The LastPass breach shows why it's so important to use long complex passwords, especially a master pw. The time to brute force a long pw is significantly more. A complex 8 character pw can be cracked in 1 day whereas 14 characters is up to 200M years.
#cybersecurity
#cyberattack
Check out Cyber Outlook's Cybersecurity Community on Discord to share resources, answer questions, discuss news and trends. It's a great place to learn and collaborate on all things InfoSec. Open to all!😊
#cybersecurity
#security
#tech
#infosec
A good CISO should be willing and able to effectively hold a seat on the board. And everyone should get ready because the SEC, among other regulators, will be forcing the hand soon.
#cybersecurity
#infosec
#ciso
There are many great organizations serving the Cybersecurity community by offering free Webinars and Virtual Conferences that anyone can attend, and you should! Check out the latest top sources that we attend:
The demand has only continued to rise, so this is a separate issue with the economy that many industries are facing, which has led to layoffs or hiring freezes. Cybersecurity still has a lot of opportunities compared to most industries.
#Cybersecurity
, a notoriously shorthanded field, is expected to face a decrease in hiring for the first time since 2020, creating a record high IT security employment gap, according to a new ICS2 study.
#infosec
#ITsecurity
Healthcare orgs should be on high alert - the U.S. gov and authorities are warning the healthcare sector of a surge in DDoS attacks against hospitals and medical entities instigated by the Russian backed hacking group KillNet.
#cyberattack
#infosec
Read the latest Cyber Outlook Rundown:
A Cybersecurity briefing on recent noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news. We highlight useful resources to help people improve Information Security.
#cybersecurity
#infosec
#cyberattack
Have you created a formal policy for each security control within your InfoSec Program? Most orgs need to improve their process for creating and updating policies. Read more to improve your cybersecurity policies.
#cybersecurity
#security
#tech
CSA’s
#EnterpriseArchitecture
enables security professionals to leverage a common set of controls. Learn more about the Business Operation Support Services domain, which contains the corporate support functions that are critical to any security program →
Penetration Testing is important for hardening your network and systems. Best practices require tests be conducted at least once per year and whenever there is a major change. So it is extremely important to fully understand.
#cybersecurity
#pentesting
Dark Web Monitoring is very important for both personal and business use. This is a big trend this year because it provides a lot more visibility into potential threats or possible breaches and it's very cost effective.
#cybersecurity
#infosec
#darkweb
Kicking off Cyber Outlook's FREE Cybersecurity Discord Server to share info, ask questions, discuss news and just collaborate on all things Cybersecurity. Open to all, so get involved!
The TSA issued a security directive to all U.S. airports warning them about the need for more stringent cybersecurity protections after last week’s discovery that a copy of the federal “no-fly” list was leaked due to very poor security controls.
#infosec
With Black Friday and Cyber Monday around the corner, a lot of Cybersecurity training sites are offering great discounts. No better time to decide on the next cert you'd like to earn in 2023 and take advantage of these training deals, so keep an eye out...
#learn
#cybersecurity
Social engineering attacks will continue to get more convincing and sophisticated... Good for the person reporting this. Schools and businesses need to keep up with training for new attack trends.
#cybersecurity
#Security
#awareness
Posing as a professor, a hacker lured a U.S. academic into a Zoom call, hoping to snatch passwords and create havoc. Instead, he ended up caught on tape in a botched attempt
#CyberSecurity
#Iran
#US
#professor
#Zoom
#video
Review the top security patches from the latest Patch Tuesday release, one of which has been actively exploited as part of ransomware attacks in the wild.
#cybersecurity
#infosec
#patches
Read the latest Cyber Outlook Rundown:
A Cybersecurity briefing on recent noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news. We also highlight new useful tips and resources to help improve Information Security.
#cybersecurity
#infosec
This is a good brief overview of Cybersecurity management, specifically CISO responsibilities, from the eccouncil. Every organization should have a CISO or similar role at this point. Most regulations are now requiring it.
#cybersecurity
#Security
#tech
This is absolutely something that should be monitored this year by cybersecurity professionals. There is no doubt that AI is playing a significant role for both hackers and security practitioners moving forward.
That's a scary statistic. All organizations need to focus on creating and improving Incident Response Plans as cyber attacks continue to rise.
#cybersecurity
#infosec
#cyberattack
Only 16% of public safety orgs have a mitigation strategy to respond to cyberattacks, according to the 2018 SAFECOM Nationwide Survey. The NECP provides recommendations and best practices to assist in strengthening your orgs cybersecurity posture:
Kali Linux celebrates their 10th Anniversary with the first 2023 release. This version introduces Kali Purple, with a focus on defensive security, designed for learning, practicing SOC analysis, threat hunting and security control design/testing.
Most
#cybersecurity
frameworks and regulations require organizations to conduct a risk assessment at least once per year. The output, being a risk register, should be used to create a roadmap and updated throughout the year as goals and priorities change.
It's the last week of Cybersecurity Awareness Month. Have you learned anything new or done anything different to improve your cybersecurity?? Try to pick a short goal to complete by the end of the month so we can all get better!
#cybersecurity
#security
#tech
#securityawareness
What a terrible way to approach this...
I thought the mission was to reduce scams and bots
@elonmusk
. Maybe they should lock the account and force them to setup MFA with an authenticator app, which is the best option anyway.
#cybersecurity
#infosec
Check out these great Cybersecurity Podcasts to get your daily dose of security news and trends. There are interesting interviews and engaging discussions on security topics and debates you can listen to.
#Cybersecurity
#Tech
#Security
#Podcasts
Check out this high-level guide covering some important steps to creating a cybersecurity program for your business. Start with adopting a framework, inventorying all systems and data, and then creating a risk register.
#cybersecurity
#security
#tech
This in-depth
#cybersecurity
planning guide provides information and advice to help organizations develop a successful strategy to protect their
#IT
systems from attacks.
Misconfigurations have been in the top 10 of every security incident list this year proving IT teams lack reliable Change Mgmt, QA and Auditing processes. These seem to get pushed aside when teams are overwhelmed or understaffed and need serious attention.
#cybersecurity
#cloud
We are kicking off our Daily Security Control (DSC) initiative to help people understand cybersecurity controls. Today we cover CIS 1.1, Manage and Maintain an Asset Inventory. An important foundation of Cybersecurity.
#cybersecurity
#securitycontrols
Media attention is causing confusion with orgs believing ALL Zero-Days are Critical and must be treated with the highest urgency. A Zero-Day is just a new vulnerability without a patch yet and the severity still depends on the exposure, impact, risk, etc.
#cybersecurity
#tech
@esther_hamzat
Very true. I always recommend picking a beginner certification right away, like Security+ or Certified in Cybersecurity from ISC2 bc this gives you a specific goal, helps you focus on what to learn and will give you credibility for your first job.
Last week, bad actors launched a widespread ransomware attack on VMware ESXi hosts via CVE-2021-21974, an old vulnerability that allows them to run a remote exploit, without prior authentication. Over 3200 servers hit.
#cybersecurity
#vmware
#cyberattack
Google announced their OSV-Scanner, that offers easy access to vulnerability info for various projects, currently supporting 16 ecosystems, including all major languages, Linux distributions, Android, and OSS-Fuzz.
#cybersecurity
#vulnerabilitymanagement
Patching is important but not enough. Vulnerability Scanning is critical for all businesses to ensure their devices and applications don't have any known security bugs. Check out this post on Vulnerability Scanning Solutions.
#cybersecurity
Now that it's September, budget conversations for 2023 are in full force and businesses need to account for increased security needs as technologies expand to the cloud. Take a look at this article on budget analysis.
#cybersecurity
@DThompsonDev
Here's some good articles with excellent resources for cybersecurity beginners or professionals looking to grow their career.
YouTube Channels
Certs
Podcasts
Books
Hope they help 😊
Until there are better security controls available, this needs to be managed and monitored carefully. That said, trying to forcefully slow down tech development is not good, so maybe this is better controlled by how it's released to the general public...
#AI
#cybersecurity
#tech
Check out this handy list of resources SANS provides. We constantly reference their whitepapers and other resources. Very useful and free!
#CyberSecurity
#infosec
Another example of a Cyber Breach, this one affecting 100,000 students, due to a Cloud network misconfiguration... This is why strict change management, audits and assessments are so important!
#cybersecurity
#securityassessment
#Pentesting
Happy labor day to everyone in the workforce. "Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love that you do." -Steve Jobs
#cybersecurity
#cybercareer
The CIS Benchmarks are extremely helpful and every organization should take advantage of them. Today
@CISecurity
has released two new free benchmarks for AWS!
AWS Foundations Benchmark v1.5.0 and Bottlerocket Benchmark v1.0.0
Learn more:
#cybersecurity
@dachicody
You don't need to be proficient in any scripting or coding unless you're focusing on app security. But having a technical background absolutely helps. Cybersecurity has several different areas of expertise and roles within it and many great opportunities!
Due to the availability of malware such as Emotet, deploying backdoors on victims' networks is becoming easier and more lucrative for cybercriminals, leading to it taking the top of the list for cyber attackers.
#cybersecurity
#infosec
Based on 10 years of data, Coalition predicts a 13% increase in monthly vulnerabilities this year, approximately 1,900 CVEs including 270 high-severity and 155 critical-severity. Automation is critically important to manage this.
#cybersecurity
#infosec
Cyber insurance is critical for businesses but premiums have risen significantly the past few years which is concerning. Orgs need to determine their needs and budget vs risk tolerance. You should be aware of changes like this and exercise due diligence at renewal.
#cybersecurity
CISA is tightening the requirements around Cyber Incident Response. Many agencies have enforced similar requirements including the TSA and FDIC. The SEC has also recently proposed this. This will continue to be a trend...
#cybersecurity
#security
#tech
Check out this interesting report analyzing the growing Command & Control framework, Sliver. It details how the framework works, how to reproduce its use, how threat actors leverage it and implementing detection and prevention mechanisms.
#Cybersecurity
Make sure users in your organization are aware of this tactic. Although it's not a new idea, it's more sophisticated, targeted and convincing. When a threat is made of a charge or debt, unless you call back, that fear compels users to respond.
#cybersecurity
#securityawareness
Anyone planning to attend any of the final Cyber Security Summit events for 2022? (Boston, NY, Houston) We are virtually attending NY!😁
#cybersecurity
#securityawareness
#tech
As we wrap up 2022, it's important to look back at the most prevalent cyber threats and learn from the breaches that occurred. Check out the Verizon Data Breach Report which has a lot of useful info and stats, broken down by industry.
#cybersecurity
Check out this excellent training video from TCM Security on Ethical Hacking. The video is 15 hours long and was just released about a month ago, so it contains a lot of good up-to-date material.
#cybersecurity
#ethicalhacking
#pentesting
This is an interesting ransomware tactic to be aware of... Rather than specifying an amount, they negotiate with victims, and they request cyber insurance details so that their demands can be adjusted to fall within the policy.
#cybersecurity
#infosec
Many people don't realize how widespread and readily available compromised data is. The dark web isn't just a scare tactic, it's real and anyone can get access in minutes. These metrics are a little peak behind the glass.
#cybersecurity
#security
Lack of proper Cloud security controls and misconfigurations are in the top 5 causes of data breaches... This needs to be a focus for cybersecurity departments.
#cybersecurity
#infosec
#cloudsecurity
Be careful with your Cloud services! Even if you're using a top known service like Google Drive or Dropbox, doesn't mean your account and data are safe. Make sure you have MFA setup and are using a long password unique from your other accounts.
There's a lot of talk about ChatGPT, but don't lose focus on the larger picture of AI threats to businesses.
🚨 Top
#AI
#Cybersecurity
#Risks
! 🤖
1️⃣ Automation of large scale attacks
2️⃣ Evolving malware at rapid speeds, outsmarting defenses
3️⃣ Advancing social engineering - too
Don't panic if you suddenly get a notification in Windows that Defender has detected a threat; there's a recent false positive for Chrome apps classified as Hive.ZY and MS is working on it. Read here
#cybersecurity
#vulnerability
#windows
The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network involving the NY Field Office.
#cybersecurity
#infosec
Check out this good free walkthrough to setup Splunk and familiarize yourself with it. Good practice for all the Cybersecurity/SOC Analysts out there.
#Cybersecurity
👑New Free Hands-On Course: Splunk
Use Splunk as a SOC member and be comfortable to search data.
🔹Introduction to Splunk
🔹Splunk Installation on Windows/Linux
🔹Splunk Universal Forwarders
🔹Add Data to Splunk
🔹Search on Splunk
🔹...
Incident Response is a crucial part of every Cybersecurity Program. Auditors and Cyber Insurers are not only looking for a formal policy but companies are training all staff and conduct annual tabletop exercises. Learn more:
#cybersecurity
#security
#tech
OpenSSL released information on the new vulnerability warned from last week. The Critical severity was downgraded to High, but still very important to address right away. All the info can be found here:
#cybersecurity
#vulnerability
#tech
Stress management and work-life balance is always important, especially with Cybersecurity Blue and IR teams where the pressure can be very high. We have to be careful this doesn't lead to being overwhelmed or distracted and putting our guard down...
#cybersecurity
People need to be aware of how prevalent the spread of disinformation is and understand the real impact it has...There should be a better solution for fact/source verification the public can trust to easily identify malicious or fake content 🤔
#security
CSF 2.O is on its way! Join the NIST virtual event on Feb 15th to discuss the proposed changes to the Cybersecurity Framework (CSF) leading to the release of 2.0 with fellow professionals.
#cybersecurity
#infosec
#NIST
The CSA combined current expertise with results from a widespread survey conducted to create the 2022 Top Cloud Threats report - the ‘Pandemic Eleven’. This is very valuable and useful for orgs leveraging the Cloud.
#cybersecurity
#cloud
#security
Check out our latest guide discussing why you need a Data Inventory, how it can help secure your company, and the steps to create one. It might seem obvious, but it's very underrated and many companies don't take the time to properly create one.
Defense-in-depth is an important design practice in cybersecurity programs for all organizations. Never put all your eggs in one basket, there should be separate security defenses at each layer of the network.
A defense-in-depth strategy protects the confidentiality, integrity, and availability of networks and the data within. Learn the benefits
#SLTT
organizations can gain from adopting this strategy here.
#cybersecurity
Important topic to follow in
#Cybersecurity
. Governing bodies need to draw reasonable lines for due care/diligence for social media. Social media is a business and users are customers they must protect. They have a responsibility to prevent disinformation but uphold free speech.
Tech execs appeared at Senate hearings on
#disinformation
, facing blistering attacks from lawmakers & former colleagues who say their companies allow the spread of untrue, divisive & extremist content because it is profitable, reports
@SuzanneMSmalley
.
This will continue to be the pattern this year. Ultimately Security Awareness Training always needs to be a high priority. Conducting one basic training per year is not enough. It needs to be continuous, interactive and covering new trends.
#cybersecurity
#securityawareness
There was a 61% increase in the rate of
#phishing
attacks in the six months ending October 2022 compared to the previous year.
Luke McNamara spoke to
@CNBC
on the increase, what lures attackers could be using & how users can protect their accounts. ⬇️
Pen Testing vs Vulnerability Scanning: Do you Need Both? There is some overlap between the two, but it's important to recognize the differences and why each are absolutely needed. Read more here:
#cybersecurity
#security
#tech
#infosec
Good article to check out - there are a lot of recurring themes between CISOs across different companies and industries. MFA still has a lot of challenges (mainly the lack of it, sadly) and is getting a ton of attention...
#cybersecurity
#security
Healthcare organizations need to continue to be on High Alert. Make sure critical infrastructure is patched, any unnecessary ext access vectors should be locked down and monitoring watched diligently.
#cybersecurity
#infosec
#killnet
This is a great list, thank you for the reference! I subscribe to many of these channels and I encourage everyone to check them out and subscribe to their favorites!
This is an excellent free resource from SANS that explains the functions and responsibilities of a Security Operations Team (SOC), as well as the common tools that are used.
#CyberSecurity
#Securityoperations
#SOC
Countries like Australia are considering codifying payment bans into law, and both Florida and North Carolina have made it illegal for state agencies to pay ransoms. But is this wise? Zscaler’s CISO, Ben Corll, shares his views.
→
@4n6lady
Besides the other great points, it's easy to get overwhelmed by the amount of ever-changing trends, technologies and threats. Choosing specific objectives to focus on, for your work and training, is very important. Many efforts are left half-baked, so see it through to the end!
Setting proper expectations is incredibly important at all levels, from help desk engineers, to CISOs. Always keep it in mind when communicating with customers, end-users or team members. Avoids a lot of potential headaches!
#cybersecurity
#infosec
#tech
#softskills
In part with having an incident response plan, having a sound crisis management platform for communication is critical to ensure everyone is aware of the incident, the extent of the impact and what actions to take. Check this out for more info.
#cybersecurity
#security
It is imperative for companies to respond quickly when a crisis ⚠️ occurs.
With a mobile-enabled📱information sharing platform, orgs can deliver steady real-time communication to stakeholders ▶️
#crisiscommunication
#incidentresponse
Check out these great Cybersecurity Podcasts to get your daily dose of security news and trends. There are interesting interviews and engaging discussions on security topics and debates you can listen to.
#Cybersecurity
#Tech
#Security
"Rarely do we find men who willingly engage in hard, solid thinking. There is an almost universal quest for easy answers and half-baked solutions. Nothing pains some people more than having to think."
Martin Luther King, Jr.
#MLKDay2023
A day on, not a day off.
Today, we celebrate the life and legacy of Dr. Martin Luther King Jr. as a national day of service. How are you honoring
#MLKDay
?
CISSP, CCISO and CISM are among the top certifications for cybersecurity management, leadership and strategic guidance. The CISSP is great because it combines mgmt with key technical aspects. I personally like the CISSP/CISM combo for additional mgmt focus.
#cybersecurity
#ciso
Check out these new cybersecurity recommendations created to supplement NIST's CSF. I like the structure used, it's very clean and concise. Applies to everyone but great for SMBs. Here is the direct link to the document.
BIG news for cyber! Today, DHS, through
@CISAgov
, released the Cybersecurity Performance Goals that provide critical infrastructure owners & operators with a way to prioritize their efforts & investments toward the most impactful cybersecurity measures:
Looking for
#FreeResources
to help you get started on your path towards a career in
#cybersecurity
? Our New2Cyber page shares webcasts, blogs & more to help you get started on your journey:
If you are using Microsoft Cloud services, you should be familiar with and leveraging Conditional Access Policies to improve your access controls and work towards a Zero Trust architecture.
#cybersecurity
#cloudsecurity
#zerotrust
#infosec
Understanding Cyber Attackers & Their Methods | A Dark Reading Virtual Event
Do you know which attacks are most likely to be used against an organization like yours, and which attackers are most likely to target you?
Register today to join us>>
Zero-trust is a popular topic in Cybersecurity but many organizations still do not understand the architecture and design or the solutions available. This is a great resource to check out and learn more about this.
#cybersecurity
#zerotrust
CSA’s Zero Trust Resource Hub is live and open for content submissions! This hub can be a go-to resource for your questions, concerns, and conversation about
#ZeroTrust
. Interested in contributing? Submit your Zero Trust content through this link →