Thu.Dec 03, 2020

Researchers: 25 Countries Use 'Circles' Spyware

Data Breach Today

Application Tracks Individuals via Mobile Phones Twenty-five countries are likely using spyware sold by a company called Circles that can snoop on mobile phone calls and text messages, according to Citizen Lab, a research organization based at the University of Toronto

200
200

A ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

WIRED Threat Level

A Google researcher found flaws in Apple's AWDL protocol that would have allowed for a complete device takeover. Security Security / Cyberattacks and Hacks

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Alert: APT Groups Targeting US Think Tanks

Data Breach Today

CISA and FBI Say Focus Is on Those Working on International Affairs, National Security CISA and the FBI have issued a warning that advanced persistent threat groups are waging cyberespionage campaigns against U.S.

Hackers Hide Software Skimmer in Social Media Sharing Icons

Security Affairs

Security researchers have uncovered a new technique to inject a software skimmer onto checkout pages, the malware hides in social media buttons. Security experts at Sansec have detailed a new technique used by crooks to inject a software skimmer into checkout pages.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Nintendo Hacker's Sentence: 3 Years in Prison

Data Breach Today

Prosecutors Say Ryan Hernandez Used Phishing Emails to Steal Confidential Data A 21-year-old California man who pleaded guilty to repeatedly hacking gaming company Nintendo to steal confidential data has been sentenced to serve three years in federal prison, according to the U.S. Justice Department

More Trending

Trickbot Now Uses a Bootkit to Attack Firmware

Data Breach Today

Researchers: Bootkit Finds Vulnerabilities to Exploit Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intel.

Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land

Security Affairs

E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea.

Retail 103

Phishing Campaign Targets COVID-19 'Cold Chain'

Data Breach Today

CISA Calls Attention to New IBM Report on Supply Chain Risks CISA, citing a new report by IBM, is warning organizations involved in COVID-19 vaccine production and distribution of a global phishing campaign targeting the cold storage and transport supply chain.

Open Source Does Not Equal Secure

Schneier on Security

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Microsoft Backpedals Over 'Productivity Score' Monitoring

Data Breach Today

User Tracking Eliminated in Microsoft 365 Following Privacy Backlash Microsoft is revamping its controversial "productivity score" in Microsoft 365 so that individual workers can no longer be tracked.

Potential Nation-State Actor Targets COVID-19 Vaccine Supply Chain

Dark Reading

Companies involved in technologies for keeping vaccines cold enough for safe storage and transportation are being targeted in a sophisticated spear-phishing campaign, IBM says

Hackers Are Targeting the Covid-19 Vaccine ‘Cold Chain’

WIRED Threat Level

As vaccines await US approval, a sophisticated global phishing campaign has tried to harvest credentials from companies involved in their distribution. Security Security / Cyberattacks and Hacks

From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now

Dark Reading

CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points

86

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

A scan of 4 Million Docker images reveals 51% have critical flaws

Security Affairs

Security experts analyzed 4 million public Docker container images hosted on Docker Hub and found half of them was having critical flaws.

Risk 82

Cloud Security Threats for 2021

Dark Reading

Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late

Cloud 85

Kmart, Latest Victim of Egregor Ransomware – Report

Threatpost

The struggling retailer's back-end services have been impacted, according to a report, just in time for the holidays. Malware Web Security back-end servers cyberattack egregor holiday shopping Kmart ransomware

Retail 104

Common Container Manager Is Vulnerable to Dangerous Exploit

Dark Reading

Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker

85

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

The changing state of enterprise security

OpenText Information Management

Cyber security, digital investigations and eDiscovery will never be the same.

TrickBot's New Tactic Threatens Firmware

Dark Reading

A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device

79

What are the Principles of Change Management?

AIIM

Change Management Principles. Why do so many organizations struggle with implementing change? Is it bad tactical plans? Poor strategy? A lack of focus from senior leadership? Many times, it boils down to people – the human side of change.

Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw

Dark Reading

A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Belgian DPA to Take Down Websites Infringing GDPR

Hunton Privacy

On November 26, 2020, the Belgian Data Protection Authority (“Belgian DPA”) signed a cooperation agreement with DNS Belgium, the organization managing the “.be” be” country code top-level domain name. The purpose of the cooperation agreement is to allow DNS Belgium to suspend “.be”

GDPR 97

US Officials Take Action Against 2,300 Money Mules

Dark Reading

Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering

75

From Chaos to Control with Data Intelligence

erwin

As the amount of data grows exponentially, organizations turn to data intelligence to reach deeper conclusions about driving revenue, achieving regulatory compliance and accomplishing other strategic objectives. It’s no secret that data has grown in volume, variety and velocity, with 2.5

Researchers Discover New Obfuscation-As-a-Service Platform

Dark Reading

Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps

74

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Researchers Bypass Next-Generation Endpoint Protection

Dark Reading

Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show

69

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

Threatpost

A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices.

IT 96