Tue.Dec 01, 2020

New Zealand's Refreshed Privacy Act Takes Effect

Data Breach Today

Includes New Breach Notification Requirements, Fines and Greater Regulatory Powers New Zealand's refreshed Privacy Act, which came into effect Tuesday, introduces breach notification requirements and civil penalties.

Bomb Threat, DDoS Purveyor Gets Eight Years

Krebs on Security

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Conti Ransomware Gang Posts Advantech's Data

Data Breach Today

IoT Chipmaker Threated With Additional Data Leaks The gang behind the Conti ransomware variant has posted data to its darknet website that it says it stole during a ransomware attack on industrial IoT chipmaker Advantech last month. The company reportedly confirmed the attack on Monday

List of data breaches and cyber attacks in November 2020 – 586 million records breached

IT Governance

We recorded 103 cyber security incidents in November, which accounted for 586,771,602 leaked records. The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Fresh MacOS Backdoor Variant Linked to Vietnamese Hackers

Data Breach Today

Researchers: Malware Uses Multistage Payloads, Anti-Detection Techniques Trend Micro researchers have uncovered a macOS backdoor variant - designed to bypass security tools - that's linked to an advanced persistent threat group operating from Vietnam

More Trending

Data Breach Affects 300,000 Mental Health Clinic Patients

Data Breach Today

Largest Breach of Its Kind So Far This Year A recent data breach at a Colorado-based mental health clinic that exposed data on nearly 300,000 individuals is the latest of several in the mental health sector this year

2020 Cybersecurity Holiday Gift Guide for Kids

Dark Reading

Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros

Paper 102

Hackers Using Compromised Websites to Deliver Gootkit, REvil

Data Breach Today

Researchers: Campaign Targets Victims in Germany A hacking campaign in Germany is using compromised websites and social engineering tactics to deliver the Gootkit banking Trojan or REvil ransomware, according to Malwarebytes

Unmanaged Devices Heighten Risks for School Networks

Dark Reading

Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K-12 school networks

Risk 97

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Researchers Find Updated Variants of Bandook Spyware

Data Breach Today

Check Point: New Strains Active Around the World Check Point Research has identified new variants of the long-dormant Bandook spyware that are being used for espionage campaigns across the world targeting government, financial, energy, food industry, healthcare, education, IT and legal organization

Talos reported WebKit flaws in WebKit that allow Remote Code Execution

Security Affairs

Talos experts found flaws in the WebKit browser engine that can be also exploited for remote code execution via specially crafted websites.

SASE 101: Why All the Buzz?

Dark Reading

Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers

Cloud 91

UK gov bans new Huawei equipment installs after Sept 2021

Security Affairs

The British government will ban the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021. The British government will not allow the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021.

Risk 93

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World

Dark Reading

SPONSORED: As most of the world shifted to remote work in 2020, cybercriminals upped their game, devising ways to use the fears and anxieties of organizations and end users against them.

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882

Security Affairs

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet.

Manipulating Systems Using Remote Lasers

Schneier on Security

Many systems are vulnerable : Researchers at the time said that they were able to launch inaudible commands by shining lasers — from as far as 360 feet — at the microphones on various popular voice assistants, including Amazon Alexa, Apple Siri, Facebook Portal, and Google Assistant. […].

Paper 86

French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data

Security Affairs

The CyberNews investigation team discovered French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data. Original post @ [link].

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Malicious or Vulnerable Docker Images Widespread, Firm Says

Dark Reading

A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious

81

Malicious npm packages spotted delivering njRAT Trojan

Security Affairs

npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’ computers.

Ivanti Acquires MobileIron & Pulse Secure

Dark Reading

The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The Cybersecurity Skills Gap: It Doesn't Have to Be This Way

Dark Reading

Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole

Baltimore County Schools close after a ransomware attack

Security Affairs

Baltimore County Schools were hit by a ransomware attack that forced them to close leaving more than 100,000 students out. Baltimore County Schools are still closed following a ransomware attack and unfortunately, at the time of this writing, it is impossible to predict when school will resume.

Misconfigured Docker Servers Under Attack by Xanthe Malware

Threatpost

The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs. Cloud Security Malware Web Security botnet Cisco Talos cryptomining Docker Docker API malware misconfigured Monero SSH xanthe XMRig

Cloud 110

What’s new in OpenText eDOCS CE 20.4

OpenText Information Management

For law firms, corporate legal departments, and other organizations producing, managing and collaborating on high-touch, high-value work product, capturing and working with data at the source is vital to increasing efficiency and maintaining productivity.

Cloud 71

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Zoom Impersonation Attacks Aim to Steal Credentials

Threatpost

The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account. Hacks Web Security collaboration tools coronavirus pandemic COVID-19 Pandemic Phishing remote work scam skype Slack zoom zoom credential Zoom-bombing

Call Fraud Operator Ordered to Pay $9M to Victims

Dark Reading

Indian national will serve 20 years in prison for running a large call center fraud operation

70

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

Threatpost

New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data. Hacks Web Security Affable Kraut Credential Theft credit card skimmer e-commerce magecart online shopping PayPal postMessage threat actors twitter