Weekly #cybersecurity digest to your inbox

Subscribe for our weekly digest and get each Friday the most important cyber security news, list of upcoming free webinars and a summary of Cyberday development to your inbox.
Thanks! See you in your inbox on Fridays. :)
Unfortunately something went wrong. You can contact us at team@cyberdayai.
Recent #cybersecurity weekly digests
See full archive? Go to Weekly digests -page >>

🛡️ Cyberdigest:Learn about TOP frameworks 🎉 Development news now in Cyberday! ➡️

Published at 

17:00

Open digest

🛡️ Cyberdigest: IEC 62443 (2-1) and DORA RMF published 🎉 Incident management & Summer kick-off 🗞️ 

Published at 

17:05

Open digest

🛡️ Cyberdigest: May's Product & News round-up 📝 Final webinars before summer break ☀️

Published at 

16:07

Open digest

Webinars
See the full calendar? Go to Webinars-page >>
Watch now
Webinar

Coming up on:

Wednesday

30

.

5

.

at

14:00

Admin training (part 3/5): Risk management and security control implementation

Register now
Watch now
Webinar

Coming up on:

Wednesday

7

.

6

.

at

14:00

Admin training (part 5/5): Operating and improving an ISMS and reporting compliance

Register now
Watch now
Webinar

Coming up on:

Wednesday

13

.

6

.

at

14:00

Admin training (part 4/5): Automating employee awareness, guidance and training

Register now
Watch now
Webinar

Coming up on:

Wednesday

21

.

6

.

at

15:00

ISO 27001 (part 3/5): Certification audit fundamentals

Register now
Watch now
Webinar

Coming up on:

Wednesday

9

.

8

.

at

14:00

Admin training (part 2/5): Framework selection and asset identification

Register now
Watch now
Webinar

Coming up on:

Wednesday

9

.

8

.

at

15:00

ISO 27001 (part 4/5): Staff training, guidelines and policy documents

Register now
Blog posts
Info of new posts? Subscribe now >>

Framework recap, US security & and role management: Cyberday product and news summary 3/2025 🛡️

The March product and news update presents updates to role management and the new Trust Center, a review of the key frameworks for 2025 and US security.

article

28.3.2025

Understanding DORA compliance: Key steps to prepare your organization

Understand DORA compliance and get a clear DORA requirements summary with key compliance areas, practical steps, and essential guidelines to strengthen your organization's digital resilience.

article

18.3.2025

ISMS implementation: comparison of documents, wikis, ISMS tools and GRC

There are a few different approaches to building an ISMS. In this post, we’ll compare these different methods, helping you understand which might be the best fit for your organization’s security management needs.

article

6.3.2025

What is Statement of Applicability (SoA) in ISO 27001?

In this blog, we'll cover the main purpose and benefits of a well-working Statement of Applicability document. We'll also explain why SoA is important, and 4 key roles it can play in information security work.

article

4.3.2025

Why is ISO 27001 compliance now more important than ever?

Year after year, ISO 27001 standard has remained one of the gold standards for information security. The global standard has remained relevant, but where did ISO 27001 originate? And why is it's popularity just going up?

article

27.2.2025

10 most common non-conformities in ISO 27001 audits

Audits and non-conformities drive organizations toward continuous improvement. But before your first ISO 27001 certification, it's good to be aware of some most common non-conformities, so you can avoid these in your certification audit.

article

18.2.2025

Got an ISO 27001 audit interview request - what should I expect?

In this blog, we will talk about the importance of employee participation in the audit interview process, why auditors value employee insights, and look into possible questions asked in an ISO 27001 interview.

article

13.2.2025

ISO 27001 compliance and certification checklist

Looking to ensure you fill ISO 27001 requirements? This checklist will present clearly ordered key steps that guide your organization in building an ISMS and getting compliant with the ISO 27001 standard.

article

6.2.2025

News articles
Get weekly news? Subscribe now >>

Android malware can steal Google Authenticator 2FA codes

A new version of the "Cerberus" Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts.

Go to article at
15.5.2020
Malware

Research Finds Microsoft Edge Has Privacy-Invading Telemetry

While Microsoft Edge shares the same source code as the popular Chrome browser, it offers better privacy control for users. New research, though, indicates that it may have more privacy-invading telemetry than other browsers. [...]

Go to article at
15.5.2020
Violations of Data Subject Rights

When it comes to zero-day vulnerabilities, the best approach is preventative action

Zero-day vulnerabilities are software security flaws with the potential to be exploited by cybercriminals – they’re unintended flaws found in programs or operating systems that, if left unaddressed, create security holes that can and almost certainly will be exploited. The problem stems from the traditional software development and QA testing processes that fail to identify bugs and flaws that manifest in live usage. Static and dynamic testing, RASP, and vulnerability assessments all look for known problems or known fallible coding techniques which makes it difficult to identify zero-day vulnerabilities (which are, by definition, unknown.) Even using blue-green or canary staging approaches, software bugs may not be seen and will propagate, meaning the code or application problems caused by these flaws are pushed live, because that code is not tested with production traffic. Since the existing testing methodologies have trouble finding these critical zero-day vulnerabilities, other approaches are being tried, including advanced log analysis and bug bounty programs.

Go to article at
15.5.2020
Unpatched Vulnerabilities

New year, new critical Cisco patches to install – this time for a dirty dozen of bugs that can be exploited to sidestep auth, inject commands, etc

Data Center Network Manager bugapalooza with three must-fix flaws Cisco is kicking off 2020 with the release of a crop of patches for its Data Center Network Manager.…

Go to article at
15.5.2020
Unpatched Vulnerabilities

FBI says that sharing personal info online only helps scammers

The FBI Charlotte office is warning social media users to pay close attention to the information they share online.

Go to article at
15.5.2020
Phishing

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.

Go to article at
15.5.2020
Ransomware

One man lost his life savings in a SIM hack. Here's how you can try to protect yourself

Robert Ross was sitting in his San Francisco home office in October 2018 when he noticed the bars on his phone had disappeared and he had no cell coverage. A few hours later, he had lost $1 million.

Go to article at
15.5.2020
Phishing

Phishing Campaign Uses Malicious Office 365 App

Most phishing campaigns attempt to take over accounts by tricking the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.

Go to article at
15.5.2020
Phishing

Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix gateway hole mitigations don't work for older kit

Good news: There is none. Well, apart from you can at least fully patch the Microsoft blunder Vid  Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. If you haven't taken mitigation steps by now, you're about to have a bad time.…

Go to article at
15.5.2020
Unpatched Vulnerabilities

Get started today

Start free, in your familiar Teams environment.
If you have some questions first, book a meeting with us.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementDynamic policy documentsPrivacy management
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security