ServiceNow Vulnerabilities, Ukraine Heating Hack, FREE CISSP Flash Cards + More

Author

InfoSec Sam
July 28, 2024

This week's newsletter

Recent News

Service(Patch)Now 

Cybercriminals are exploiting newly discovered vulnerabilities in ServiceNow’s platform, targeting organisations that rely on the popular IT service management tool.

These exploits can lead to unauthorised access and potential data breaches. ServiceNow users are urged to apply patches promptly and enhance their security protocols to mitigate risks. 

Didn’t KnowBe4

KnowBe4, a cybersecurity firm best known for their training and awareness platform, uncovered a fake North Korean IT worker who was hired and subsequently caught planting malware within the company.

The background screening failed to detect that the employees identity was in actual fact an AI deepfake! However, the KnowBe4 security team detected malicious activity just 25 minutes after the new emoployee received their workstation.

This incident highlights the increasing sophistication of cyber threats and the lengths that threat actors will go to. It also demonstrates the importance of thorough vetting and monitoring of new employees to prevent internal security breaches.

Heating Hackers

Hackers used malware to shut down the heating system in a Ukrainian city, researchers report. A new malware, dubbed FrostyGoop, was found to target industrial control systems, specifically against a type of heating system controller. 

While the researchers said the malware was unlikely to cause widespread outages, it shows an increased effort by malicious hackers to target critical infrastructure, like energy grids.

Other News

  • Apple Relay Outage - Apple's iCloud Private Relay experienced outages, affecting some users' ability to browse the internet securely and privately.

  • Wiz Bets Big - Wiz, a cybersecurity startup, declined Google’s $23 billion acquisition offer to maintain the company’s independence and mission.

  • Crowdstrike Cons - The large scale Crowdstrike outage has led to phishing campaigns preying on those impacted by promising to help recovery but instead infect systems with malware. Stay vigilant!

Career Development

FREE CISSP Flash Cards

The ISC2 Certified Information Systems Security Professional (CISSP) certification is one of the most well regarded qualification any cyber security professional can achieve.

Wherever you are in your journey towards obtaining CISSP, these free flash cards by ISC2 will help lead you to success. The cards cover the following domains:

Below you will find a link to sign up for the ISC2 CISSP flash cards as well as other free resources shared on my TikTok channel:

Subscribe to keep reading

This content is free, but you must be subscribed to InfoSecSam's Newsletter to continue reading.

I consent to receive newsletters via email. Terms of use and Privacy policy.

Already a subscriber?Sign in.Not now