Weekly #cybersecurity digest to your inbox

Subscribe for our weekly digest and get each Friday the most important cyber security news, list of upcoming free webinars and a summary of Cyberday development to your inbox.
Thanks! See you in your inbox on Fridays. :)
Unfortunately something went wrong. You can contact us at team@cyberdayai.

NIS2 Overview: History, key contents and significance for top management

Get an overview of NIS2's main contents and understand how it makes top management clearly responsible for organization's information security efforts.

article

16.2.2024

Best Practices and Common Challenges of ISMS Implementation

No matter if you are an IT professional, a cyber security expert, or in a management role, this post will provide you with valuable insights into the best practices for a successful ISMS implementation and how to navigate common challenges.

article

14.2.2024

ISMS Guide: Top 10 ISMS Implementation Benefits

What is an ISMS and why does your organization benefit from its implementation in the long run? This blog post will give you a short guide about all the basics you need to know about an ISMS and its top 10 benefits.

article

9.2.2024

Intro to Incident Management: Definitions, benefits and best practices

Learn how an incident management process improves communication, documentation, and continuous improvement for IT organisations.

article

6.2.2024

5 Efficient Ways for Involving People in Your Security Work

Discover how teamwork, education, reporting, and risk assessments empower ISMS. Explore 5 ways to engage people for a secure, collaborative digital space.

article

1.2.2024

AI Act, cyber risks and breaches: Cyberday product and news roundup 1/2024 🛡️

In January's summary, development themes include reporting updates, improved report sharing and upgraded Academy. On the news side talk about AI Act, cyber risks and breaches.

article

30.1.2024

10 most important tasks for a CISO and tips for being successful

This article provides an insight into the main responsibilities of a CISO, from implementing security principles to fostering collaboration. It also presents valuable tips for successful performance, emphasizing constant learning as a key ingredient.

article

24.1.2024

The Human Firewall Effect: Tips for Securing Your Organization from Within

This blog post emphasizes the critical role employees play in bolstering an organization's cyber security. It discusses developing clear guidelines, employee training, and monitoring progress to create a strong human firewall.

article

19.1.2024

These Highly Exploited Vulnerabilities Indicate Organizations are Still Failing to Apply Patches

​Researchers at Recorded Future have revealed a list of top vulnerabilities that saw mass exploitation from threat actors in 2019. Six of these commonly exploited vulnerabilities for the year are repeats from 2018. Apparently, all these repeated vulnerabilities are related to Microsoft products. Although patches for all these reported vulnerabilities already exist, software patching is often not performed in a timely manner by companies and individuals.

Go to article at
15.5.2020
Unpatched Vulnerabilities

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.

Go to article at
15.5.2020
Ransomware,Unpatched Vulnerabilities

RevengeHotels: cybercrime targeting hotel front desks worldwide

RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group.

Go to article at
15.5.2020
Malware

BEC Attacks Hit More Than 2,100 Companies throughout the US

A prolific and dangerous group called Exaggerated Lion has been hitting targets in the United States with business email compromise (BEC) attacks that follow a very specific model. They have racked up thousands of attempts and hundreds of millions of dollars stolen every month. The post BEC Attacks Hit More Than 2,100 Companies throughout the US appeared first on Security Boulevard.

Go to article at
15.5.2020
Business-Email-Compromise

Cost of Insider Threats Rises 31%

New study finds dramatic increase in the cost and frequency of insider threats

Go to article at
15.5.2020
Insider Attacks

Racoon Malware Steals Your Data From Nearly 60 Apps

An infostealing malware that is relatively new on cybercriminal forums can extract sensitive data from about 60 applications on a targeted computer. [...]

Go to article at
15.5.2020
Malware

Human-Operated Ransomware Is a Growing Threat to Businesses: Microsoft

Different from auto-spreading ransomware, these are hands-on-keyboard attacks, where attackers adapt to the compromised network’s configuration, and show extensive knowledge of systems administration.

Go to article at
15.5.2020
Ransomware

Pirated Software is All Fun and Games Until Your Data’s Stolen

Passwords stolen through software cracks BleepingComputer has been tracking adware bundles for a long time and in the past, they would install unwanted programs, but had no long-term ramifications to your data, privacy, or financial information. Security researcher Benkøw has recently noticed that monetized installers pretending to be software cracks and key generators are now commonly installing password-stealing Trojans or remote access Trojans (RATs) when they are executed. In his tests over the past week by downloading various programs promoted as game cheats, software key generators, and licensed software, when installing them he was infected with password-stealing Trojans and backdoors such as Dreambot, Glupteba, and Racoon Stealer. Distributed via torrent sites, YouTube, and fake crack sites To distribute these adware bundles, attackers will upload them to torrent sites, create fake YouTube videos with links to alleged license key generators, or create sites designed to just promote adware bundles disguised as software cracks.

Go to article at
15.5.2020
Malware

Fake Executive Tricks New York City Medical Center into Sharing Patient Info

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility's executives. In a Notice of Data Privacy Incident statement published on VCRN's website, the company stated: "The unauthorized actor requested certain information related to VCRN patients. Information obtained by the threat actor included first and last names, dates of birth, and medical insurance information, including provider name and ID number for 674 patients. The medical center said that they weren't aware of any personal patient information having been misused as a result of this event. VCRN has taken steps to notify all the patients who have potentially been impacted by the cyber-attack. VCRN advised patients "to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution."

Go to article at
15.5.2020
Phishing