Wed.Nov 18, 2020

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.

As Businesses Move to Multicloud Approach, Ransomware Follows

Dark Reading

The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change

Cloud 97

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Gaming Company Confirms Ragnar Locker Ransomware Attack

Data Breach Today

Capcom Says Over 350,000 Customer, Business Records Possibly Compromised Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records potentially compromised, including sales and shareholder data.

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Security Affairs

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Latest Ransomware Trends: Lessons to Learn

Data Breach Today

Learning From Difficult Recoveries and Advice in Government Alerts As ransomware attacks on the healthcare sector continue to surge, entities should heed the lessons emerging from these incidents as well as the advice provided in alerts from government agencies, security experts say

More Trending

Cybersecurity Leadership: '2020 Has Been the Perfect Storm'

Data Breach Today

CEOS and CISOs on the New Challenges to Securing Data With COVID-19 as a backdrop and 5G on the horizon, what will be 2021's top issues in identifying, protecting and defending against attacks across a dramatically expanded threat landscape?

Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women

WIRED Threat Level

A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored. Security Security / Security News

IT 84

Brace for DNS Spoofing: Cache Poisoning Flaws Discovered

Data Breach Today

Fixes Arriving to Safeguard DNS Against Newly Found 'SAD DNS' Side-Channel Attack Researchers are warning that many domain name system server implementations are vulnerable to a spoofing attack that allows attackers to redirect, intercept and manipulate traffic.


How to Identify Cobalt Strike on Your Network

Dark Reading

Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike


How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Accused Ringleader of FIN7 Hacking Group Pleads Guilty

Data Breach Today

Andrii Kolpakov Faces 25 Years for Wire Fraud And Conspiracy, Documents Show An accused ringleader of the notorious FIN7 hacking group, which prosecutors say stole 15 million payment cards over several years, has pleaded guilty to multiple federal charges, according to court documents.


Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America.

Chinese Hacking Group Suspected of Far-Reaching Campaign

Data Breach Today

Researchers: 'FunnyDream' Targeted Over 200 Entities in Southeast Asia A recently identified Chinese hacking group dubbed "FunnyDream" has targeted more than 200 government entities in Southeast Asia since 2018 as part of an ongoing cyberespionage campaign, according to research from Bitdefender

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

Researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability. .

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

North Korean Hackers Suspected of Supply-Chain Attacks

Data Breach Today

ESET: Attackers Used Hijacked Software to Target South Korean Organizations North Korean hackers are suspected of carrying out a novel-supply chain attack that targeted businesses in South Korea using stolen digital certificates, according to researchers with ESET.


Online Shopping Surge Puts Focus on Consumer Security Habits

Dark Reading

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say

Cisco fixed flaws in WebEx that allow ghost participants in meetings

Security Affairs

Cisco has addressed three flaws in Webex Meetings that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.

Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings

Dark Reading

Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them


Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Widespread Scans Underway for RCE Bugs in WordPress Websites


WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Vulnerabilities Web Security epsilon framework Hackers internet scans probes RCE remote code execution Security Vulnerabilities site takeover themes WordFence wordpress

Researchers Say They've Developed Fastest Open Source IDS/IPS

Dark Reading

With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab


LAPD Bans Facial Recognition, Citing Privacy Concerns


The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.

Out With the Old Perimeter, in With the New Perimeters

Dark Reading

A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly


The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Smart changes in store

Micro Focus

How Kmart modernized using AWS and Micro Focus Introduction A recent Forbes article commented, “COVID-19 will be remembered for many things and what’s becoming indisputable is how it is rapidly transforming business”.

IT 64

Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping


Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.

Data flow mapping key to EU–third country data transfers

IT Governance

When the European Court of Justice invalidated the EU–US Privacy Shield earlier this year, organisations were left unsure about how to legally transfer personal data into and out of the EU.

Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole


Overall Google's Chrome 87 release fixed 33 security vulnerabilities. Vulnerabilities Web Security chrome 87 Chrome 87.0.4280.66 CVE-2020-16022 google Google Chrome high severity flaw Linux Mac NAT device NAT Streamslipping TCP UDP Windows

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.


IG Guru

Palmyra, NJ (October 28,2020) – The Foundation (ARMA International Educational Foundation) is pleased to announce the recipients of the 2020 LaARMA Nostra Certification Reimbursement Awards.

The evolution of investigation and early case assessment

OpenText Information Management

Facing ever-increasing legal, regulatory and resource pressures, corporate counsel and their external legal advisors must stay ahead of the curve to protect and promote their organization’s best interests.

Webinar: Hands-on Records in a Hands-off World on Thursday, November 19th @ 12pm EST via Mid-Michigan ARMA

IG Guru

Contact mailto: for login information. The post Webinar: Hands-on Records in a Hands-off World on Thursday, November 19th @ 12pm EST via Mid-Michigan ARMA appeared first on IG GURU. ARMA Compliance IG News Record Retention Records Management Risk News Standards Storage Webinar ARMA Mid-Michigan COVID-19 Records Storage Retention