed a staggering 55% increase in ransomware attacks compared to the previous year. This meteoric rise saw ransomware syndicates targeting 4356 entities, a significant jump from the 2034 victi...

16/01/2024

A recent investigation by cybersecurity experts at Bishop Fox has uncovered a significant vulnerability in SonicWall’s next-generation firewalls (NGFW). This alarming find reveals that over 178,000 of these advanced firewall devices are publicly exploitable due to critical security flaws.

Startling Discovery by Bishop Fox Researchers A recent investigation by cybersecurity experts at Bishop Fox has uncovered a significant vulnerability in SonicWall’s next-generation firewalls (NGFW). This alarming find reveals that over 178,000 of these advanced firewall devices are publicly exploi...

08/01/2024

🔒Are you aiming to conquer the CISSP exam?🔒

Don't just study to pass – prepare to excel in the field of information security with our comprehensive "CISSP Monster Pack".
🌟 Why Choose the CISSP Monster Pack? 🌟

In-depth Coverage: Explore extensive Q&As across all CISSP domains, ensuring a thorough understanding of each topic.
Beyond the Exam: The courses aren't just about passing the test, they are designed to infuse you with practical, real-world infosec knowledge.
Clarifying Explanations: Each question is accompanied by detailed answers, clarifying why choices are correct, and enriching your conceptual grasp.

💡 Transform into an Infosec Pro 💡
🚀 Start Your Journey Today! 🚀 Join the ranks of those who don't just pass but excel. Enroll in the "CISSP Monster Pack" and confidently step into the world of cybersecurity!
🔗 Enroll Now:

Q&A with explanations on CISSP Domains: 1, 2 and 3 - Over 900 questions!

20/12/2023

This is a list of pe*******on testing certifications, organized by beginner, intermediate and advanced levels, and a few certifications with more focused specializations.

https://cisotimes.com/best-cybersecurity-certifications-for-pe*******on-testing/

A master list of pe*******on testing certifications. From beginner, to intermediate to advanced level.

13/12/2023

The recent LockBit ransomware attack on the Industrial & Commercial Bank of China (ICBC) marks a significant escalation in cyber vulnerabilities within the global financial sector. This event not only highlights the potential weaknesses in the cybersecurity defenses of major financial institutions b...

06/12/2023

The recent security breach at Okta, a leading identity-management software company, has revealed more extensive damage than initially reported. This revelation comes after a detailed investigation into the September incident, which has caused significant concern among its vast user base and beyond.....

06/12/2023

In the ever-evolving world of cyber security, Denial-of-Service (DoS) attacks have emerged as a formidable threat to organizations across the globe. The European Union Agency for Cybersecurity (ENISA) recently released a comprehensive report titled “ENISA Threat Landscape for DoS Attacks.” This ...

06/12/2023

A significant threat has emerged from an activity group known as Forest Blizzard (STRONTIUM), originating from Russia. This group has been actively exploiting a critical vulnerability, CVE-2023-23397, in Microsoft Exchange servers to gain unauthorized access to email accounts. The collaboration betw...

26/11/2023

Tools don’t make a good engineer, but a good engineer can become great with the right tools.

Tools don’t make a good engineer, but a good engineer can become great with the right tools. Companies usually don’t have the budget to establish and run a security operation center, either due to the cost of the experienced personnel required to run it, or/and the right tools required to assist...

24/11/2023

In an era where digital security is paramount, the Australian government has taken a proactive approach to fortify its IT infrastructure against state-sponsored cyber-attacks.

https://cisotimes.com/australias-proactive-stance-against-state-sponsored-cyber-threats/

In an era where digital security is paramount, the Australian government has taken a proactive approach to fortify its IT infrastructure against state-sponsored cyber-attacks. This initiative, led by the Australian Signals Directorate (ASD), includes comprehensive cyber security threat hunts across....

24/11/2023

Two recent incidents at Sabre Insurance and Fidelity National Finance (FNF) have cast a spotlight on a particularly insidious form of these threats: ransomware attacks.

https://cisotimes.com/breaking-major-firms-hit-by-alarming-ransomware-blitz/

In an era where digital data is as valuable as physical assets, the specter of cyber threats looms large. Two recent incidents at Sabre Insurance and Fidelity National Finance (FNF) have cast a spotlight on a particularly insidious form of these threats: ransomware attacks. Sabre Insurance’s Ranso...

24/11/2023

Law enforcement agencies in North America have recently raised alarms over a new and dangerous player: the Scattered Spider group.

Known for its English-speaking operatives and aggressive tactics, this cybercrime syndicate has drawn attention for its disturbing propensity to threaten violence against its victims.

This article delves deep into the sinister operations of Scattered Spider, shedding light on their methods, alliances, and the increasing threat they pose to corporate security.

In the ever-evolving world of cybercrime, law enforcement agencies in North America have recently raised alarms over a new and dangerous player: the Scattered Spider group. Known for its English-speaking operatives and aggressive tactics, this cybercrime syndicate has drawn attention for its disturb...

11/11/2023

https://cisotimes.com/new-digital-risk-protection-report-from-brandshield-reveals-companies-lose-2-1m-on-average-to-each-online-attack/

(New York, NY) – BrandShield, a leader in global digital risk protection, today announced its Digital Risk Protection Report. In a survey of 200 Chief Information Security Officers (CISOs), BrandShield sought to understand how security leaders are approaching digital risk protection by inquiring...

11/11/2023

https://cisotimes.com/over-69-million-individuals-affected-from-moveit-cyberattack-in-the-state-of-maine/

The State of Maine has become the latest victim to reveal the significant impact of a cyberattack targeting a zero-day vulnerability in Progress Software’s MOVEit file transfer tool earlier this year. The exploit, identified as a critical unauthenticated SQL injection issue, allowed a notorious ra...

11/11/2023

https://cisotimes.com/chess-com-faces-data-breach-over-800000-user-records-leaked/

A threat actor known as ‘DrOne’ has claimed responsibility for leaking a scraped database from Chess.com, a popular online platform for chess enthusiasts, exposing the personal data of over 800,000 registered users. The leaked records, disclosed on Breach Forums, include full names, usernames, p...

11/11/2023

https://cisotimes.com/ransomware-attack-on-chinas-biggest-bank-disrupts-treasury-market-trades/

Wall Street is grappling with the repercussions of a ransomware attack on China’s Industrial and Commercial Bank of China (ICBC), the nation’s largest bank. The attack, which targeted ICBC’s New York unit, disrupted trading in the $25 trillion market for US Treasuries, revealing vulnerabilitie...

10/11/2023

https://cisotimes.com/north-korea-linked-lazarus-group-deploys-new-malware-targeting-blockchain-engineers/

The North Korea-linked Lazarus APT group has been observed employing a novel weapon in their arsenal – the KandyKorn macOS malware. This insidious tool has been used in a series of targeted attacks against blockchain engineers, revealing a growing concern for the security of cryptocurrency professionals.

The North Korea-linked Lazarus APT group has been observed employing a novel weapon in their arsenal – the KandyKorn macOS malware. This insidious tool has been used in a series of targeted attacks against blockchain engineers, revealing a growing concern for the security of cryptocurrency profess...

09/11/2023

https://cisotimes.com/marina-bay-sands-casino-resort-confirms-data-security-breach/
Singapore’s Marina Bay Sands, a renowned casino resort, has unfortunately fallen victim to a data security breach, impacting an estimated 665,000 non-casino rewards program members.

Singapore’s Marina Bay Sands, a renowned casino resort, has unfortunately fallen victim to a data security breach, impacting an estimated 665,000 non-casino rewards program members. This incident, which occurred on October 19-20, 2023, involved unauthorized third-party access to certain customer l...

09/11/2023

https://cisotimes.com/confluence-vulnerabilities-under-active-ransomware-exploitation/

The findings from Rapid7’s recent study regarding the targeting of vulnerabilities in Atlassian Confluence Servers by multiple ransomware groups are concerning. It highlights the evolving tactics used by cybercriminals to exploit weaknesses in widely-used software.

The findings from Rapid7’s recent study regarding the targeting of vulnerabilities in Atlassian Confluence Servers by multiple ransomware groups are concerning. It highlights the evolving tactics used by cybercriminals to exploit weaknesses in widely-used software. Particularly alarming is the act...

31/10/2023

Over the past two years, the typical organization’s cybersecurity program was only able to proactively defend against 57% of the cyberattacks it encountered.

This leaves a substantial 43% of attacks that successfully breach their defenses, necessitating post-attack remediation efforts.

https://cisotimes.com/study-reveals-people-process-and-technology-challenges-limit-organizations-ability-to-prevent-attacks/

Tenable, the Exposure Management company, recently unveiled a comprehensive study that unveils the obstacles faced by cybersecurity and IT leaders as they strive to safeguard their organizations’ growing attack surfaces. This report, titled “Old Habits Die Hard: How People, Process, and Technolo...

29/10/2023

Ukrainian hackers, operating under the banner of the IT Army, made headlines by temporarily disabling internet services in parts of the country’s territories that have been occupied by Russia. This distributed denial-of-service (DDoS) attack targeted three Russian internet providers, specifically Miranda-media, Krimtelekom, and MirTelekom, which were operating in these occupied territories.

https://cisotimes.com/ukrainian-hackers-disrupt-russian-internet-services/

Ukrainian hackers, known as the IT Army, executed a significant DDoS attack, disrupting Russian internet services in occupied territories. This article explores the attack's impact, recovery efforts, and the broader implications.

29/10/2023

Why NIST included “Governance” in its CSF 2.0

https://cisotimes.com/why-nist-included-governance-in-its-csf-2-0/

The National Institute of Standards and Technology (NIST) has been at the forefront of promoting cybersecurity best practices and standards. One of its most notable contributions is the Cybersecurity Framework, which provides organizations with a structured approach to managing and mitigating cybers...

27/10/2023

New questions added on the CISSP Monster 😈 Pack - Part 2

Much easier than studying the official guide.

Dive directly to CISSP questions with explanations so you understand why the correct answer is actually the correct one.

Get It NOW 👉 https://bit.ly/48aHkF0

Q&A with explanations on CISSP Domains: 4, 5 and 6 - Over 700 questions!

24/10/2023

🔐 Hello there InfoSec Pros! 🔐

Looking to test your CISSP knowledge? We've got you covered! 🚀

Visit The CISO Times for our FREE CISSP Quiz, designed for information security enthusiasts like you! 🤓

👉 Test your expertise.
👉 Challenge your skills.
👉 Elevate your knowledge.

🔗 Get started now: https://cisotimes.com/quizzes/cissp-quiz/

Stay sharp, stay secure, and let's ace that CISSP together! 💪💻

CISSP Quiz

22/10/2023

In the realm of text editors, TinyMCE has long been a popular choice, and on October 19, 2023, Tiny Technologies unveiled a significant update, version 5.10.8, with a primary focus on enhancing security.

This latest release brings a host of essential security patches to ensure the protection of user data and the integrity of the editor.

https://cisotimes.com/vulnerability-in-tinymce-text-editor-can-allow-attacker-execute-xss-payloads/

In the realm of text editors, TinyMCE has long been a popular choice, and on October 19, 2023, Tiny Technologies unveiled a significant update, version 5.10.8, with a primary focus on enhancing security. This latest release brings a host of essential security patches to ensure the protection of user...

21/10/2023

The BlackCat ransomware operators have proven to be a formidable adversary, consistently adapting and innovating their malicious activities.

Their relentless evolution in the realm of ransomware has made it increasingly challenging for cybersecurity experts to mitigate their threats effectively.

https://cisotimes.com/munchkin-blackcat-ransomwares-latest-tool

The BlackCat ransomware operators have proven to be a formidable adversary, consistently adapting and innovating their malicious activities. Their relentless evolution in the realm of ransomware has made it increasingly challenging for cybersecurity experts to mitigate their threats effectively. Unv...

20/10/2023

There is a tendency to use the terms Cybersecurity (CS) and Information Security (IS) interchangeably. Even though the underlying principle is similar, there are differences between them that should be clear and understood.

Cybersecurity and Information Security are not the same thing, even though the terms have been used interchangeably. Which are the key differences?

20/10/2023

https://cisotimes.com/the-evolution-of-pentest-frameworks-from-past-to-present/

Introduction The importance of pe*******on testing in cybersecurity Pe*******on testing plays a crucial role in cybersecurity for several reasons: A brief overview of pentest frameworks and their role in assessing vulnerabilities Pentest frameworks serve as a foundation for conducting systematic and...