Thu.Apr 02, 2020

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong.

Morrisons Not Liable for Breach Caused by Rogue Employee

Data Breach Today

Employees' Attempt to Receive Financial Compensation Dismissed by Supreme Court Supermarket giant Morrisons is not liable for a data breach caused by a rogue employee, Britain's Supreme Court has ruled, bringing to a close the long-running case - the first in the country to have been filed by data breach victims

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

List of data breaches and cyber attacks in March 2020 – 832 million records breached

IT Governance

With organisations across the globe turned upside down by the COVID-19 pandemic, there has never been a worse time to suffer a data breach or cyber attack. And the bad news is that unsettled employees, many of whom are being asked to work from home, and depleted workforces mean there is an increased chance of an incident occurring. Thankfully, we’ve only found 67 incidents this month, with a total of 832,486,418 affected records – which is only slightly higher than last month’s figures.

Zoom Rushes Patches for Zero-Day Vulnerabilities

Data Breach Today

Researcher Found Flaws in Zoom's Teleconference Platform The day after security researcher Patrick Wardle disclosed two zero-day vulnerabilities in the macOS client version of Zoom's teleconferencing platform, the company on Thursday rushed out patches for these flaws and one other

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

New COVID19 wiper overwrites MBR making computers unusable

Security Affairs

A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR. SonicWall’s security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). Unfortunately, this is one of the numerous attacks conducted by cyber criminals and nation-state actors in an attempt to take advantage of the COVID19 epidemic.

More Trending

Marriott Was Hacked -- Again

Schneier on Security

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points balance, but not passwords) Additional Personal Details (e.g.,

Coalition Offers Remote Workforce Security Tips

Data Breach Today

Andy Bates of Global Cyber Alliance on 'Work From Home, Secure Your Business' The Global Cyber Alliance is one of 13 nonprofit organizations that have banded together to offer businesses security tips for their newly remote workforces. Andy Bates, executive director of the alliance, discusses the coalition's core guidelines for reducing cyber risk

Risk 125

Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak

Security Affairs

Crooks target Android users working from home due to the Coronavirus outbreak with a Trojanized version of the popular video messaging app Zoom. Security experts from Bitdefender have spotted tainted versions of the Android Zoom video-conferencing application that is targeting users working from home due to the Coronavirus outbreak. Researchers detected re-packaged Zoom mobile applications that are distributed via third-party markets.

Cloud 80

COVID-19 Crisis Triggers More HIPAA Policy Changes

Data Breach Today

Business Associates Cleared to Make 'Good Faith' Disclosures of PHI In the latest move to relax certain HIPAA requirements during the COVID-19 crisis, federal regulators Thursday paved the way for business associates to share protected health information for public health-related activities during the pandemic

120
120

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. Recently Microsoft has published details about human-operated ransomware attacks that targeted organizations in various industries.

Australian Kids' Smartwatch Maker Hit By Same Bug Again

Data Breach Today

TicTocTrack Fixes Bug That Exposed Data, Allowed Tampering With Kids' Location An Australian company that sells a GPS tracking smartwatch for kids accidently exposed personal data a second time. But this time around, it has not notified users about the bug, which also could have been used to spoof the location of children

Hackers exploited IE and Firefox flaws in attacks on entities in China, Japan

Security Affairs

An APT group is exploiting the flaws patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. An APT group is exploiting two vulnerabilities patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. The first issue, tracked as CVE-2019-17026 , affects the Firefox browser and was addressed in January.

A Hacker's Perspective on Securing VPNs As You Go Remote

Dark Reading

As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful

IT 69

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

DXC employees support Alzheimer Scotland

DXC

A team of DXC Technology employees based in Erskine, Scotland recently won an internal Charity Challenge award for their efforts to raise money and awareness for Alzheimer Scotland. The team consisted of employees across all areas of the business brought together by their passion and enthusiasm for supporting this charitable organisation, which provides much-needed support […]. Corporate Responsibility UK & Ireland

67

Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats

Dark Reading

Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks

Risk 67

Data Science Virtual Expert Panel Presented by AWS

Perficient Data & Analytics

Join us and our partner Amazon Web Services (AWS) for a virtual Q&A session on Wednesday, April 15. AWS will feature one of our experts to speak on a panel about the evolution and progress being made to solve critical business problems such as customer personalization and forecasting through the use of data science. Perficient and the panel will be ready to answer questions about machine learning, services such as Amazon Personalize and Amazon Forecast , and more.

Vulnerability Researchers Focus on Zoom App's Security

Dark Reading

With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

A partnership for growth and innovation: IBM Informix and HCL

IBM Big Data Hub

Building on a history of collaboration, in April 2017, IBM and HCL entered into a 15-year partnership that merged the best of their shared knowledge and teaming experience to accelerate the product roadmap and innovation of IBM Informix

56

Phishers Try 'Text Direction Deception' Technique to Bypass Email Filters

Dark Reading

With COVID-19 concerns running high, attackers are trying new tactics to get to users

64

Zoom Removes Data-Mining LinkedIn Feature

Threatpost

The feature, criticized for "undisclosed data-mining," is only the latest privacy faux pas for Zoom this month. Privacy Vulnerabilities Web Security Data Mining Data security disabled LinkedIn linkedin feature navigator public response removes Security issues zoom zoom data zoom security

Bad Bots Build Presence Across the Web

Dark Reading

Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation

59

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Realizing the unimaginable in distance learning

Jamf on EdTech

With 48 hours notice, the faculty of the Sewanhaka Central High School District completely re-imagined education. They are teaching students from their living rooms. They are providing counseling sessions, and the essential services for special education and ELL students, entirely online. Read how Sewanhaka realized a goal they previously thought "unimaginable

New Magecart Skimmer Infects 19 Victim Websites

Dark Reading

MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7

IT 58

Reassuring Words and Good Intentions Don't Mean Good Security

Troy Hunt

How much can you trust the assertions made by an organisation regarding their security posture? I don't mean to question whether the statements are truthful or not, but rather whether they provide any actual assurance whatsoever. For example, nearly 5 years ago now I wrote about how "we take security seriously" was a ridiculous statement to make immediately after a data breach.

Best Practices to Manage Third-Party Cyber-Risk Today

Dark Reading

Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management

Risk 57

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

[Podcast] The Universal Translator – Not Just for Star Trek Anymore

AIIM

The show Star Trek always had the coolest futuristic technology. For example, I can’t tell you how many times I’ve wished I could tell Scotty to “Beam me up!” and be teleported back home. Another thing that really caught my eye on that show was their “universal translator.” It was basically this handheld device that allowed you to easily communicate across any language – be it human or alien!

Companies Are Failing to Deploy Key Solution for Email Security

Dark Reading

A single -- albeit complex-to-deploy -- technology could stop the most expensive form of fraud, experts say. Why aren't more companies adopting it

IT 54

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig

Threatpost

Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet. Breach Cloud Security Mobile Security Privacy Web Security Amazon Web Services AWS cloud bucket Cloud misconfiguration credit cards Cyberattacks digital wallet exposed database Identity theft key ring loyalty cards medical marijuana cards Phishing PII S3

Cloud 62