Illustration by Dorathe Victor Five worthy reads is a regular column on five noteworthy items we discovered while researching trending and timeless topics. In this week’s edition, let’s explore how artificial intelligence and machine learning are weaponized by hackers to fuel cyberattacks. AI and ML are conquering the world at a rapid pace. AI has made life much easier. In many instances, it speeds up manual processes, reduces costs, and eliminates manual errors.
The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis to ensure that our clients are protected and aware of any imminent threats. This research blog captures some of the phishing email threats we have discovered. Whenever there is a global event, threat actors are sure to take advantage of the situation. As the war between Russia and Ukraine continues, cybercriminals are pumping out spam emails that use the crisis as a lure.
April 2020, Zoom was booming. The start of the COVID pandemic forced employees to work from home, meetings in person migrated to a videoconferencing model, and Zoom was the preferred tool. The massive and fast growth led into an opportunity for attackers. A vulnerability in Zoom could allow an attacker to steal a user’s Windows credentials, as long as the target user would click on a link provided through a Zoom session. The question was then how to get into those private sessions.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I had almost forgotten (was I the only one?) that the aged IE web browser approaches it’s doom… Long may it rot.
Electronic mail (or email) is an integral part of how businesses function and has been a fundamental communication tool across all industries. Email communication has been used to interact instantly with employees and customers, as well as to share important information to the wider public. Emails are also effective as they can be used to connect two or more people by allowing businesses to send messages en masse to a targeted list of contacts quickly and efficiently.
CIS Control 14 concerns implementing and operating a program that improves the cybersecurity awareness and skills of employees. (Prior to CIS Critical Security Controls Version 8, this area was covered by CIS Control 17.) This control is important because a lack of security awareness among people inside your network can quickly lead to devastating data breaches, downtime, identity theft and other security issues.
The newly revised and renumbered Center for Internet Security (CIS) Control 11 highlights the need for backups, ensuring smooth and timely recovery of data in case of security breach or misconfiguration. In the current CIS Critical Security Controls (CSC) version 8 of CIS benchmarks, the data recovery control has been pushed ahead to 11. It was previously CIS Control 10 in version 7. CIS Control 11 is a vital player among the 18 cis controls CIS has formulated.
The Center for Internet Security (CIS) provides a set of Critical Security Controls to help organizations improve cybersecurity and regulatory compliance. CIS Control 3 concerns ensuring data protection through data management for computers and mobile devices. Specifically, it details processes and technical controls to identify, classify, securely handle, retain and dispose of data.
CIS Critical Security Controls are powerful tools for helping enterprises assess their vulnerabilities, perform effective cybersecurity risk management, harden their security posture, and establish and maintain compliance with cybersecurity mandates. CIS Control 5 offers strategies to ensure your user, administrator and service accounts are properly managed.
