Tue.Oct 13, 2020

The Man Who Speaks Softly—and Commands a Big Cyber Army

WIRED Threat Level

Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing. Security Security / National Security Backchannel

Cybercrime: 12 Top Tactics and Trends

Data Breach Today

From Ransomware and DDoS to Malware and SIM Swapping: Europol Describes Latest Threats Ransomware attacks remain the top cyber-enabled threat seen by law enforcement.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The British government aims at improving its offensive cyber capability

Security Affairs

Britain’s most senior cyber general declared that the UK has implemented an advanced offensive cyberwar capability that could destroy its enemies.

Google Responds to Warrants for “About” Searches

Schneier on Security

One of the things we learned from the Snowden documents is that the NSA conducts “about” searches. That is, searches based on activities and not identifiers. A normal search would be on a name, or IP address, or phone number.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Backdoor Discovered in Xplora Children's Smartwatch

Data Breach Today

Chinese Manufacturer Issues a Patch to Remove the Code The Xplora 4 kids smartwatch was shipped with a backdoor that could be activated remotely by an encrypted SMS to take secret screenshots. The manufacturer says the code was mistakenly left in the firmware, and it has issued a patch to remove it

More Trending

Health Data Breaches in 2020: Ransomware Incidents Dominate

Data Breach Today

Blackbaud, Magellan Health Incidents Trigger Numerous Breach Notifications Hacking incidents involving ransomware attacks continue to dominate the 2020 health data breach tally, with incidents affecting two companies - Blackbaud and Magellan Health - accounting for numerous breach notifications by their clients.

Why have I joined the LinkedIn Data Protection Reform Group?

Data Protector

There is an ongoing debate on the rights that data controllers should have, compared with the rights that private individuals should have. There’s also an ongoing debate on what role our national Data Protection supervisory authority should play in developing and enforcing privacy laws.

GDPR 156

Analysis: Will Trickbot Takedown Impact Be Temporary?

Data Breach Today

Experts Weigh in on the Effects of Actions by Microsoft and Others to Disable Botnet Despite the takedown of the Trickbot botnet by Microsoft and others Monday, the malware is still functioning, and its operators retain the tools needed to rebuild their malicious network, some cybsersecurity experts say.

IT 204

Leading Law firm Seyfarth Shaw discloses ransomware attack

Security Affairs

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Risk Management Shortfalls Lead to $400 Million Citibank Fine

Data Breach Today

Federal Reserve Requires Bank's Board to Take Action The Treasury Department's Office of the Comptroller of the Currency has hit Citibank with a $400 million fine for deficiencies in enterprisewide risk management, compliance risk management, data governance and internal controls.

Risk 167

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend.

IoT 89

Ransomware Gangs Turn to Outsourcers for Network Access

Data Breach Today

Accenture: Network Access Sellers Change Their Tactics Those selling "network access" on underground forums are adjusting their business models to take advantage of the huge influx of ransomware gangs that are looking for easier and more efficient ways to gain access to their targets, Accenture reports.

Access 167

Internet Freedom Has Taken a Hit During the Covid-19 Pandemic

WIRED Threat Level

From arrests to surveillance, governments are using the novel coronavirus as cover for a crackdown on digital liberty. Security Security / Privacy

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Strong Crypto Again the Target of Western Governments

Data Breach Today

Lawful Access' Means Weak Crypto on Which Anyone Can Eavesdrop - Not Just the Cops Stop me if you think that you've heard this one before: The U.S.,

25% of BEC Cybercriminals Based in the US

Dark Reading

While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers

80

Managing Third-Party Risks: Technology's Role

Data Breach Today

Deloitte's Julian Colborne-Baber Offers Due Dilligence Insights for Financial Institutions Managing third-party risks must start with due diligence activities, and technology can play an important role, says Julian Colborne-Baber, forensic partner at Deloitte in the U.K.

Risk 141

Microsoft October 2020 Patch Tuesday fixes 87 flaws, including 21 RCEs

Security Affairs

Microsoft October 2020 Patch Tuesday security updates address 87 vulnerabilities, including 21 remote code execution (RCE) issues. Microsoft October 2020 Patch Tuesday security updates address 87 vulnerabilities, including 21 remote code execution (RCE) issues.

IT 79

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Where are the 'Great Exits' in the Data Security Market?

Dark Reading

If data security were a student, its report card would read "Not performing to potential." Here's why

Germany: No GDPR damages after data breach

DLA Piper Privacy Matters

Background: another open legal question. One of the many open questions of data protection law in Europe is how compensation for “non-material damage” will be calculated.

Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

Dark Reading

With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments

Adobe addresses a critical security flaw in Adobe Flash Player

Security Affairs

Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player that could be easily exploited by hackers.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug

Threatpost

There were 11 critical bugs and six that were unpatched but publicly known in this month's regularly scheduled Microsoft updates.

Cloud 103

Microsoft Fixes Critical Windows TCP/IP Flaw in Patch Rollout

Dark Reading

The October 2020 Patch Tuesday fixed 87 vulnerabilities, including 21 remote code execution flaws, in Microsoft products and services

72

Five Eyes nations plus India and Japan call for encryption backdoor once again

Security Affairs

Members of the Five Eyes intelligence alliance once again call for tech firms to engineer backdoors into end-to-end and device encryption.

Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections

Dark Reading

The state of email defenses has a role to play in the US presidential election

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

REMnux Tools List for Malware Analysis

Lenny Zeltser

REMnux ® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro?

Trickbot Botnet Response Highlights Partnerships Preventing US Election Interference

Dark Reading

Recent efforts by USCYBERCOM and Microsoft to disrupt the Trickbot botnet highlight the importance of partnerships in successful malware botnet disruption

69

Critical Flash Player Flaw Opens Adobe Users to RCE

Threatpost

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player. Vulnerabilities Web Security adobe adobe flash desktop runtime CVE-2020-9746 Linux macOS NULL pointer dereference patch patch tuesday vulnerability Windows