Tue.Mar 24, 2020

Hackers Targeted World Health Organization

Data Breach Today

Researcher Says Spear-Phishing Incident Has Hallmarks of Nation-State Attack A hacking group targeted the World Health Organization earlier this month with an apparently unsuccessful spear-phishing campaign designed to harvest credentials as the United Nations organization was grappling with the global COVID-19 pandemic

NEW TECH: QuoLab advances ‘Security Operations Platform’ — SOP — technology

The Last Watchdog

Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day. I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

California Modifies Consumer Privacy Regulations - Again

Data Breach Today

Attorney Sadia Mirza Reviews 'Spring Cleaning' of Landmark CCPA Privacy Law Amidst the COVID-19 pandemic, California's attorney general on March 11 released a second modification of the proposed regulations to implement the California Consumer Protection Act. Attorney Sadia Mirza explains what's included in this "spring cleaning

Internet Voting in Puerto Rico

Schneier on Security

Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

New Mirai Variant Exploits NAS Device Vulnerability

Data Breach Today

Researchers: Mukashi Botnet Can Use Infected Devices to Launch DDoS Attacks Security researchers are tracking a variant of the prolific Mirai botnet called Mukashi, that's taking advantage of vulnerabilities in network-area storage devices made by Zyxel and giving its operators the ability to launch DDoS attacks. Zyxel has issued a patch for the vulnerability

More Trending

Microsoft Warns of New Zero-Day Vulnerabilities in Windows

Data Breach Today

Company Has Detected 'Limited Targeted Attacks' So Far Microsoft is warning that attackers are exploiting a pair of critical, zero-day flaws in Windows that allow for remote code execution, which could enable a threat actor to take over an infected device. Although a patch for the flaws is not expected until April, the company described workarounds

139
139

New APT Targets Middle Eastern Victims

Dark Reading

The new malware, dubbed "Milum," can take control of industrial devices

69

Election Integrity in COVID-19 Era

Data Breach Today

Matt Barrett and Joe Drissell of U.S. Cyberdome discuss the new initiative to foster cross-campaign cybersecurity collaboration and the ramifications of potentially holding an election during social distancing as a result of the COVID-19 pandemic

Nurturing relationships while working remotely

OpenText Information Management

In the midst of media reports of job cuts and business closures, the Bank of America has just announced the hiring of 1700 new employees into critical support roles. As more and more people are instructed to stay at home, it’s impossible to overestimate the importance of seamless and continuous engagements with financial services customers. … The post Nurturing relationships while working remotely appeared first on OpenText Blogs.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Demystifying FBI Notes on Cyber Attacks Involving Multi-Factor Authentication

Data Breach Today

Hackers are Looking for Every Opportunity to Bypass Security Measures, and MFA is no Exception. Hackers are looking for every opportunity to bypass security measures, and MFA is no exception

Fortune 500 tech giant General Electric (GE) discloses data breach after Canon hack

Security Affairs

General Electric (GE) s a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The technology giant General Electric (GE) disclosed a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The data breach was caused by a security breach suffered by one of GE’s service providers, Canon Business Process Services.

MFA Trials Can Be a Burden or a Breeze

Data Breach Today

Use These Five Tips to Quickly Spot Differences When Evaluating MFA Solutions Use these five tips to quickly spot differences when evaluating MFA solutions

121
121

Cybercriminals' Promises to Pause During Pandemic Amount to Little

Dark Reading

As pandemic worsens, online profiteering -- from fraudsters to ransomware operators to cybercriminal hacking -- continues unabated, despite some promises from the underground

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

What's the Return on Investment of a Vendor Management Platform?

Data Breach Today

Improve Vendor Remote Access Security, Reduce 3rd Party Risk AND Reduce Costs An emerging technology, Vendor Privileged Access Management (VPAM) can provide both operational efficiencies and increased security in your projected ROI analysis. And that is a rare combination in InfoSec these days

Access 109

Automated Tools Make Cyberattacks Easier to Pull Off

Dark Reading

Gone are the days when threat actors had to actually spend time and effort planning and developing an attack on their own, Recorded Future says

64

The US Army Corps of Engineers Deploys Against Coronavirus

WIRED Threat Level

The US is desperate for hospital beds. The USACE can build thousands of them in a matter of days. Security Security / Security News

Business Process Modeling Use Case: Disaster Recovery

erwin

In these challenging times, many of our customers are focused on disaster recovery and business contingency planning. Disaster recovery is not just an event but an entire process defined as identifying, preventing and restoring a loss of technology involving a high-availability, high-value asset in which services and data are in serious jeopardy.

Risk 61

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Google Removes Adware-Laced Kids' Apps From Play Store

WIRED Threat Level

After over a million downloads, the Tekya-infected Android offerings are finally on ice. Security Security / Security News

Uncovering OpenWRT remote code execution (CVE-2020-7982)

ForAllSecure

Introduction. For ForAllSecure, I’ve been focusing on finding bugs in OpenWRT using their Mayhem software. My research on OpenWRT has been a combination of writing custom harnesses, running binaries of the box without recompilation, and manual inspection of code. ForAllSecure Vulnerability Disclosures

88

Welcoming the USA Government to Have I Been Pwned

Troy Hunt

Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the expansion of this initiative to include the USA government by way of their US Cybersecurity and Infrastructure Security Agency (CISA).

How Attackers Could Use Azure Apps to Sneak into Microsoft 365

Dark Reading

Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions

60

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

MalwareBazaar – welcome to the abuse-ch malware repository

Security Affairs

Abuse. ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. Abuse. ch launched a malware repository, called MalwareBazaar , to allow experts to share known malware samples and related analysis. MalwareBazaar is available for free and only collects known malware samples, the repository will not include adware or potentially unwanted applications (PUA/PUP). “ MalwareBazaar is a project operated by abuse.

Db2 Cloning Tool: Enhanced App Cloning Index Processing (PI99726)

Rocket Software

If you perform Application (Tablespace) Cloning with the Cloning Tool, chances are that you will experience a free performance boost after applying APAR PI99726 (PTF UI57180). It is likely that indexes are included in your cloning LISTDEF definition or via the COPY parameter, ALWAYS-COPY-INDEXSPACES. With this enhancement, the Cloning Tool Source job will be able to detect several conditions which would require the index to be rebuilt by (or after) the Target job.

Malware Found Hidden in Android Utility Apps, Children's Games

Dark Reading

The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements

IT 54

WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike

Threatpost

The DarkHotel group could have been looking for information on tests, vaccines or trial cures. Critical Infrastructure Government Hacks Web Security apt coronavirus COVID-19 cure cyberattack Darkhotel espionage impersonation attacks testing vaccine world health organization

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Vulnerability Management Isn't Just a Numbers Game

Dark Reading

Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory

53

COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps

Data Matters

The COVID-19 crisis has created significant cybersecurity risks for organizations across the world, particularly arising from remote working, scams and phishing attacks, and weakened information governance controls. These risks warrant attention by legal counsel and information security officers in light of potentially significant adverse legal, financial and reputational consequences that could arise – all while the organization is dealing with effects of a global pandemic.

New York Attorney General asks domain registrars to crack down on coronavirus scam sites

Security Affairs

New York Attorney General asks domain registrars, including GoDaddy, and Namecheap, to crack down on coronavirus scam sites. The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day. The New York Attorney General asks GoDaddy , Namecheap, Register.com, and Endurance International Group and other domain registrars to crack down on Coronavirus scam sites.