Tue.Aug 11, 2020

Microsoft Patch Tuesday, August 2020 Edition

Krebs on Security

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up!

Snapdragon Chip Flaws Could Facilitate Mass Android Spying

Data Breach Today

1 Billion Devices at Risk; Qualcomm Is Prepping Patches for OEMs to Push to Users Qualcomm is prepping patches for its Snapdragon Digital Signal Processor, used in an estimated 1 billion or more Android devices, after researchers at Check Point counted 400 flaws that attackers could exploit to take control of devices and steal all data they store

Risk 163

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Microsoft Patches 120 Vulnerabilities, Two Zero-Days

Dark Reading

The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities

86

Kaspersky: DDoS Attacks Spike During COVID-19 Pandemic

Data Breach Today

Attacks Increased in Second Quarter as Remote Workforce Grew Researchers at the security firm Kaspersky say distributed denial-of-service attacks increased dramatically in the second quarter, most likely as a result of the shift to a remote workforce because of the COVID-19 pandemic

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Zero-Trust Security 101

Dark Reading

What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak

More Trending

Zoom Vulnerabilities Demonstrated in DEF CON Talk

Dark Reading

A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data

University Investigates Skimming of Credit Card Data

Data Breach Today

Hackers Targeted Michigan State University's Online Store for Months Michigan State University is investigating how hackers were able to steal credit card data from the school's online shopping site over a nine-month period

119
119

Researchers Trick Facial-Recognition Systems

Dark Reading

Goal was to see if computer-generated images that look like one person would get classified as another person

83

TeamViewer flaw can allow hackers to steal System password

Security Affairs

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it. TeamViewer is a popular software application for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Collecting and Selling Mobile Phone Location Data

Schneier on Security

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The company told The Wall Street Journal it restricts the sale of U.S.

Sales 77

How to Help Spoil the Cybercrime Economy

Dark Reading

Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows

Cloud 73

Avaddon ransomware operators have launched their data leak site

Security Affairs

Avaddon ransomware operators, like other cybercrime groups, decided to launch a data leak site where publish data of victims who refuse to pay a ransom demand. Avaddon ransomware operators announced the launch of their data leak site where they will publish the data stolen from the victims who do not pay a ransom demand. The first group to adopt this strategy was the Maze ransomware gang in December 2019, since then other crews adopted the same stratefy, including REvil , Nefilim , and Netwalker.

17 Essential Stats About the State of Consumer Privacy

Dark Reading

These illuminating numbers offer a glimpse into current consumer attitudes and enterprise readiness for protecting their customers' personal data

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Flaws in ‘Find My Mobile’ exposed Samsung phones to hack

Security Affairs

A researcher found multiple flaws in Samsung’s Find My Mobile that could have been chained to perform various malicious activities on Samsung Galaxy Phones. The security researcher Pedro Umbelino from Portugal-based cybersecurity services provider Char49 discovered multiple vulnerabilities in Samsung’s Find My Mobile that could have been chained to perform various malicious activities on Samsung Galaxy Phones.

Symmetry Systems Emerges from Stealth

Dark Reading

Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding

Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping

Threatpost

Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users. Mobile Security Vulnerabilities Find My Mobile galaxy S7 galaxy S8 galaxy S9 mobile flaws patch Samsung Samsung Galaxy Samsung patch

Developers Need More Usable Static Code Scanners to Head Off Security Bugs

Dark Reading

As companies "shift left" -- pushing more responsibility for security onto developers -- the tools that are available are falling short, usability researchers say

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development

Threatpost

The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities. Most Recent ThreatLists career path CISO Cybersecurity Skills Gap ESG issa IT Professional mentoring recruiting skills development survey training

EU-US Privacy Shield Dissolution: What Happens Next?

Dark Reading

In a world that isn't private by design, security and liability implications for US-based cloud companies are huge

Cloud 61

Adobe Acrobat and Reader affected by critical flaws

Security Affairs

Adobe has released security updates to address twenty-six vulnerabilities in the Adobe Acrobat, Reader, and Lightroom products. Adobe has released security updates to address tens of vulnerabilities in Adobe Acrobat, Reader, and Lightroom products. Eleven out of twenty-six flaws are rated as ‘Critical’ because they could be exploited by attackers to remotely execute arbitrary code or bypass security features on vulnerable computers.

Is Edtech the Greatest APT?

Dark Reading

Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft

Threatpost

One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer. Vulnerabilities Web Security.net framework 0-Day Vulnerability august patch tuesday CVE-2020-1380 CVE-2020-1464 CVE-2020-1472 Internet Explorer microsoft patch tuesday Netlogon Remote Procedure Call Windows Windows server Zero-Day Bug

74

[Podcast] Titans of Technology Innovation

AIIM

All around us, technology is changing everything. Many can remember having to go to their local video store to rent a movie. Now, with the click of a button from the comfort of your own living room, you can access an endless amount of streaming movies. Even the simpler things in life, like flipping on a light switch, are being replaced by technology. You no longer have to lift a finger to turn on the lamp; technology can help you illuminate the room just by saying, “Alexa, turn on the lights.”.

Agent Tesla Spyware Adds Fresh Tricks to Its Arsenal

Threatpost

The RAT is surging in 2020, becoming more prevalent than even the infamous TrickBot or Emotet malware. Malware agent tesla emotet functionality keylogger new variants RAT remote access Trojan Spyware

IT 71

eDiscovery without the headaches

OpenText Information Management

This blog has been co-authored by Natasha Tieman, Rachel Teisch and Duncan Bradley. In any legal matter, the clock is the enemy. When litigation or investigations hit, organizations must quickly find proof of who said or did what. Legal and IT must work together to locate potential evidence and keep it safe to ensure it is … The post eDiscovery without the headaches appeared first on OpenText Blogs. Products eDiscovery

IT 47

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Critical Adobe Acrobat and Reader Bugs Allow RCE

Threatpost

Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader. Vulnerabilities adobe Adobe Acrobat adobe acrobat and reader critical flaw flaws patch patch tuesday vulnerability

68

ICRM is Moving to Online Testing this Fall

IG Guru

ICRM is proud to announce that we are moving to online-only testing this fall. The ICRM received overwhelming support to move towards online testing after surveying our candidates. We are excited for this new opportunity to make testing easier and more accessible for our candidates. More details will be announced later this month. 8/6/2020. The post ICRM is Moving to Online Testing this Fall appeared first on IG GURU.

Researcher discloses exploit code for a vBulletin zero-day

Security Affairs

A researcher published details and proof-of-concept exploit code for a zero-day RCE vulnerability in the popular forum CMS vBulletin. The researcher Amir Etemadieh has published technical details and proof-of-concept exploit code for a zero-day remote code execution vulnerability in vBulletin, the popular forum software. The new vulnerability is a bypass for a the security patch released by a vBulletin for the CVE-2019-16759 flaw, disclosed in September 2019.

CMS 46