Nominate the Most Influential People in Security
Nominate a security leader to be named one of Security magazine’s 2022 Most influential People in Security!
Top 5 physical security threats of 2022
The top five physical security threats in 2022 are workplace violence, crime/theft, natural disasters, biosecurity and remote work. How can enterprise security protect employees from the ever-growing complexity of physical security threats?
ISC StormCast for Thursday, March 17th, 2022
Qakbot Infection With Cobalt Strike and VNC Activity
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
https://asec.ahnlab.com/en/32572/
dompdf 0 day
https://positive.security/blog/dompdf-rce
OpenSSL DoS Vulnerability
https://www.openssl.org/news/secadv/20220315.txt
SEC proposes cybersecurity risk management, incident disclosure rules for enterprises
The Securities and Exchange Commission (SEC) has proposed changes to standardize public companies’ disclosures regarding cybersecurity risk management, strategy, governance and incident reporting.
CISA hosts Cyber Storm exercise with 200+ organizations
CISA’s Cyber Storm exercise simulates a significant cybersecurity incident impacting critical infrastructure to improve risk management, incident response planning, information sharing and cyber response activities.
Four security protocols to protect the new normal, a hybrid steady state
There are four security protocols to consider when reviewing an enterprise’s public cloud risk profile.
ISC StormCast for Wednesday, March 16th, 2022
Clean Binaries with Suspicious Behaviour
https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/
Misconfigured Multi-Factor Authentication Abused
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
German Office of Information Security Warns Kaspersky Users
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
Caddy Wiper Targeting Ukraine
https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/
Fake Antivirus Targeting Ukraine
https://twitter.com/malwrhunterteam/status/1502302718140035080
B1txor20 DNS Tunnel Backdoor
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
Avoid costly cybersecurity turnovers during March Madness
Don’t get too caught up in the excitement of March Madness. Cybercriminals will use social engineering, phishing, malware, ransomware and other cybersecurity strategies to wreak havoc. Boost security defenses now.
Protecting the enterprise from lateral movement attacks
Let’s look at lateral movement further and explore why it is important and how to minimize the impact of adversaries moving around your environment.
