A quick Saturday digest of cybersecurity news articles from other sources.
After collecting $22 million, AlphV ransomware group stages FBI takedown
After collecting $22 million, AlphV ransomware group stages FBI takedown. Affiliate claims payment came from AlphV victim, and AlphV took the money and ran.
The ransomware group responsible for hamstringing the prescription drug market for two weeks has suddenly gone dark, just days after receiving a $22 million payment and standing accused of scamming an affiliate out of its share of the loot. More…
CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices
03/07/2024 02:30 PM EST
Today, CISA and the National Security Agency (NSA) released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s).
- Use Secure Cloud Identity and Access Management Practices
- Use Secure Cloud Key Management Practices
- Implement Network Segmentation and Encryption in Cloud Environments
- Secure Data in the Cloud
- Mitigate Risks from Managed Service Providers in Cloud Environments
CISA and NSA encourage all organizations to review the practices and implement the mitigations provided in the joint CSIs to help strengthen their cloud security. For more information on cloud security best practices, see CISA’s Secure Cloud Business Applications (SCuBA) Project and Trusted Internet Connections (TIC) pages.
Reflecting on a Banner Year for CIS in 2023
Bob says: The CIS Security Controls is my favorite cybersecurity framework, especially for small companies looking for a cybersecurity framework where they can start small and grow into as they get bigger.
From John Gilligan, Center for Internet Security
As 2024 is underway and cyber threats continue to be present, I’m taking a moment to reflect on 2023. It was another year of tremendous growth and major accomplishments for the Center for Internet Security® (CIS®) as we made significant impact in improving the global state of cybersecurity.
Proven Security Best Practices
CIS is perhaps best known for our industry-standard security best practices tied to the CIS Benchmarks™ and the CIS Critical Security Controls® (CIS Controls®). Last year:
- The CIS Controls were again featured in the Verizon Data Breach Investigations Report (DBIR) as a recommended safeguard against cyber threats.
- Iowa became the fourth state to pass safe harbor legislation incentivizing adoption of the Controls.
Demand for our best practices continued to grow with millions of downloads, and our preconfigured virtual machine images logged more than 780 million hours of consumption through the major cloud service provider marketplaces.
Serving the Underserved
Central to CIS’s mission is meeting the needs of the “cyber underserved,” those small- and medium-sized U.S. State, Local, Tribal, and Territorial (SLTT) government organizations that have few resources to adopt leading edge cyber solutions. Last year:
- The Multi-State Information Sharing and Analysis Center® (MS-ISAC®) turned 20 years old and surpassed 16,000 SLTT members, all of which have access to no-cost and cost-effective resources.
- The Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) reached more than 3,700 members from the election community as it celebrated its five-year anniversary.
- We launched more services and passed the milestone of our 1,000th Albert sensor deployed, promoting network monitoring that maintains an industry-leading response time of less than five minutes.
Communities and People
In support of our strategy and mission goals, we added six new partnerships in 2023, including the Consortium for School Networking (CoSN), Coalition of City CISOs, H-ISAC, Retail & Hospitality ISAC, StateRAMP, and Tenable.
We also formalized the CIS Ambassador program, inviting four CIS Controls Ambassadors and one CIS Benchmarks Ambassador to continue evangelizing our best practices within the security community.
Download our CIS 2023 Year in Review for more insights.
As we continue creating confidence in the connected world, we look forward to working together.
Best regards,
John Gilligan
CIS President and CEO
CIS (Center for Internet Security, Inc.)
31 Tech Valley Drive
East Greenbush, NY 12061
Microsoft and OpenAI Team Up to Block Threat Actor Access to AI
Analysis of emerging threats in the age of AI provides insight into exactly how cybercriminals are leveraging AI to advance their efforts.
When ChatGPT first came out, there were some rudimentary security policies to avoid it being misused for cybercriminal activity. But threat actors quickly found ways around the policies and continued to use it for malicious purposes.
According to new published research by both Microsoft and OpenAI, the two companies have joined forces to detect, terminate and block malicious access to services provided by OpenAI. More…
Share
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com