Weekly #cybersecurity digest

Greetings <<First Name>>! This newsletter brings to your inbox every Friday:
🗞️ this week's most important cyber security news, 📅 next week's upcoming webinar trainings and 🛡️ most recent Cyberday development.

Published 20.1.2023 • Read all @ Cyberday.ai

#WeStandWithUkraine 🇺🇦

WEEK'S MOST IMPORTANT CYBER SECURITY NEWS

New stronger rules start to apply for the cyber and physical resilience of critical entities and networks

NIS 2 Directive will e.g.: 🏛 expand the sectors / types of critical entities on its scope ⚠️ strengthen #cybersecurity risk management requirements 🔈 give more detailed incident reporting obligations (e.g. content and timeline)

20.1. 02:30 · https://digital-strategy.ec.europa.eu/en/news/new-stronger-rules-start-apply-cyber-and-physical-resilience-critical-entities-and-networks

For password protection, dump LastPass for open source Bitwarden

In Dec, LastPass said August #cybersecurity incident had been worse than admitted. Instead of losing internal docs, they lost customer vault data. This article tells about an alternate tool to protect and organize passwords - Bitwarden.

20.1. 02:25 · https://www.theregister.com/2023/01/16/dump_lastpass_bitwarden/

Ransomware severs 1,000 ships from on-shore servers

Pirating from the comfort of your home? Latest case of transport industry #cyberattack's is ShipManager, a maritime mgmt business, after ransomware forced its software offline and left 1,000 ships w/o connection to on-shore servers.

20.1. 02:22 · https://www.theregister.com/2023/01/19/ransomware_attack_cuts_1000_ships/

Norton LifeLock Discloses Breach Affecting Thousands of Customer Accounts

Norton LifeLock breach may allow hackers access to password vaults. This was a credential stuffing attack — where previously leaked creds used to access accounts with same passwords. MFA and password changes help prevent. #cybersecurity

20.1. 02:22 · https://techcrunch.com/2023/01/15/norton-lifelock-password-manager-data/

NEXT WEEK'S CYBER SECURITY WEBINARS

ISO 27001 (part 1/5): Intro to standard and Cyberday ISMS

We will go through the basics of Cyberday and how ISO 27001 standard can support systematic information security management. We will also cover the 2022 update to the standard.

Starts on Wed 25.1. at 3PM (EET) · duration 45 min

Admin training (part 4/5): Automated staff training and guidance

We will present creating an automatized personnel cyber security guidance and training process.

Starts on Wed 1.2. at 2PM (EET) · duration 30 min

ISO 27001 (part 2/5): Security controls, risk management and SoA

We will present the basics of risk management, defining security controls and utilizing the statement of applicability.

Starts on Wed 1.2. at 3PM (EET) · duration 45 min

NEWS FROM CYBERDAY DEVELOPMENT TEAM

new feature

Quick search in Cyberday

We have published a global quick search for Cyberday, which helps an admin to easily jump to the item he is looking for, whether it is a list, a report or any individual item...

small improvement

"Login with Microsoft" on web UI

You can now also use your own Microsoft 365 credentials to log in to our browser interface.

small improvement

Extensions for employee actions on Guidebook

We've received a good reception for the employee incident reporting features in Guidebook. Now we're going to expand similar possibilities. In the next phase...

See full development log >>

POST FROM CYBERDAY TEAM

ISO 27001 standard updated to 2022 version - what changed?

ISO 27001, the world's leading information security standard, got an update for the first time in 9 years. What has changed when comparing 2013 vs. 2022 versions of ISO 27001 and how are these updates visible on Cyberday?

All content @ cyberday.ai

Open Cyberday blog