Wed.May 20, 2020

Phishing Attack Bypassed Office 365 Multifactor Protections

Data Breach Today

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense

Researchers disclose five Microsoft Windows zero-days

Security Affairs

Security experts have disclosed five unpatched vulnerabilities in Microsoft Windows, four of which rated as high-risk severity. Security experts from Trend Micro’s Zero Day Initiative (ZDI) have published information on five unpatched vulnerabilities in Microsoft Windows.

Risk 112

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Toll Group Data Leaked Following Second Ransomware Incident

Data Breach Today

To Suffer One May Be Regarded As a Misfortune; To Suffer Two Looks Like Carelessness Australian shipping giant Toll Group recently suffered its second ransomware outbreak of the year, with Thomas Knudsen, the company's managing director, branding the latest attack as being "serious and regrettable."

Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say

Dark Reading

As COVID-19-themed spam rises, phishing-not so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials

ABCs of Data Normalization for B2B Marketers

Data normalization. It’s not a far stretch to suggest that the topic isn’t exactly what gets marketers excited in their day-to-day workflow. However, if lead generation, reporting, and measuring ROI is important to your marketing team, then data normalization matters - a lot. In this eBook, we’ll break down the ins and outs of data normalization and review why it’s so critical for your marketing strategies and goals!

Police Allege Hacker Sold Millions of Email Credentials

Data Breach Today

Secret Service of Ukraine Arrests 'Sanix' for Serving as Broker on Darknet The Security Service of Ukraine this week arrested a hacker known as "Sanix" who allegedly sold combinations of millions of email passwords and usernames on darknet forums

More Trending

How CISOs Can Achieve Better Network Visibility

Data Breach Today

Cybersecurity Adviser Ed Moyle on the Need to Keep Up With Security Architecture Changes To achieve better network visibility, security practitioners must improve their knowledge of tools that support web services, containers and the evolution of development practices, says Ed Moyle, co-founder of the cybersecurity advisory firm Security Curve.

Israel is suspected to be behind the cyberattack on Iranian port

Security Affairs

Israel is likely behind the recent cyberattack which disrupted some operations at Iran’s Shahid Rajaei Port, located near the Strait of Hormuz. A couple of weeks ago, Iranian officials announced that hackers damaged a small number of systems at the port of Shahid Rajaei in the city of Bandar Abbas.

The Insider Threat: Lessons From 3 Incidents

Data Breach Today

How to Detect, Prevent Inappropriate Access by Authorized Users Three recent incidents involving inappropriate use of patient information by insiders illustrate how difficult it is for healthcare organizations to deal with the insider threat. Security experts offer risk mitigation advice

Risk 163

9 million people affected by easyJet cyber attack

IT Governance

Nine million easyJet customers have had their data stolen in a “highly sophisticated cyber attack”. The budget airline said that criminal hackers accessed a database containing email addresses and travel details. The credit card details of 2,208 customers were also compromised.

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director

Security Affairs

VMware has addressed a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, that affects its Cloud Director product. VMware has patched a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, in its Cloud Director product.

60% of Insider Threats Involve Employees Planning to Leave

Dark Reading

Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go

Risk 82

Three flaws in Nitro Pro PDF reader expose businesses to hack

Security Affairs

Two vulnerabilities in the Nitro Pro PDF editor could be exploited by threat actors to execute code remotely on vulnerable hosts. Security experts from Cisco Talos have discovered three vulnerabilities in the Nitro Pro PDF editor, two of which rated as critical (CVSS score of 8.8)

Is Zero Trust the Best Answer to the COVID-19 Lockdown?

Dark Reading

Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools

The 2019 Technographic Data Report for B2B Sales Organizations

In this report, ZoomInfo substantiates the assertion that technographic data is a vital resource for sales teams. In fact, the majority of respondents agree—with 72.3% reporting that technographic data is either somewhat important or very important to their organization. The reason for this is simple—sales teams value technographic data because it makes essential selling activities easier and more efficient.

Secure Together: Britons scammed out of £3.5 million and essential services under attack

IT Governance

Two months into lockdown and the country is getting restless.

Microsoft Warns of Vulnerability Affecting Windows DNS Server

Dark Reading

A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack

Adobe fixed several memory corruption issues in some of its products

Security Affairs

Adobe addressed multiple memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products. Adobe addressed multiple memory corruption vulnerabilities in several of its products, including an arbitrary code execution.

IT 73

Digital Transformation Risks in Front-end Code

Dark Reading

Why making every front-end developer a DevSecOps expert will lead to a more holistic approach to web and native application security

The Time-Saving Power of Intent Data for Sales

By using the power of intent data, capturing buyer interest has become more feasible for sales. Not only that, but using it will save immense time during your workflow; a win-win on all fronts.

Serco accidentally shares contact tracers' email addresses

The Guardian Data Protection

Outsourcer apologises for leaking details of 296 people assisting UK’s Covid-19 fight Coronavirus – latest updates See all our coronavirus coverage The outsourcing company Serco accidentally shared the email addresses of almost 300 contact tracers recruited to assist in the UK government’s coronavirus “test, track and trace” strategy.

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested

Threatpost

The threat actor known as ‘Sanix’ had terabytes of stolen credentials at his residence, authorities said. Breach Government Brian Krebs collection #1 Dark Web hacker hacker forums Recorded Future Sanix Stolen Credentials threat actor ukraine

Offers to Sell Enterprise Network Access Surge on Dark Web

Dark Reading

In contrast, Q1 2019 saw more interest in selling and buying access to individual servers

NetWalker Ransomware Gang Hunts for Top-Notch Affiliates

Threatpost

The operators behind the Toll Group attack are taking applications for technically advanced partners. Malware advertisements affiliates COVID-19 Dark Web double extortion healthcare attacks netwalker RaaS ransomware ransomware as a service technically advanced toll group underground forum

How ZoomInfo Enhances Your Database Management Strategy

Forward-thinking marketing organizations have continuously invested in a database strategy for enabling marketing processes. Download this ebook to learn how to maintain a strategy that includes refreshed information, database cleanses, and an accurate analysis at the same time.

How Cloud Storage Streamlines Work Collaboration

Record Nations

Today, there is an increase in remote workers. In the past, workers have used paper files which has its own set of benefits. However, paper can be expensive, difficult to manage, and hard to collaborate with. The business world is shifting towards digital accessibility, including cloud storage.

Paper 65

Data Governance as an Emergency Service

erwin

Data governance (DG) as a an “emergency service” may be one critical lesson learned coming out of the COVID-19 crisis. During times of crises, many of the less critical programs of work may be put on hold however ground-breaking they are.

Security Service of Ukraine arrested the popular hacker Sanix who sold billions of stolen credentials

Security Affairs

The Ukrainian Secret Service (SSU) has arrested a hacker known as Sanix, who was selling billions of stolen credentials on hacking forums and Telegram channels. The popular hacker Sanix has been arrested by the Ukrainian Secret Service (SSU).

Sales 63

Criminals and the Normalization of Masks

Schneier on Security

I was wondering about this : Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus.

61

How ZoomInfo Enhances Your ABM Strategy

For marketing teams to develop a successful account-based marketing strategy, they need to ensure good data is housed within its Customer Relationship Management (CRM) software. More specifically, updated data can help organizations outline key accounts for their campaigns. And to begin the targeting process, marketing teams must develop an Ideal Customer Profile (ICP) with appropriate firmographic and behavioral data to ensure they’re going after the correct audience.Download this eBook to learn how to start improving your marketing team's data!

Verizon DBIR: Web App Attacks and Security Errors Surge

Threatpost

Threatpost talks to Verizon DBIR co-author Gabriel Bassett about the top takeaways from this year's Data Breach Investigations Report. Newsmaker Interviews Podcasts attack breach data breach denial of service (DoS) hack malware ransomware Verizon Verizon DBIR

Two-Factor Authentication – What Is It and Why You Should Use It via PixelPrivacy

IG Guru

This article does a good job of explaining two-factor authentication, covers how-too’s and the risks. Article here. The post Two-Factor Authentication – What Is It and Why You Should Use It via PixelPrivacy appeared first on IG GURU.

EDPB Releases 2019 Annual Report

Hunton Privacy

On May 18, 2020, the European Data Protection Board (“EDPB”) released its Annual Report (the “Report”) providing details of the EDPB’s work in 2019. This included publication of guidelines, binding decisions and general guidance on the interpretation of EU data protection law.

GDPR 80