Wed.Sep 11, 2019

NY Payroll Company Vanishes With $35 Million

Krebs on Security

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies.

Microsoft Patches 2 Windows Flaws Already Being Exploited

Data Breach Today

September's Patch Tuesday Addresses Elevation of Privileges Flaws As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild.

NetCAT attack allows hackers to steal sensitive data from Intel CPUs

Security Affairs

Experts discovered a flaw dubbed NetCAT (Network Cache ATtack) that affects all Intel server-grade processors and allows to sniff sensitive data over the network.

Demo 109

Government Agencies Field More Cybersecurity Maturity Models

Data Breach Today

Pentagon and DOE Pitch Security Frameworks - But Should They Defer to NIST? The Pentagon and the Department of Energy are pitching new or revised cybersecurity capability maturity models to help their sectors prioritize cybersecurity investments and refine processes and controls.

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

Security experts have discovered that some models of D-Link and Comba WiFi routers leak their administrative login credentials in plaintext. Security researchers from Trustwave’s SpiderLabs have discovered several credential leaking vulnerabilities in some models of D-Link and Comba Telecom.

More Trending

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

One of the promising cybersecurity trends that I’ve been keeping an eye on is this: SOAR continues to steadily mature. Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Related: Here’s how Capital One lost 100 million customer records SOAR holds the potential to slow – and, ultimately, to help reverse – the acute and worsening cybersecurity skills shortage.

Business Email Compromise Crackdown: 281 Suspects Busted

Data Breach Today

Global Operation Targets Fraudsters as FBI Sees BEC Losses Hit $26 Billion A global law enforcement operation has resulted in the arrest of 281 suspects allegedly involved in business email compromise scams.

168
168

Dissecting the 10k Lines of the new TrickBot Dropper

Security Affairs

Malware researc h ers at Yoroi -Cybaze analyzed the TrickBot dropper, a threat that has infected victims since 2016. Introduction. TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool.

Chinese APT Group 'Thrip' Powers Ahead

Data Breach Today

Hackers Have Attacked at Least 12 Targets Since 2018, Symantec Researchers Say A Chinese advanced persistent threat group dubbed "Thrip" has attacked at least 12 organizations in Southeast Asia since being exposed last year, Symantec researchers say.

Groups 164

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

LokiBot info stealer involved in a targeted attack on a US Company

Security Affairs

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company.

Remote Desktop Protocol: The Security Risks

Data Breach Today

In the past year, cybercriminals behind two of the biggest ransomware attacks have abandoned other techniques in favor of exploiting remote desktop protocol. Matt Boddy of Sophos explains why RDP attacks are so popular - and what you can do to discourage them

Risk 123

The Wolcott school district suffered a second ransomware attack in 4 months

Security Affairs

Another ransomware attack hits a school district, the victim is an institute in Connecticut that was targeted twice in only four months. For the second time in just four months, another the Wolcott school district in Connecticut was a victim of a ransomware attack.

More on Law Enforcement Backdoor Demands

Schneier on Security

The Carnegie Endowment for International Peace and Princeton University's Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: " Moving the Encryption Policy Conversation Forward.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Unseen 9/11 photos bought at house clearance sale

IG Guru

June 19 2019 via BBC News Archivists who bought a stash of CDs at a house clearance sale found 2,400 photos of Ground Zero in New York taken following the 9/11 attacks in 2001.

Sales 81

Driving Data

Perficient Data & Analytics

Stuck In Rush Hour. A few days ago I was driving home from Atlanta during rush hour and my phone died. All I could see in front of me were brake lights and red lights. Not a huge deal, I knew where I wanted to go and I knew how to get there.

Data 71

Catches of the month: Phishing scams for September 2019

IT Governance

We’re back for another round-up of phishing scams that caught our eye over the past month. This series provides real-life examples of phishing emails, helping you understand how they work and what you should do to avoid falling victim. You can check out last month’s list if you missed it.

Moving to an Agile “New” Big Data Paradigm

Perficient Data & Analytics

A few years ago, I was in the middle of getting together a conceptual architectural document for a project that required very agile methodologies based on microservices and cross- functional teams.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Major Groupon, Ticketmaster Fraud Scheme Exposed By Insecure Database

Threatpost

An exposed database containing 17 million email addresses exposed a massive fraud scheme impacting vendors like Groupon and Ticketmaster. Web Security cybercriminal database exposed data exposed emails Fraud groupon ticketmaster

Data 94

Proposed Browser Security Guidelines Would Mean More Work for IT Teams

Dark Reading

CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope

IT 94

198 Million Car-Buyer Records Exposed Online for All to See

Threatpost

An Elastica DB belonging to Dealer Leads exposed a raft of information collected by "research" websites aimed at prospective car buyers.

Cloud 91

How responsible are cloud platforms for data security?

Information Management Resources

A trustworthy cloud developer should take precautions and improve cloud security the best it can—but how responsible should the developer be for ensuring the integrity of their system? Cyber security Data security Cloud computing

Cloud 63

Feds Indict 281 People for Involvement in Massive E-Mail Fraud Scheme

Threatpost

A coordinated effort between multiple agencies arrested suspects in Nigeria, the U.S. and eight other countries as well as seized nearly $3.7 million.

How We Helped Malcom X Get Better at Records Management

TAB OnRecord

Malcolm X College of Chicago (MXC) has a historical records collection including tens of thousands of documents going back to 1911. This critical information had always been housed in a massive storage room full of dusty boxes where staff often spent hours looking for a single record.

Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack

Threatpost

A new attack on Intel server-grade CPUs could allow the leakage of SSH passwords - but luckily it's not easy to exploit. Hacks Vulnerabilities Intel Intel CPU intel server intel xeon netCAT Side-channel attack ssh passwords

IT 89

5 things you need to do to scale robotic process automation

DXC Technology

Raise your hand if you have deployed one or more robots in your operations. Now raise your hand if you have deployed one hundred or more robots. Not there yet? No worry, as that is currently the situation in most businesses. With robotic process automation (RPA) pilots almost everywhere, creating industrial scale has emerged […]. Business Processes Robotics rpa

Strangest Phishing Lures of 2019: From Divorce Papers to Real Estate Decoys

Threatpost

Proofpoint's senior director of the threat research team discusses the strange levels that attackers are going to in order to persuade victims to click on phishing messages. Podcasts Web Security brain food scam Credential Theft deepfake enterprise malicious email malspam Phishing Spam Web security

281 Arrested in International BEC Takedown

Dark Reading

Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports

76

ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users

Threatpost

Telemetry for the first half of the year shows that Apple's ecosystem is firmly in cybercriminals' sights. Malware Most Recent ThreatLists Web Security 2019 Adware apple APT attacks first half is it safer Kaspersky Lazarus Group macOS malware Phishing shlayer the report

Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy

The Security Ledger

Third party cyber risk is growing. Despite that, most companies are unprepared to address it in a systematic way.

Risk 52

eNotes: If you build it they will come…15 years later

InfoGoTo

In April of 2004, MERS announced the launch of the eRegistry, the system that would be the holder for the eNote controller and location. Over the next few years providers began establishing a market space for eSign, electronic form creation, and eVault capabilities.