Weekly #cybersecurity digest to your inbox

Subscribe for our weekly digest and get each Friday the most important cyber security news, list of upcoming free webinars and a summary of Cyberday development to your inbox.
Thanks! See you in your inbox on Fridays. :)
Unfortunately something went wrong. You can contact us at team@cyberdayai.
Recent #cybersecurity weekly digests
See full archive? Go to Weekly digests -page >>

🛡️ Cyberdigest: Secure your passwords! 📝 DORA has come into effect 💰 News: data protection 🔐

Published at 

17:01

Open digest

🛡️ Cyberdigest: DORA is coming into effect January 17th, are you ready? 🛡️ Security trends 2025 ⭐️

Published at 

17:04

Open digest

🛡️ Cyberdigest: No time to waste, join us for the first webinars of the year 2025!  ➡️💻 Impactful cybersecurity events of 2024 📰 

Published at 

17:03

Open digest

Webinars
See the full calendar? Go to Webinars-page >>
Watch now
Webinar

Coming up on:

Wednesday

30

.

5

.

at

14:00

Admin training (part 3/5): Risk management and security control implementation

Register now
Watch now
Webinar

Coming up on:

Wednesday

7

.

6

.

at

14:00

Admin training (part 5/5): Operating and improving an ISMS and reporting compliance

Register now
Watch now
Webinar

Coming up on:

Wednesday

13

.

6

.

at

14:00

Admin training (part 4/5): Automating employee awareness, guidance and training

Register now
Watch now
Webinar

Coming up on:

Wednesday

21

.

6

.

at

15:00

ISO 27001 (part 3/5): Certification audit fundamentals

Register now
Watch now
Webinar

Coming up on:

Wednesday

9

.

8

.

at

14:00

Admin training (part 2/5): Framework selection and asset identification

Register now
Watch now
Webinar

Coming up on:

Wednesday

9

.

8

.

at

15:00

ISO 27001 (part 4/5): Staff training, guidelines and policy documents

Register now
Blog posts
Info of new posts? Subscribe now >>

System acquisition and development in NIS2: Suggested best practices

Get tips on securely acquiring and developing systems with a focus on ISO 27001, helping meet NIS2 requirements. Post explains key aspects like secure coding, acquiring secure applications and testing or publishing changes in a controlled manner.

article

16.4.2024

Continuity management in NIS2: Benchmark measures for business continuity and backups with ISO 27001

This post offers insight on complying with NIS2's continuity and backup requirements using ISO 27001's best practices. It guides you through continuity planning, backup processes, challenges, and achieving compliance effectively.

article

12.4.2024

HR security in NIS2: Best practices for compliance

Discover how the crucial role of HR in information security not only shapes the corporate security culture, but also steers the organization towards ISO 27001 and NIS2 compliance, ensuring secure handling of information assets and much more.

article

5.4.2024

Access control & MFA in NIS2: Build a solid foundation with ISO 27001 controls

What are the requirements for access control and MFA in NIS2 and ISO 27001 and how can they be implemented successfully? Learn more about the controls, requirements, best practices and how to overcome potential challenges in this blog post.

article

4.4.2024

Potential Struggles IT Companies might Encounter with Incident Identification and Reporting Today

The complexities of incident identification and reporting in IT, touching on coordination problems, tool inadequacies, and process deficiencies. It explores modern challenges like cyber threats and alert fatigue, as well as the cognitive gap.

article

28.3.2024

Information Security Risk Management: A Step-by-step Guide to a Clear Process

This post offers a comprehensive guide on managing information security risks, from pre-steps like asset identification to evaluation, treatment and monitoring. A crucial aspect given the surge of cyber vulnerabilities amid increasing tech advances.

article

21.3.2024

Ransomware, AI Act 101, NIST CSF 2.0: Cyberday product and news round up 3/2024 🛡️

In the March digest, development themes include new frameworks, risk management improvements and a new visual view for documentation cards. The news features Information Security Trailblazers, data breaches and AI Act 101.

article

21.3.2024

Empowering Employees: The Keystone in Incident Detection and Reporting

Employees are vital for detecting and reporting cyber threats and bolstering security. Proper training fosters a resilient culture, ensuring timely responses and safeguarding against breaches.

article

15.3.2024

News articles
Get weekly news? Subscribe now >>

PureLocker: the unusual ransomware that encrypts servers

While we know who the victims of these ransomware attacks are, more often than not, the strain of malware used in the incidents remains unknown. PureLocker is a piece of ransomware that is being used in targeted attacks against company servers, and seems to have links with notorious cybercriminal groups. The source code of PureLocker offers some clues as to its exclusive nature, such as the fact that it contains strings from the ‘more_eggs’ backdoor malware, which is sold by ‘veteran’ malware service providers. The similarities between this malware and PureLocker suggest that it possible that this ransomware starts the same way. This means that, even if a piece of malware contains mechanisms to hinder the creation of detection signatures, as is the case with PureLocker, our advanced cybersecurity solution is capable of detecting and blocking the threat. Don’t become the next victim of PureLocker, and protect yourself with Panda Security.

Go to article at
15.5.2020
Ransomware

Victims lose over $32m to business e-mail impersonation scams in first 9 months of this year: Singapore Police

Police on Tuesday (Nov 26) warned businesses against falling for e-mail impersonation scams, with more than $32 million lost between January and September this year.  In these scams, the victims were tricked into transferring money to business partners or to employees as salaries, only to discover later that the accounts they transferred the money to were controlled by scammers who used hacked or spoofed e-mail accounts to ask for the money. A total of 276 reports were received in the first nine months of this year and a new twist of the scam is also emerging, the police said in a statement. The scammers used to pretend to be chief executive officers, business partners or suppliers, but they are now also passing themselves off as employees of the company.

Go to article at
15.5.2020
Business-Email-Compromise

Swiss info security body warns of ransomware attacks against businesses

FinanceFeeds - Over the recent weeks, MELANI/GovCERT dealt with more than a dozen ransomware cases. The post Swiss info security body warns of ransomware attacks against businesses appeared first on FinanceFeeds.

Go to article at
15.5.2020
Ransomware

97% of IT leaders worried about insider data breaches

A staggering 97% of IT leaders say insider breach risk is a significant concern, according to a survey by Egress. 78% think employees have put data at risk accidentally in the past 12 months and 75% think employees have put data at risk intentionally. When asked about the implications of these breaches, 41% say financial damage would be the area of greatest impact. More than 500 IT leaders and 5000 employees were surveyed across the … More → The post 97% of IT leaders worried about insider data breaches appeared first on Help Net Security.

Go to article at
15.5.2020
Insider Attacks

Microsoft’s case study: Emotet took down an entire network in just 8 days

Microsoft shared details of the Emotet attack suffered by an organization named Fabrikam in the Microsoft’s DART Case Report 002, where Fabrikam is a fake name the IT giant gave the victim.

Go to article at
15.5.2020
Malware

Why the Latest Marriott Breach Should Make Us "Stop and Think" About Security Behaviors

Marriott International has experienced their second data breach

Go to article at
15.5.2020
Illegal Personal Data Processing

Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers

Hackers are now getting telecom employees to run software that lets the hackers directly reach into the internal systems of U.S. telecom companies to take over customer cell phone numbers, Motherboard has learned. Previously, these hackers have bribed telecom employees to perform SIM swaps or tricked workers to do so by impersonating legitimate customers over the phone or in person. But instead of targeting consumers, they're tricking telecom employees to install or activate RDP software, and then remotely reaching into the company's systems to SIM swap individuals. Once RDP is enabled, "They RDP into the store or call center [computer] [...] and mess around on the employees' computers including using tools," said Nicholas Ceraolo, an independent security researcher who first flagged the issue to Motherboard. Certain employees inside telecom companies have access to tools with the capability to 'port' someone's phone number from one SIM to another.

Go to article at
15.5.2020
Malware

Beware of Amazon Prime Support Scams in Google Search Ads

A malicious ad campaign is underway in Google Search results that lead users to fake Amazon support sites and tech support scams. A security researcher reached out to BleepingComputer today about search keywords such as "amazon prime" and "amazon prime customer support" that leads to ads pretending to be Amazon Prime support. For example, in the image below simply searching for "amazon prime" resulted in a fake and shady-looking support ad hosted on sites.google.com. In addition to Amazon support scams, other ads discovered by the researcher were for the search keywords "my account" and "login" that lead to a variety of different tech support scams like the one below. Tech Support Scam ads in Google Search Clicking on these ads lead to tech support scams located on sites such as  sites.google.com, Azure, and other providers. Tech Support Scam via Google Ads Now many of you may look at these ads and wonder how anyone could fall for them.

Go to article at
15.5.2020
Phishing

Pabbly Email Marketing Exposes 51.2 Million Records Online

Jeremiah Fowler reports: Email marketing is big business and many companies rely on emails to keep in contact with their...

Go to article at
15.5.2020
Illegal Personal Data Processing

Get started today

Start free, in your familiar Teams environment.
If you have some questions first, book a meeting with us.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementDynamic policy documentsPrivacy management
Resources
AcademyWebinarsBlogHelp articlesVideo coursesWeekly news digestsSubscribe to AcademyLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security