Fri.Apr 03, 2020

What Went Wrong at Equifax? We Have Good Answers

Data Breach Today

What missteps led to hackers stealing details on 145 million Americans from Equifax in 2017? The answer to that question can be found in numerous reports and a Justice Department indictment.

Security and Privacy Implications of Zoom

Schneier on Security

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My My own university, Harvard, uses it for all of its classes.) Over that same period, the company has been exposed for having both lousy privacy and lousy security.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Cybersecurity Follies: Zoom Edition

Data Breach Today

British Government and Other 'Work-From-Homers' Grapple With Remote Communications The stuck-at-home chronicles have fast become surreal, as remote workers face down a killer virus on the one hand and the flattening of their work and personal lives on the other.

Hacking iPhone or MacBook devices by tricking into visiting a site

Security Affairs

Bad news for Apple iPhone or MacBook users, attackers could hack their device’s camera by tricking them into visiting a website.

ABCs of Data Normalization for B2B Marketers

Data normalization. It’s not a far stretch to suggest that the topic isn’t exactly what gets marketers excited in their day-to-day workflow. However, if lead generation, reporting, and measuring ROI is important to your marketing team, then data normalization matters - a lot. In this eBook, we’ll break down the ins and outs of data normalization and review why it’s so critical for your marketing strategies and goals!

CISO Conversations: Healthcare's Unique Opportunity

Data Breach Today

ChristianaCare's Anahi Santiago on Telehealth Advances Amidst Pandemic Crisis Healthcare professionals are on the front line in the war against COVID-19, and their cybersecurity leaders bear unique pressure to support and secure their efforts.

More Trending

Italian Social Security Website Disrupted

Data Breach Today

News Reports Say Officials Investigating After Thousands Could Not Access Site Italian officials are investigating whether a disruption this week of access to the country's social security website was due to a hacking incident or a network overwhelmed by demand for benefits offered during the COVID-19 pandemic, according to news reports.

The Best Time to Get An Enterprise Architecture Tool

erwin

Many organizations start an enterprise architecture practice without a specialized enterprise architecture tool. Instead, they rely on a blend of spreadsheets, Visio diagrams, PowerPoint files and the like. Under normal circumstances, this approach is difficult.

Access 105

Magecart Group Hits Small Businesses With Updated Skimmer

Data Breach Today

Researchers Determine That 19 Ecommerce Sites Have Been Targeted A Magecart group has been using a new skimmer technique to target the online checkout sites of smaller businesses in order to steal credit card data, according to RiskIQ researchers, who have spotted 19 of these malicious JavaScript attacks so far.

173
173

A Hacker Found a Way to Take Over Any Apple Webcam

WIRED Threat Level

They've been patched, but the Safari vulnerabilities would have given an alarming amount of access. Security Security / Security News

Access 104

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Botnet Targets Devices Running Microsoft SQL Server: Report

Data Breach Today

Researchers Say 'Vollgar' Botnet Installs Cryptominers Researchers at security firm Guardicore Labs are tracking a botnet they call Vollgar that's targeting devices running vulnerable Microsoft SQL Server databases with brute-force attacks and planting cryptominers in the infected databases

Bug Bounty Programs Are Being Used to Buy Silence

Schneier on Security

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny.

Analysis: The Path Back to Business as Usual After COVID-19

Data Breach Today

The latest edition of the ISMG Security Report offers an analysis of the phases businesses will go through in the recovery from the COVID-19 pandemic, plus an assessment of new risks resulting from the work-at-home shift and lessons learned from the Equifax breach

Risk 139

5 Soothing Security Products We Wish Existed

Dark Reading

Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy

The 2019 Technographic Data Report for B2B Sales Organizations

In this report, ZoomInfo substantiates the assertion that technographic data is a vital resource for sales teams. In fact, the majority of respondents agree—with 72.3% reporting that technographic data is either somewhat important or very important to their organization. The reason for this is simple—sales teams value technographic data because it makes essential selling activities easier and more efficient.

Twitter discloses privacy issue that caused caching of files sent via DMs in Firefox

Security Affairs

Twitter discloses a privacy issue in the way the Mozilla Firefox cached private files sent or received via DM for up to 7 days. Twitter admitted that the private files sent via Twitter DMs were cached inside the users’ Firefox browsers for up to seven days, even if users have logged off.

Want to Improve Cloud Security? It Starts with Logging

Dark Reading

Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place

Cloud 83

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

Security Affairs

An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin.

So Wait, How Encrypted Are Zoom Meetings Really?

WIRED Threat Level

The service's mixed messages have frustrated cryptographers, as the US government and other sensitive organizations increasingly depend on it. Security Security / Security News

The Time-Saving Power of Intent Data for Sales

By using the power of intent data, capturing buyer interest has become more feasible for sales. Not only that, but using it will save immense time during your workflow; a win-win on all fronts.

FBI Warns Education & Remote Work Platforms About Cyberattacks

Dark Reading

The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic

Self-Propagating Malware Targets Thousands of Docker Ports Per Day

Threatpost

A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations. Cloud Security Malware aquasec Bitcoin Mining containers cryptojacking campaign Cryptominer Docker kinsing malware misconfiguration self-propagating

Mining 111

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

Dark Reading

A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera

Magecart group 7 use new e-skimmer to steal payment data

Security Affairs

RiskIQ researchers spotted a new ongoing Magecart campaign that already compromised at least 19 different e-commerce websites.

How ZoomInfo Enhances Your Database Management Strategy

Forward-thinking marketing organizations have continuously invested in a database strategy for enabling marketing processes. Download this ebook to learn how to maintain a strategy that includes refreshed information, database cleanses, and an accurate analysis at the same time.

This is Not Your Father's Ransomware

Dark Reading

Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister

Enterprise IT and #StoptheSpread Intersect

Micro Focus

The effects of COVID-19 are real and significant on a global scale. We have all been impacted in very meaningful ways, and it has required all of us to rethink how we operate on a daily basis from work to education to entertainment.

COUNTDOWN TO IBM THINK WITH IBM CHAMPION JULIE BERGH

Rocket Software

This year, a record-breaking number of Rocket employees were named as 2020 IBM Champions—13 to be exact. To celebrate our ongoing partnership with IBM, and our dedication to innovation, legacy technologies and legendary results, we want to highlight them. .

Thousands of Android Apps Are Silently Accessing Your Data

WIRED Threat Level

More than 4,000 Google Play apps let developers and advertisers collect a list of the user's other installed apps, no permission needed. Security Security / Cyberattacks and Hacks

How ZoomInfo Enhances Your ABM Strategy

For marketing teams to develop a successful account-based marketing strategy, they need to ensure good data is housed within its Customer Relationship Management (CRM) software. More specifically, updated data can help organizations outline key accounts for their campaigns. And to begin the targeting process, marketing teams must develop an Ideal Customer Profile (ICP) with appropriate firmographic and behavioral data to ensure they’re going after the correct audience.Download this eBook to learn how to start improving your marketing team's data!

Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer

Threatpost

The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus. Malware Web Security Center for Disease Control coronavirus COVID-19 data theft LokiBot Phishing spearphishing threat actors world health organization

Catches of the month: Phishing scams for April 2020 – the coronavirus special

IT Governance

There’s been one thing on our minds the past month: coronavirus. It appears that cyber criminals are the same, focusing all their efforts on scams that capitalise on the panic. One of the biggest risks is phishing scams – malicious messages that appear to be from a trusted source.

Coronavirus (COVID-19) and Tech: Free Resources for IT Pros via CompTIA

IG Guru

Kind of CompTIA to offer free resources for IT Pro’s or those who want to learn more about Network Troubleshooting, Cloud Computing, and Cybersecurity. Check out the link here. The post Coronavirus (COVID-19) and Tech: Free Resources for IT Pros via CompTIA appeared first on IG GURU.

IT 60