Mon.Nov 23, 2020

Biden Reveals Picks to Head DHS, Intelligence

Data Breach Today

President-Elect Taps Former Obama Administration Officials President-elect Joe Biden on Monday announced that two former Obama-era officials are his nominees to head the U.S. Department of Homeland Security and the Office of Director of National Intelligence

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

WIRED Threat Level

The company is rolling out a patch today for the vulnerabilities, which allowed one researcher to break into one in 90 seconds and drive away. Security Security / Cyberattacks and Hacks

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Bill Looks to Close Federal Cybersecurity Loopholes

Data Breach Today

Lawmakers Want to Restrict Agencies From Postponing Security Measures Sen. Ron Wyden, D-Ore., and Rep. Lauren Underwood, D-Ill.,

Security Researchers Sound Alarm on Smart Doorbells

Dark Reading

A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them

Risk 110

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

From St. Louis to France, Ransomware Victim List Expands

Data Breach Today

Among the Causes: Hit Against Managed.com Website Hosting Giant Ransomware continues to pummel many types of organizations, recently including South Korea's E-Land retail group, French newspaper Paris-Normandie and a Georgia county school system.

Retail 187

More Trending

Fraudsters Target Cryptocurrency Platforms Through GoDaddy

Data Breach Today

GoDaddy Employees Reportedly Tricked by Social Engineering Techniques Last week, fraudsters targeted two cryptocurrency platforms by accessing domains managed by GoDaddy, according to notices published by the victimized firms.

Access 176

Top 3 Black Friday 2020 scams to avoid

IT Governance

Amid the mad dash for bargains and inevitable stories of shop-floor brawls, Black Friday brings with it a spike in cyber security threats, as cyber criminals take advantage of people desperate for bargains.

COVID-19 Latest: 'We Are Really Struggling'

Data Breach Today

Pandemic Expert Regina Phelps on Infection Trends, Vaccine Production It took 100 days for the world to record its first 1 million COVID-19 infections. A week ago, 1 million cases were added in just over one day.

IT 155

Researchers show how to steal a Tesla Model X in a few minutes

Security Affairs

Boffins have demonstrated how to steal a Tesla Model X in a few minutes by exploiting vulnerabilities in the car’s keyless entry system.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

3 Steps CISOs Can Take to Convey Strategy for Budget Presentations

Dark Reading

Answering these questions will help CISOs define a plan and take the organization in a positive direction

96

VMware discloses critical zero-day CVE-2020-4006 in Workspace One

Security Affairs

VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it.

Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups

Dark Reading

APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns

IT 90

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

Security Affairs

Sonatype’s deep dive research allowed to identify a new family of Discord malware called CursedGrabber.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Ransomware Grows Easier to Spread, Harder to Block

Dark Reading

Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations

GreenLight Group’s GITOpS – what is it and why does it matter?

Micro Focus

What is GITOpS (and why does it matter)? Operations is the lifeblood of every IT department, and for most IT managers it’s also the bane of their existence. IT Operations can be costly, and it consumes vast amounts of resources in the form of time and labor. If it weren’t such a critical part of.

IT 77

10 Undergraduate Security Degree Programs to Explore

Dark Reading

Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

Threatpost

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.

IT 110

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

8 Ways to Protect Yourself against Scams on Black Friday and Cyber Monday

Adam Levin

The holidays are the most wonderful time of the year, especially for scammers. Consumers are typically spending more, doing it quickly and not paying as much attention to who they’re buying it from because of the rush.

More on the Security of the 2020 US Election

Schneier on Security

Last week I signed on to two joint letters about the security of the 2020 election.

Risk 76

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

In part 1 , I deliberately kept everything really high level because frankly, I didn't want to scare people off. I'm not ashamed to say that the process of getting even the basics working absolutely did my head in as I waded through a sea of unfamiliar technologies, protocols and acronyms.

IoT 108

Manchester United Suffers Cyberattack

Dark Reading

Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either

IT 74

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Spotify Users Hit with Rash of Account Takeovers

Threatpost

Users of the music streaming service were targeted by attackers using credential-stuffing approaches. Breach Cloud Security Hacks Web Security account takeover Credential stuffing cyberattack elasticsearch database music streaming password reuse Spotify spotify credentials vpnMentor

As 'Anywhere Work' Evolves, Security Will Be Key Challenge

Dark Reading

Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says

GoDaddy Employees Tricked into Compromising Cryptocurrency Sites

Threatpost

‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid. Hacks Malware Vulnerabilities Web Security CISA.

Access 103

VMware fixed SD-WAN flaws that could allow hackers to target enterprise networks

Security Affairs

VMware addressed six vulnerabilities in its SD-WAN Orchestrator product that can potentially expose enterprise networks to hack.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

How Retailers Can Fight Fraud and Abuse This Holiday Season

Dark Reading

Online shopping will be more popular than ever with consumers. and with malicious actors too

Computer Security and Data Privacy, the perfect alliance

Security Affairs

Computer security and data privacy are often poorly considered issues, experts urge more awareness of cyber threats.

Indistinguishability Obfuscation

Schneier on Security

Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it had finally been achieved, based on a recently published paper.

Paper 67