Cybersecurity ???And Much More Newsletter ?? Vol.3 Num. 04
Greetings, friends.
Welcome to my newsletter; if you are not yet subscribed, please do. It might include books, articles, tech, tips, and other cool stuff about cybersecurity.
Enjoy!
What’s Happening
???CISA and the NSA Warning about Remote Monitoring Software
Warning that threat actors used legitimate remote monitoring and management software to gain access to the networks of multiple federal civilian executive branch agencies, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory on the matter. The warning provides specifics on the technical side, as well as indicators of compromise and mitigation steps.
?? ???PayPal accounts breached in large-scale credential stuffing attack
Thousands of PayPal customers have had their accounts compromised due to credential stuffing attempts, and the company is now notifying them of the breach. According to PayPal, the breach happened sometime between December 6 and December 8, 2022. On December 20, 2022, the corporation verified that unauthorized third parties had entered into the accounts using genuine credentials, despite having been recognized and mitigated at the time. The online payment processor insists there was no security breach and that it has no proof that the credentials were stolen from its own servers. Hackers gained access to account holders' full names, dates of birth, postal addresses, Social Security numbers, and individual Tax Identification Numbers, affecting around 35,000 people.
?? ???Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner
These fast-food restaurant businesses are owned and operated by Yum! Brands, which was recently hit by a ransomware attack that locked down 300 sites in the United Kingdom. With approximately $5 billion in assets and $1.3 billion in annual net profit, Yum! Brands are able to run 53,000 restaurants in 155 countries and territories. The British eateries that were compromised in the cyberattack are back in business as usual and shouldn't see any further issues related to the hack. While Yum! Brands have verified data theft, and they have found no evidence that consumer data was compromised.
??VMware Patches vRealize Log Insight Vulnerabilities
VMware has patched four flaws in its vRealize Log Insight product with newly published patches. A directory traversal vulnerability and an access control bypass vulnerability are the two most serious issues. The two vulnerabilities might be used together to allow for the execution of code from a remote location. Another issue that has been addressed is a deserialization bug that might have led to a denial of service attack or information exposure.
?? Google Updates Chrome
Google has released Chrome stable channel version 109.0.5414.119 for Mac and Linux and version 109.0.5414.119/.120 for Windows. Six security issues have been addressed in this latest browser release. Researchers from outside the company reported four of the vulnerabilities. WebTransport, WebRTC, and GuestView all have use-after-free flaws, while the ServiceWorker API has a type confusion flaw.
???Hive was shut down by the FBI
The infrastructure of the Hive ransomware gang has been broken due to an international operation by law authorities. Two of the group's data leak sites have been taken down, and authorities in the United States have confiscated their servers. FBI officers helped with the takedown by sneaking onto the Hive network and staying there for seven months.
Security Bites
???Tips - ???Security - NIST Releases AI Risk Management Framework 1.0
The National Institute of Standards and Technology (NIST) has released the AI Risk Management Framework 1.0. This framework tells organizations how to find, evaluate, and manage the risks that come with using artificial intelligence (AI) systems. The framework covers a wide range of topics, such as risk assessment, governance, data management, and transparency. Its goal is to help organizations develop effective risk management strategies for their AI systems.
To help businesses deal with AI-related dangers, the AI RMF has developed a scalable, repeatable, and quantifiable procedure. The benefits of AI technology can be maximized, and the potential for negative impacts on individuals, groups, communities, companies, and society can be minimized by following this procedure for managing AI risks.
According to Under Secretary for Standards and Technology and NIST Director Laurie E. Locascio, the framework is a part of a larger effort by NIST to foster trust in artificial intelligence technologies, which is essential if these tools are to be extensively used by society.
Locascio remarked that "businesses and other organizations of any sector and size can benefit from the AI Risk Management Framework in getting started with or improving their AI risk management practices." "It provides a fresh approach to incorporating responsible principles and practical recommendations to implement safe and ethical AI. Our hope is that the AI RMF will play a leading role in promoting the establishment of industry-wide benchmarks and best practices.
There are two components to the AI RMF. The first section explains how businesses can define AI risks and what to look for in a reliable AI system. The second section, the framework's meat, and potatoes, details the four fundamental roles that businesses may use to confront the hazards of AI systems in action: govern, map, measure, and manage. These features can be used in any phase of the AI development process and in a wide variety of context-aware applications.
NIST has spent the past 18 months building the AI RMF in collaboration with both the business and public sectors. About 400 sets of official comments were submitted to NIST by over 240 separate organizations, and their comments are reflected in the text. A number of groups have already committed to using or promoting the framework, and NIST has released statements from some of them today.
Today, the agency also unveiled the voluntary AI RMF Playbook, which provides guidance on how to apply the framework.
The NIST intends to collaborate with the AI community to regularly update the framework, and any proposals for new or revised content are welcome at any time. A revised version of the playbook will be made available in the spring of 2023, taking into account feedback received by the end of February of that year.
To further aid businesses in implementing the AI RMF 1.0, NIST aims to open a Trustworthy and Responsible AI Resource Center. The agency recommends that groups create and disseminate profiles of potential applications. Questions and proposals can be submitted to [email protected] .
NIST will keep collaborating with businesses, nonprofits, government agencies, educational institutions, and others to refine existing recommendations and create new ones. The organization just released its plan of action for doing so.
The framework is part of NIST's expanding body of work in the field of artificial intelligence (AI), which includes basic and applied research, an emphasis on measurement and evaluation, technical standards, and contributions to AI policy.
领英推荐
My Favorites
????Warley Mapping - Strategy ?? for the self-taught
I am an experienced note-taker (??)?and an aspiring author. That is probably from all the years spent in college, and the fear of missing out on what a professor might say during the lecture, as well as the constant urge to create.
But I applied that to my professional and personal lives, and it seemed to work out well. Over the years, from thousands of meetings, designing solutions and strategies, to book summaries and training, writing things down is something we should all do.
However, thinking about big things or complex projects and getting others to understand your vision is definitely not something to communicate via a word document or slides. This is where mapping can help you visualize your vision while also making it easy for others to understand it.
A colleague of mine introduced me to Wardley Mapping, and I found it really interesting. I’ve created maps that explain stuff in my own way, and sometimes they just do not work with each and every audience.
What is it?
Wardley mapping is a technique for illustrating the development of systems and the parts that make them up, and it is most often used in IT and business planning.
Business strategist and IT industry forefather Simon Wardley is credited with creating the method. With the use of a Wardley map, businesses may better comprehend the value chain of a certain market or industry and zero in on areas where they can gain a distinct advantage over competitors.
The idea behind the maps is to represent the relative positions of system components such as goods, services, and infrastructure in terms of maturity, complexity, and proprietary nature. As a result, businesses are better able to assess the existing market climate and plan for its future evolution.
Should you learn Wardley mapping? If the questions below resonate with you, you should definitely give it a shot.
How do I get started?
To get started with Wardley mapping, you will need to follow these steps:
Show your work! Make a Wardley map!
To learn more about it, you can visit Wardley’s website, read this free book , or listen to this audiobook (it’s also free). There are also paid courses or free videos
??????Books I’m Currently Reading ????
Title: Deep Work
Author: Cal Newport
Overview: "Deep work" refers to the practice of working on a mentally taxing task without interruptions. Deep work, a term coined by author and professor Cal Newport on his renowned blog Study Hacks, will improve your performance, allow you to accomplish more in less time, and give you the satisfaction that comes from knowing you've mastered a challenging task. To sum up, in today's fiercely competitive economy, deep work is tantamount to a superpower. Even still, most individuals, whether they are knowledge workers in distracting open-plan offices or artists who are stymied by a lack of focus, have lost the ability to dive deep, instead spending their days in a frenetic fog of email and social media.
??????Books I Recommend Reading ??
Title: Essentialism
Author: Greg McKeown
Overview: Essentialism is a book written by Greg McKeown, CEO of a Silicon Valley leadership and strategy firm. McKeown has taught at Apple, Google, and Facebook. To think like an Essentialist requires self-control. A shift in perspective from "We can have it all" and "I have to accomplish everything" to "the right thing, in the right way, at the right time" necessitates questioning certain fundamental assumptions. The pursuit of less helps us to reclaim agency over our decisions and devote more resources to the things that truly matter.
???Videos - Decoding NOBELIUM: The Docuseries ?? ??
Get the insider account from the frontline defenders who tracked and responded to the NOBELIUM incident, the most advanced nation-state and supply chain attack in history. Gain insights and learn critical steps to improve your security posture against the next wave of attacks. Start with the first episode here .
Quote of the Week
“I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain.”
― Frank Herbert, Dune.
If you’re interested in starting a career in cybersecurity, watch this one . Don’t forget to subscribe to my channel and leave a comment if there are any topics you’re interested in seeing in my next video.
Check out my other stuff here .
I want to express my gratitude to Seif H. consistently publishing their newsletter. It is always filled with interesting and enlightening information. Thank you for being such a leader in your field and for sharing your knowledge with others. ??