Wed.Oct 21, 2020

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

Sweden is banning Chinese tech giant Huawei and ZTE from building new 5G wireless networks due to national security concerns. Another state, Sweden, announced the ban of Chinese tech companies Huawei and ZTE from building its 5G network infrastructure.

Unsecured Voice Transcripts Expose Health Data - Again

Data Breach Today

Researchers Find Pfizer Drug Customer Messages Accessible on Internet For the second time within a week, it's been revealed that sensitive voice messages containing patients' information have been exposed on the internet.

Access 199

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NSA Advisory on Chinese Government Hacking

Schneier on Security

The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers.

Home Loan Trading Platform Exposes Mortgage Documentation

Data Breach Today

Atlanta-Based Maxex Left Software Development Platform Open Maxex, a company that develops a digital trading platform for the secondary mortgage market in the U.S., leaked 9 GB of internal documentation as well as full mortgage applications for 23 individuals.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

FIRST Announces Cyber-Response Ethical Guidelines

Dark Reading

The 12 points seek to provide security professionals with advice on ethical behavior during incident response

More Trending

How AI Will Supercharge Spear-Phishing

Dark Reading

To keep pace with intelligent, unpredictable threats, cybersecurity will have to adopt an intelligent security of its own

NSA: Chinese Hackers Exploiting 25 Vulnerabilities

Data Breach Today

Agency Warns Hacking Groups Are Exploiting Flaws to Conduct Cyberespionage The NSA is warning that Chinese-linked hacking groups are exploiting 25 vulnerabilities in software systems and network devices as part of cyberespionage campaigns - which means patching is urgent

167
167

As Smartphones Become a Hot Target, Can Mobile EDR Help?

Dark Reading

Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform

Microsoft Continues Trickbot Crackdown

Data Breach Today

But Some Researchers Say Botnet's Operators Using Workarounds to Restore Activity Microsoft and its partners are continuing to put pressure on the Trickbot malware operation, eliminating an estimated 94% of its infrastructure.

IT 159

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day

Security Affairs

Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day.

Phishing Emails Target Coinbase Exchange Users

Data Breach Today

Messages Use an OAuth-Based Consent App to Gain Office 365 Access Fraudsters are sending phishing emails with messages about the Coinbase cryptocurrency exchange to Microsoft Office 365 users in an attempt to take over their inboxes and gain access to data, according to the security firm KnowBe4

Are You One COVID-19 Test Away From a Cybersecurity Disaster?

Dark Reading

One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue

Cisco Warns of Severe DoS Flaws in Network Security Software

Threatpost

The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers

Dark Reading

A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

Threatpost

The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.

IASME Consortium to Kick-start New IoT Assessment Scheme

Dark Reading

The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme

Adobe releases a new set of out-of-band patches for its products

Security Affairs

Adobe has released a second out-of-band security update to address critical vulnerabilities affecting several products. . Adobe has released a second out-of-band security update to fix critical vulnerabilities that impact numerous products of the IT giant. .

IT 71

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets

Dark Reading

Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

Threatpost

The memory-corruption vulnerability exists in the browser’s FreeType font rendering library. Vulnerabilities Browser chrome freetype google Google Project Zero Linux Mac Security Researchers Sergei Glazunov Windows Zero Day Project zero-day

Modern Day Insider Threat: Network Bugs That Are Stealing Your Data

Dark Reading

Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed

Oracle Kills 402 Bugs in Massive October Patch Update

Threatpost

Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; two have CVSS scores of 10 out of 10.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

OpenText World 2020—Are You Ready for the Great Rethink?

OpenText Information Management

The world is not changing. It has changed. These changes are deep. Structural. Lasting. We must use this opportunity to rethink on a massive scale.

Dealing With Insider Threats in the Age of COVID

Dark Reading

Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working

IT 61

[Podcast] Office Re-Entry in Times of COVID

AIIM

In this episode of AIIM On Air , I speak with Sue Trombley, Managing Director of Thought Leadership for Iron Mountain. We discuss the biggest impacts on the workplace from Covid-19 and the challenges and opportunities of the new normal of business today.

Paper 61

Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data

Threatpost

The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data.".

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Oracle Releases Another Mammoth Security Patch Update

Dark Reading

October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication

Transition Post 3: Managing Official Email and Social Media Accounts

National Archives Records Express

The next post in our Federal Government transition series highlights the need to manage official email and social media accounts of senior officials as they enter and exit Federal Service. It is very important for these officials to keep personal materials separate from official accounts or systems.

How Will the History of the Last 4 Years Be Recorded? via CMS Wire

IG Guru

Check out this post by John Mancini on CMS Wire about US Federal Records over the last 4 years. The post How Will the History of the Last 4 Years Be Recorded? via CMS Wire appeared first on IG GURU. CMS Wire Information Governance Record Retention Records Management John Mancini NARA United States

CMS 56