Details behind how TD Bank got fined, why this new zero-day vulnerability is making headlines and more insight on how CISCO's are feeling.

We have now reached MORE than 23,630 subscribers! Thanks for your support. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network.

Be sure to read the "My thoughts" section to learn strategies for navigating and combating cyber attacks. I'm here to assist you in avoiding and battling these threats should they ever affect you.

Contact me if you have any questions regarding your enterprise's cybersecurity strategy --> Luigi Tiano.

P.S. We often do giveaways on our company page -->

New zero-day vulnerability making headlines?

?

A new zero-day vulnerability, CVE-2024-38217, has been confirmed by Microsoft, posing a serious threat to Windows users. This flaw bypasses a key Windows security feature designed to protect against ransomware attacks by manipulating security warnings about untrusted files. Despite its high severity and active exploitation, a fix for this vulnerability is included in the latest Patch Tuesday security update. The situation underscores ongoing risks in cybersecurity and the need for timely updates to defend against emerging threats. ( forbes.com ) ?

?

My Thoughts: We all know Zero Days happen, however it’s troubling to see a zero-day vulnerability like CVE-2024-38217 making headlines. These vulnerabilities are especially dangerous because they are exploited before a fix is available. The fact that this particular flaw bypasses essential security measures related to ransomware is a stark reminder of how critical it is to stay up-to-date with patches and updates. While Microsoft is working on a fix, it’s a reminder for all users to be vigilant and proactive about their cybersecurity practices. We need to stay informed and ensure that our systems are protected against such vulnerabilities.?

?

How cyber-attacks are affecting your children?

?

A ransomware attack has forced the Charles Darwin School in south London to close for the first half of the week, affecting around 1,300 students. The school’s IT systems were compromised, prompting the closure so staff could address the issue and ensure data security. All student Microsoft 365 accounts have been disabled as a precaution. The attack is part of a worrying trend of increased ransomware incidents targeting educational institutions in the UK. Last year saw record levels of such attacks, and early 2024 has already shown a sharp increase in reported incidents. ( therecord.media ) ?

?

My Thoughts: It’s deeply troubling to see ransomware attacks now impacting schools around the world, directly affecting our children’s education and our daily lives. This attack is a reminder that these cyber threats are not just abstract issues—they are causing real disruptions in our children’s lives.??

?

The closure of the school not only interrupts students’ learning but also creates significant challenges for parents trying to manage their family schedules. The escalation in ransomware attacks on educational institutions highlights an urgent need for enhanced cybersecurity measures. It’s time we take these threats seriously and work towards preventing them from disrupting our children’s lives and our daily routines.?

?

?

CISOs' Biggest Challenge?

?

The cybersecurity industry continues to grapple with significant challenges, particularly due to a shortage of skilled professionals and the high cost of security tools. A recent report from Command Zero highlights that chief information security officers (CISOs) face difficulties due to a lack of qualified cybersecurity talent and the operational strain of using expensive security tools. The report emphasizes that the skills gap in cybersecurity is acute, especially in areas requiring deep technical expertise like cyber investigations. This shortage forces existing teams to handle excessive workloads, leading to burnout and reduced effectiveness. ( darkreading.com ) ?

?

The report also notes that widely used tools like EDR/XDR, SIEM, and SOAR present challenges, including high costs and limited functionality when used at scale. Many organizations struggle with integrating and managing these tools due to a lack of specialized skills and resources. Command Zero recommends investing in analyst development and improving job satisfaction to retain talent, while also addressing the limitations of existing security tools.?

?

My Thoughts: The ongoing cybersecurity staffing shortage is not just an operational issue but a critical risk factor affecting our digital security landscape. The shortage of skilled professionals means existing teams are overburdened, leading to burnout and potential lapses in security coverage. I’ve seen this firsthand. This isn’t just about filling job openings; it’s about addressing a fundamental skills gap that jeopardizes the effectiveness of our defenses against increasingly sophisticated threats.?

?

Furthermore, the high cost and limitations of current security tools add another layer of complexity. As the industry evolves, so must our approach to training and tool deployment. Investing in professional development and improving job satisfaction are crucial steps toward building a more resilient cybersecurity workforce.??

?

We only partner with the best on the market. We have a variety of options, tailored to your needs and organization size.??

?

Have questions about your cybersecurity posture? Let’s chat.?

?

Calendar Link ?

?

How TD Bank got fined?

?

TD Bank has been fined $28 million by the Consumer Financial Protection Bureau (CFPB) for allegedly disclosing inaccurate and negative data on its customers to consumer reporting agencies. The fine stems from the bank’s systemic errors regarding credit card delinquencies and bankruptcies, which led to difficulties for customers in obtaining credit, housing, and employment. Nearly $8 million of the fine will be allocated to affected individuals. ( therecord.media ) ?

?

The CFPB’s investigation revealed that TD Bank shared faulty information related to credit card and deposit accounts, despite knowing or suspecting that some accounts were fraudulent. The bank allegedly failed to correct or properly investigate these inaccuracies, violating the Fair Credit Reporting Act and the Consumer Financial Protection Act.??

?

My Thoughts: The recent TD Bank fine highlights a serious issue: how financial mismanagement and data inaccuracies can deeply impact lives. When banks mishandle credit information, it not only disrupts financial stability but also affects people’s ability to secure housing and employment. The broader implication is clear—these problems go beyond individual inconvenience; they cause real harm to families and communities. This case underscores the urgent need for stricter oversight and more robust data management practices in the financial industry.?

??

We've been emphasizing this for some time: the CFO must be included in the conversation!?

?

?

?