Wed.Mar 25, 2020

More Ransomware Gangs Join Data-Leaking Cult

Data Breach Today

Report: Nefilim, CLOP, Sekhmet Follow in Maze Gang's Footsteps More bad ransomware news: Following in the footsteps of Maze, now even more cybercrime gangs are threatening to not only crypto-lock systems but also leak stolen data. Such moves come following a banner year for ransomware operators, who are continuing to bring more advanced tactics to bear

US Government Sites Give Bad Security Advice

Krebs on Security

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. For example, the official U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FBI Shutters Alleged Russian Cybercriminal Forum

Data Breach Today

Enabled Fraudsters to Buy and Sell Stolen Data, Federal Prosecutors Say The FBI this week seized the domain of Deer.io, which federal authorities describe as a clearinghouse for stolen data and cybercriminal services operating from Russia. The alleged administrator of the now-shuttered site has been arrested and charged

166
166

MY TAKE: Deploying ‘machine learning’ at router level helps companies prepare for rise of 5G

The Last Watchdog

Machine learning (ML) and digital transformation (DX) go hand in glove. We’ve mastered how to feed data into pattern-recognition algorithms. And as we accelerate the digitalization of everything, even more data is being generated. Related: Defending networks with no perimeter Machine learning already is deeply embedded in the online shopping, banking, entertainment and social media systems we’ve come to rely on.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The Best of RSA Conference 2020

Data Breach Today

A Guide to Video Interviews With Thought Leaders at This Year's Event At RSA Conference 2020 in San Francisco, Information Security Media Group's editorial team conducted more than 130 video interviews with industry thought leaders. Here are the highlights

More Trending

Microsoft Alert: Fresh Zero-Day Flaws Found in Windows

Data Breach Today

Limited Targeted Attacks' Already Being Tracked by Technology Giant Microsoft is warning that attackers are exploiting a pair of critical, zero-day flaws in Windows that allow for remote code execution, which could enable a threat actor to take over an infected device. Although a patch for the flaws is not expected until April, the company described workarounds

120
120

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. The campaign was uncovered by FireEye , threat actor targeted many organizations worldwide the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products.

Managing Supply Chain Challenges During the COVID-19 Crisis

Data Breach Today

While responding to the COVID-19 crisis, supply chain risks can be better managed if an organization continues to rely on its longtime vendors, says Daniel Bowden, CISO at Sentara Healthcare, who offers insights on third-party security risk management in the current environment

Risk 117

Missing Patches, Misconfiguration Top Technical Breach Causes

Dark Reading

Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long

83

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Mobile Malware Bypasses Banks' 2-Factor Authentication: Report

Data Breach Today

IBM Researchers Describe How 'TrickMo,' a TrickBot Variant, Works A variant of the TrickBot Trojan bypasses two-factor authentication for mobile banking, for example, by intercepting one-time codes sent over SMS, according to IBM X-Force

Security tips to support remote work due to the coronavirus

DXC Technology

In response to the coronavirus (COVID-19) and related social distancing rules and guidelines, an ever-increasing number of companies are closing their offices and implementing work from home policies. For some workers and companies, remote work is already routine. For others though, this is uncharted territory. Many workers who previously worked exclusively from an office suddenly […]. Security coronavirus

COVID-19 and the CISO: Jim Routh on Leadership

Data Breach Today

MassMutual CISO on the Challenge of Securing Remote Workforce, Supply Chain At its core, cybersecurity is about applying scarce resources to the highest risk. And nothing quite puts that tenet to the test like the COVID-19 pandemic. Jim Routh, CISO of MassMutual, discusses the challenges of managing a remote workforce and third-party relationships during this crisis

Tupperware website has been compromised with a payment card skimmer

Security Affairs

The Tupperware website, the popular manufactured of plastic food container products was infected with a payment card skimmer. Hackers have compromised the website of the popular vendor of plastic food container products Tupperware implanting a payment card skimmer used to steal customers’ payment card details. The official website has approximately 1 million monthly visits on average. The malicious code was also discovered in some localized versions of the official Tupperware website.

CMS 77

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Facial Recognition for People Wearing Masks

Schneier on Security

The Chinese facial recognition company Hanwang claims it can recognize people wearing masks : The company now says its masked facial recognition program has reached 95 percent accuracy in lab tests, and even claims that it is more accurate in real life, where its cameras take multiple photos of a person if the first attempt to identify them fails. [.]. Counter-intuitively, training facial recognition algorithms to recognize masked faces involves throwing data away.

IT 69

What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?

Dark Reading

Two security awareness advocates from KnowBe4 provide some solid suggestions

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Security Affairs

A security researcher disclosed technical details of a critical remote code execution flaw affecting the OpenWrt Linux-based operating system for network devices. Earlier this year, security expert Guido Vranken from the software firm ForAllSecure, discovered a critical vulnerability in the OpenWrt Linux-based operating system for network devices.

FBI Shutters Russian-Based Hacker Platform, Makes Arrest

Dark Reading

The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Fake Coronavirus Finder spread Ginp Mobile Banker

Security Affairs

Security experts have spotted a new COVID-themed campaign aimed at distributing the Ginp Mobile Banker with “Coronavirus Finder” lure. With the COVID19 outbreak, the number of Coronavirus-themed attacks is rapidly increasing. Kaspersky Lab experts have uncovered a malicious campaign that is spreading the Android banking trojan Ginp masquerade as a Coronavirus Finder.

Creating trusted COVID-19 data for communities

IBM Big Data Hub

In these rapidly changing times, we all need to get the best information available to make better informed decisions. Between news reports, adjusting to social distancing practices, and other daily adjustments, many of us face a deluge of incoming information.

IT 91

Tor Browser 9.0.7 addresses a flaw that could allow unmasking Tor users

Security Affairs

The Tor Project released Tor Browser 9.0.7 that definitively addresses a vulnerability that allowed to execute JavaScript code on sites it should not. The Tor Project released Tor Browser 9.0.7 that permanently addresses a severe bug that allowed JavaScript code to run on sites it should not. Time to update: There's a new version of Tor Browser out now. Tor Browser 9.0.7 updates Tor to 0.4.2.7 and NoScript to 11.0.19.

Do DevOps Teams Need a Company Attorney on Speed Dial?

Dark Reading

In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers

Pressure Points: How to Ensure Your B2B Pipeline Passes Inspection

This eBook highlights best practices for developing a pipeline management process that helps sales leaders and their team C.L.O.S.E (you’ll see what we mean in this eBook) more revenue through data-driven prospecting, stage analysis, and subsequent sales enablement.

Secure together: Managing your WordPress access during coronavirus

IT Governance

If a week is a long time in politics, then it’s a veritable aeon when it comes to economy-collapsing, pub-closing, sports-halting pandemics. In the space of a few days, we’ve gone from mild concern as we looked at statistics, to frustration as pubs and restaurants closed, to cautiously stocking up on supplies, and eventually to a numbing acceptance that we’re all going to be stuck inside for the foreseeable future.

People are asking “What is Db2 DevOps Experience for z/OS?”

Rocket Software

This article was originally published on the IBM community blog and was written in collaboration with Patrick Bossman, an STSM for Db2 for z/OS at IBM, Paul McWilliams, an Information Developer for Db2 for z/OS at IBM, and Paul Bartak, Principle Solutions Advisor for Db2 Tools for z/OS at Rocket Software. IBM Db2 DevOps Experience for z/OS is where Db2 for z/OS meets DevOps. It is the IBM strategic product for bringing database as a service (DBaaS) to Db2 for z/OS.

Cloud 57

COVID-19: Getting Ready for the Next Business Continuity Challenge

Dark Reading

What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time

56

7 Maintenance Questions Every IT Pro Should Ask

Daymark

In today’s multi-vendor, multi-cloud world, managing IT maintenance contracts can easily spiral out of control. Not having a full grasp of where they all stand can be costly in terms of both budget and vulnerabilities from out of support equipment and software. We’ve identified seven questions that every IT organization should ask to truly understand if their maintenance management is fully optimized: Reporting

Cloud 55

Marketing-Led Post-COVID-19 Growth Strategies

Businesses are laying off workers, shutting their doors (some permanently), and struggling to react to the radical destruction that coronavirus (COVID-19) is doing to our society and communities. Most have already sustained massive damage, and we still have yet to see the scope of impact of the global pandemic that has upended the globe. Any return to normalcy may seem far-off, but sales and marketing are on the front lines of restarting the economy. When the dust settles, we have a responsibility to turn our shock and grief into fierce determination, and lead the charge of responsible, strategic, sustainable future growth. However, there’s no team better suited to lead that charge than the marketing department. Marketers are uniquely positioned to provide creative solutions to aid their organization in times of change and chart a course for navigating success.

Tupperware Hit By Card Skimmer Attack

Dark Reading

Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website

56

Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign

Threatpost

Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they've seen from a Chinese-linked actor "in recent years.". Cloud Security Hacks Vulnerabilities APT41 China Chinese hackers Cisco citrix critical flaw espionage campaign Exploit exploits FireEye government spies nation state vulnerability zero day Zoho

Cloud 77

European Data Protection Board Releases Statement on Personal Data and COVID-19

Data Matters

On 20 March 2020, the European Data Protection Board (“ EDPB ”) released a statement on the protection of personal data in connection with measures that public authorities and business organizations (including employers) are taking to address the Coronavirus (COVID-19) pandemic. This statement is an extension of the statement released by the EDPB chair on 16 March 2020, (which can be accessed here ).