Mon.Mar 23, 2020

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. after receiving what looked like a bill for search engine optimization (SEO) services rendered on behalf of their domain names.

Sales 188

BEC Campaign Targets HR Departments: Report

Data Breach Today

Cybercriminal Group TA505 Sending Trojanized CV Files, Prevailian Reports TA505, a notorious cybercriminal group believed to be operating in Russia, is using business email compromise tactics to target a new group of victims - HR departments, according to security researchers, who describe the new scheme.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: Start-up QuoLab enters emerging ‘Security Operations Platform’ — SOP — space

The Last Watchdog

Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day. I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.

Russia Blamed for COVID-19 Disinformation Campaigns

Data Breach Today

Pro-Kremlin Outlets Complicating Public Health Response, Nation-State Watchers Warn Disinformation campaigns with ties to Russia are continuing in an attempt to impede other governments' responses to the COVID-19 pandemic, complicating public health efforts to combat the disease, European officials warn.

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

FBI Warns of Fake CDC Emails in COVID-19 Phishing Alert

Dark Reading

Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks

More Trending

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-.

Fintech Firm Finastra Recovering From Ransomware Attack

Data Breach Today

Attackers Targeted Corporate Network, Forcing Company to Shut Down IT Operations Finastra, a large financial services software provider based in London, continues to recover from a ransomware attack that forced the company to take its IT operations offline Friday to prevent further damage to its corporate network, according to the company's CEO

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

Hackers are offering for sale on the dark web data belonging to 538 million Weibo users, including 172 million phone numbers. Data of 538 million Weibo users are available for sale on the dark web the news was reported by several Chinese media and users on social networks.

Sales 85

CA AG Modifies CCPA Regs - Again

Data Breach Today

Attorney Sadia Mirza Reviews 'Spring Cleaning' of Landmark Privacy Act Amidst the COVID-19 pandemic crisis, the California Attorney General's Office on March 11 released a second modification of the proposed regulations to implement the California Consumer Protection Act. Attorney Sadia Mirza explains what's included in this "spring cleaning" and how the coronavirus impacts the global privacy landscape

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Protect Your Home Office and Network With These 5 Tips

Adam Levin

Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts.

COVID-19: Security Risks As Manufacturers Shift Gears

Data Breach Today

As automobile manufacturers and others rush to shift to production of ventilators and other medical equipment and supplies to help fight the COVID-19 pandemic, they must take steps to ensure security, privacy and safety risks are addressed, says technology attorney Steven Teppler

Coronavirus-themed campaign delivers a new variant of Netwalker Ransomware

Security Affairs

MalwareHunterTeam experts have identified a new Coronavirus phishing campaign that aims at delivering the Netwalker Ransomware.

8 Infosec Page-Turners for Days Spent Indoors

Dark Reading

Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

The University of Utah Health discloses security breach

Security Affairs

The University of Utah Health disclosed a security breach, it has discovered malware on its systems and revealed unauthorized access to some employee email accounts.

Hacking Voice Assistants with Ultrasonic Waves

Schneier on Security

I previously wrote about hacking voice assistants with lasers.

Paper 69

Operation Pangea: Europol dismantles criminal gangs selling coronavirus medicine, surgical masks

Security Affairs

Operation Pangea is the name of a joint international operation lead by the Interpol that seized €13 million in counterfeit drugs for care. . The Coronavirus outbreak is sustaining an unprecedented demand in hygiene products, surgical masks, and drugs that could care the COVID infection.

Five Ways to Secure Your Home Office Webcam

Adam Levin

Covid-19 is increasing the number of employees working from home, and more businesses are relying on video conferences as a means of keeping in regular communication. .

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Microsoft warns of targeted attacks exploiting Windows zero-day flaws

Security Affairs

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

Complimentary Webinars provided by VRC during COVID-19 Pandemic

IG Guru

Vital Records Control (VRC) recognizes the pandemic due to COVID-19 is rapidly changing how we work and learn. As many of the conferences and seminars postpone or cancel due to pandemic, we wish to offer a solution. I will be hosting weekly information governance (IG) webinars.

Microsoft Publishes Advisory for Windows Zero-Day

Dark Reading

There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows

58

Apache Tomcat Exploit Poised to Pounce, Stealing Files

Threatpost

Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers. Vulnerabilities Web Security Apache Tomcat compromise CVE-2020-1938 Exploit file retrieval hack in the wild attacks remote code execution security vulnerability web server

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Complimentary Webinar: Intentional Impact – Revolutionizing Your Leadership Approach: Creating IG Champions on 3/26

IG Guru

This complimentary webinar provides a method for creating Records and Information Governance “Champions” in your organization.

From Zero to Hero: CISO Edition

Dark Reading

It's time for organizations to realize that an empowered CISO can effectively manage enterprise risk and even grow the business along the way

Risk 55

OCR Issues Guidance on Telehealth Video Technology: Recommends Business Skype and others

IG Guru

March 17, 2020 Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency We are empowering medical providers to serve patients wherever they are during this national public health emergency.

Three Ways Your BEC Defense Is Failing & How to Do Better

Dark Reading

Business email compromises cost the economy billions of dollars. Experts have advice on how to stop them from hitting you for millions at a pop

54

APEC Endorses Third U.S. CBPR Accountability Agent

Hunton Privacy

The International Trade Administration at the U.S. Department of Commerce recently announced that NCC Group has been approved as a U.S. Accountability Agent under the APEC Cross-Border Privacy Rules (“CBPR”) system. NCC Group joins TrustArc and Schellman as the third U.S.

Physical Meets Digital: Embracing Digital Transformation on the Journey to Information Management

InfoGoTo

Records and information management has become a driver of digital transformation, bringing about an organisation-wide culture change tasked with putting privacy and security first.

New EDPB Statement on Data Protection During the COVID-19 Outbreak

Hunton Privacy

On March 19, 2020, the European Data Protection Board (“EDPB”) published a new statement regarding processing personal data in the context of the COVID-19 outbreak.

GDPR 76

Physical Meets Digital: Privacy Is Your Responsibility

InfoGoTo

It hasn’t been long since the implementation of Europe’s GDPR, and we’ve already seen fines surpassing the €100 million mark for British Airways and Marriott International and, potentially, fines running into billions for Facebook.

GDPR 52