Copy
Share Share
Tweet Tweet
Share Share
Forward to friend Forward to friend

Weekly #cybersecurity digest

Greetings <<First Name>>! We gather you every Friday the most important cybersec news, upcoming free webinars from our team and recent Cyberday development.

Published 14.1.2022 • Read all @ Cyberday.ai

WEEK'S MOST IMPORTANT CYBER SECURITY NEWS

Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry

💰 Finance industry, a top target for #cybercrime due to eg lots of sensitive PII and data systems critical for economy. Lazarus, Cobalt, and FIN7 top threat actors. Top attacks phishing, BEC, malware (also PoS), card skimmers and DDoS.

14.1. 09:18 · https://www.zdnet.com/article/fingers-point-to-lazarus-cobalt-fin7-as-key-hacking-groups-focused-on-finance-industry/

FBI: Hackers target US defense firms with malicious USB packages

⚠️ FIN7 cybercrime group targets US defense industry by posting them malicious USB devices. Hackers impersonate authorities to trick connecting the drive. Once plugged in, device injects keystrokes to install malware. #cybersecurity

14.1. 08:45 · https://www.bleepingcomputer.com/news/security/fbi-hackers-target-us-defense-firms-with-malicious-usb-packages/

Cloud Apps Replace Web as Source for Most Malware Downloads

🔺 Google Drive, Microsoft OneDrive and Box are (unsurprisingly) also cyber criminals favourites for #malware hosting. 🔺 On delivery side weaponized MS Office documents count for 37% of all malware downloads (nearly +100% from 2020)

14.1. 08:39 · https://www.darkreading.com/cloud/cloud-apps-replace-web-as-source-for-most-malware-downloads

FBI arrests social engineer who allegedly stole unpublished manuscripts from authors

⚠️ A cautionary tale During 5y period, this malicious insider was able to create fake email accounts and impersonate publishing industry people, to steal prepublication manuscripts from famous authors - for own benefit. #cybersecurity

14.1. 08:32 · https://www.csoonline.com/article/3646570/fbi-arrests-social-engineer-who-allegedly-stole-unpublished-manuscripts-from-authors.html

Kriittinen haavoittuvuus Windowsin http.sys-protokollapinossa

⚠️ Microsoft again released numerous vulnerability fixes on "Patch Tuesday". Of these, the http.sys vulnerability CVE-2022-21907 stands out for its criticality. Perform a corrective software update as soon as possible. #cybersecurity

14.1. 08:30 · https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_1/2022

NEXT WEEK'S CYBER SECURITY WEBINARS

Admin training (part 3/5): Risk management and security control implementation

We will present implementation of risk management in an organization, defining security controls and ensuring their implementation.

Aleksi Pulkkanen
Starts on Wed 19.1. at 2pm · duration 30 min

ISO 27001 (part 2/5): Security controls, risk management and SoA

We will present the basics of risk management, defining security controls and utilizing the statement of applicability.

Aleksi Pulkkanen
Starts on Wed 19.1. at 3pm · duration 45 min

Admin training (part 4/5): Automated staff training and guidance

We will present creating an automatized personnel cyber security guidance and training process.

Aleksi Pulkkanen
Starts on Wed 26.1. at 2pm · duration 30 min

NEWS FROM CYBERDAY DEVELOPMENT TEAM

new feature

Advanced priority classification available for data assets

From the Settings page, you can now enable an advanced priority classicification for your organization's most important data assets...

small improvement

Adding multiple participants to documentation topic

Now you can add additional participants who're supporting the actual owner of a documentation topic.

new feature

Better export capabilities on Data systems list

We developed the Excel-export to include all activated data fields in the table - including optional data...

All content @ cyberday.ai

Facebook
Twitter
LinkedIn
Website
Email
Privacy notice | Update preferences | Unsubscribe 

© 2022 Agendium Ltd. All rights reserved. Cyberday.ai | Agendium Ltd, Kalevantie 2, 33100 Tampere, Finland