This is the March news and product review from Cyberday and a summary of the first admin webinar of 2025. We will try to hold these more often this year and will announce through various channels when the next admin webinar is scheduled. You can register for the upcoming webinars on our Webinars page closer to the event.
NIS2 implementation is partly delayed and no major news on the Directive has been seen at this point. Many EU countries are still finalising national legislation. The latest countries to finish the process are Romania and Slovakia. There are several reasons for the delay in implementation, such as political tensions, elections or unsuitable government coalitions. At the moment there is still a quiet period, but soon the laws will be finalized and the real enforcement activity can begin.
Interested in NIS2? Check out our NIS2 content collection.
The European Banking Authority (EBA) has updated its guidance on DORA with regard to the management of information security risks. The EU Commission has also issued a delegated regulation to describe Threat-Led Penetration Testing (TLPT). Work is continuing with supervisory authorities to obtain further information on how TLPT should be implemented. This is progressive legislation in the sense that it is not just any penetration testing but testing designed on the basis of threat intelligence. As DORA technical standards become more complete, they will also be available in Cyberday. This work is ongoing and we are actively monitoring developments.Â
Read the whole article from natlawreview.com
Systematic security work involves managing roles within an organisation and this is currently possible in Cyberday under the "Units and Employees" section. The administrator can link users to different roles and the process is facilitated by the ready library of roles in Cyberday. It is also possible to create your own roles. The role description can be used to generally describe the responsibilities associated with the role, as well as to fill in more detailed documentation, such as information about the credentials and the skills required for the role. Regardless of whether it is a top-level theme or a specific policy, it is now possible to link it either to an individual or, for example, to a specific role.Â
Often organisations want to make some of their reports publicly available and this is possible with the help of our trust center website. The trust center site needs to be set up separately and its settings define, for example, who can view the site, which reports are displayed there and who is the main contact person for the site. Our trust center site is convenient to include on your own website. In further development, we plan to extend the functionality of the site and in the future it will be possible to publish, for example, your own certificate on the site.
Now, on the dashboard, under the main structure of the management system, there is a "Recommendations for next steps" section, which makes it easy to see what further actions you can take to improve the two main values, compliance or assurance values. A short list of three different items that could be improved next is shown in the dashboard listing, but it is also possible to open a more extensive list of tasks. The order of both lists is done in such a way that the measures with the highest impact on the value are always displayed at the top.Â
The new updated risk matrix is now displayed on the desktop and in risk management reports. This gives you a clearer picture of your own risks and a clear view of changes as your security work moves forward.
There is now a separate Files page under the More button.
For example, when a description is changed, the event log now also shows the old version and you can easily compare the changes made. This is also handy in cases where you accidentally edit the description, so you can easily restore the old one.Â
We added the ability to customise the columns displayed in the table to suit your needs on the All Tasks page. This allows you to easily see, for example, which tasks have been edited in the last 24 hours.
We will actively continue to develop the product and monitor feedback from users. Future development topics include the Trust Center website, supplier surveys, NIS2 national requirements frameworks, and the sharing of job descriptions and other content. The use of AI to answer security queries is also being explored.
Article from thehackernews.com
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users.
"What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and DynDNS."
The attack chains involve sharing links to a password-protected archive on YouTube videos, which, when opened, unpacks a start.bat batch file that's responsible for retrieving another archive file via PowerShell.
The batch file then utilizes PowerShell to launch two executables embedded within the newly downloaded archive, while also disabling Windows SmartScreen protections and every drive root folder to SmartScreen filter exceptions.
Article from wired.com
Federal auditors are raising the alarm about Elon Muskâs so-called Department of Government Efficiency (DOGE), which has been accessing sensitive government systems under the pretense of conducting audits. According to experienced auditors, DOGEâs operations bear no resemblance to real government audits, lacking planning, methodology, or certified personnel.
Instead of reducing waste, DOGEâs actionsâsuch as mass staff cuts and contract cancellationsâmay actually increase long-term costs. Concerns are mounting over DOGEâs access to sensitive data without proper clearances, while the young and inexperienced team bypasses traditional vetting.
âThis is not an audit,â one auditor said. âItâs a heist.
Article from krebsonsecurity.com
A message appeared on the website of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) asking recently fired employees to send sensitive information - such as Social Security numbers - via email in a secure attachment. However, no instructions on how to send the password were given and some sent the password in the same email.
The message violates clear security practices and exposes the government to potential malware. The situation reflects a wider trend whereby the administration is bypassing established security practices in the name of speed or convenience. At the same time, Musk-led DOGE is introducing Starlink into government networks without proper risk assessment, raising questions about the lack of security clearance.
According to former top experts, the mass layoffs and replacement of the inexperienced seriously threaten the backbone of US cyber defence.
"It's not just about incompetent practices. It's about dismantling the security of the entire administration piece by piece," sums up former NSA senior cybersecurity expert Rob Joyce.
Article from cybersecurity-insider.com
A high-profile attempted murder trial in Strafford County, New Hampshire, was abruptly postponed due to a cyberattack that disabled court operations. The trial, involving Jason Levesque and the shooting of his neighbor, had reached its final hearing when the court's IT systems were compromised.
Itâs unclear whether the attack was random or targeted, but the disruption forced a delay in justice and raised concerns about the vulnerability of judicial systems to cyber threats. Experts note that such attacksâespecially ransomwareâcan cripple critical systems for weeks or months, with wide-ranging legal and financial impacts.
Cyberattacks on courts are not just technical incidentsâtheyâre attacks on the rule of law.
.png)
