Weekly #cybersecurity digest to your inbox

Subscribe for our weekly digest and get each Friday the most important cyber security news, list of upcoming free webinars and a summary of Cyberday development to your inbox.
Thanks! See you in your inbox on Fridays. :)
Unfortunately something went wrong. You can contact us at team@cyberdayai.

Potential Struggles IT Companies might Encounter with Incident Identification and Reporting Today

The complexities of incident identification and reporting in IT, touching on coordination problems, tool inadequacies, and process deficiencies. It explores modern challenges like cyber threats and alert fatigue, as well as the cognitive gap.

article

28.3.2024

Information Security Risk Management: A Step-by-step Guide to a Clear Process

This post offers a comprehensive guide on managing information security risks, from pre-steps like asset identification to evaluation, treatment and monitoring. A crucial aspect given the surge of cyber vulnerabilities amid increasing tech advances.

article

21.3.2024

Ransomware, AI Act 101, NIST CSF 2.0: Cyberday product and news round up 3/2024 🛡️

In the March digest, development themes include new frameworks, risk management improvements and a new visual view for documentation cards. The news features Information Security Trailblazers, data breaches and AI Act 101.

article

21.3.2024

Empowering Employees: The Keystone in Incident Detection and Reporting

Employees are vital for detecting and reporting cyber threats and bolstering security. Proper training fosters a resilient culture, ensuring timely responses and safeguarding against breaches.

article

15.3.2024

NIS2 Incident Reporting Requirements and related ISO 27001 Best Practices

This post outlines NIS2 incident reporting and further describes ISO 27001 best practices, and their application in crafting successful incident reporting processes for your organization.

article

8.3.2024

Top 7 information security standards, frameworks and laws explained

Many information security frameworks are available to help organizations build their own security plans. This article provides key information about some of the most popular information security frameworks.

article

4.3.2024

ISO 27001 and NIS2: Understanding their Connection

Learn how the ISO 27001 and the NIS2 are "connected" and why they are brought up together pretty often. Understand their differences and synergy with the help of this blog post.

article

1.3.2024

Guide to Incident Detection and Reporting: Prepared for the Worst

In this guide you'll learn to navigate the incident detection and reporting process, explore various mechanisms, understand reporting, documentation, and derive crucial lessons. We also glance at other ingredients for successful incident management.

article

22.2.2024

These Highly Exploited Vulnerabilities Indicate Organizations are Still Failing to Apply Patches

​Researchers at Recorded Future have revealed a list of top vulnerabilities that saw mass exploitation from threat actors in 2019. Six of these commonly exploited vulnerabilities for the year are repeats from 2018. Apparently, all these repeated vulnerabilities are related to Microsoft products. Although patches for all these reported vulnerabilities already exist, software patching is often not performed in a timely manner by companies and individuals.

Go to article at
15.5.2020
Unpatched Vulnerabilities

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.

Go to article at
15.5.2020
Ransomware,Unpatched Vulnerabilities

RevengeHotels: cybercrime targeting hotel front desks worldwide

RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group.

Go to article at
15.5.2020
Malware

BEC Attacks Hit More Than 2,100 Companies throughout the US

A prolific and dangerous group called Exaggerated Lion has been hitting targets in the United States with business email compromise (BEC) attacks that follow a very specific model. They have racked up thousands of attempts and hundreds of millions of dollars stolen every month. The post BEC Attacks Hit More Than 2,100 Companies throughout the US appeared first on Security Boulevard.

Go to article at
15.5.2020
Business-Email-Compromise

Cost of Insider Threats Rises 31%

New study finds dramatic increase in the cost and frequency of insider threats

Go to article at
15.5.2020
Insider Attacks

Racoon Malware Steals Your Data From Nearly 60 Apps

An infostealing malware that is relatively new on cybercriminal forums can extract sensitive data from about 60 applications on a targeted computer. [...]

Go to article at
15.5.2020
Malware

Human-Operated Ransomware Is a Growing Threat to Businesses: Microsoft

Different from auto-spreading ransomware, these are hands-on-keyboard attacks, where attackers adapt to the compromised network’s configuration, and show extensive knowledge of systems administration.

Go to article at
15.5.2020
Ransomware

Pirated Software is All Fun and Games Until Your Data’s Stolen

Passwords stolen through software cracks BleepingComputer has been tracking adware bundles for a long time and in the past, they would install unwanted programs, but had no long-term ramifications to your data, privacy, or financial information. Security researcher Benkøw has recently noticed that monetized installers pretending to be software cracks and key generators are now commonly installing password-stealing Trojans or remote access Trojans (RATs) when they are executed. In his tests over the past week by downloading various programs promoted as game cheats, software key generators, and licensed software, when installing them he was infected with password-stealing Trojans and backdoors such as Dreambot, Glupteba, and Racoon Stealer. Distributed via torrent sites, YouTube, and fake crack sites To distribute these adware bundles, attackers will upload them to torrent sites, create fake YouTube videos with links to alleged license key generators, or create sites designed to just promote adware bundles disguised as software cracks.

Go to article at
15.5.2020
Malware

Fake Executive Tricks New York City Medical Center into Sharing Patient Info

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility's executives. In a Notice of Data Privacy Incident statement published on VCRN's website, the company stated: "The unauthorized actor requested certain information related to VCRN patients. Information obtained by the threat actor included first and last names, dates of birth, and medical insurance information, including provider name and ID number for 674 patients. The medical center said that they weren't aware of any personal patient information having been misused as a result of this event. VCRN has taken steps to notify all the patients who have potentially been impacted by the cyber-attack. VCRN advised patients "to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution."

Go to article at
15.5.2020
Phishing