Tue.Mar 24, 2020

Hackers Targeted World Health Organization

Data Breach Today

Researcher Says Spear-Phishing Incident Has Hallmarks of Nation-State Attack A hacking group targeted the World Health Organization earlier this month with an apparently unsuccessful spear-phishing campaign designed to harvest credentials as the United Nations organization was grappling with the global COVID-19 pandemic

NEW TECH: QuoLab advances ‘Security Operations Platform’ — SOP — technology

The Last Watchdog

Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day. I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

New Mirai Variant Exploits NAS Device Vulnerability

Data Breach Today

Researchers: Mukashi Botnet Can Use Infected Devices to Launch DDoS Attacks Security researchers are tracking a variant of the prolific Mirai botnet called Mukashi, that's taking advantage of vulnerabilities in network-area storage devices made by Zyxel and giving its operators the ability to launch DDoS attacks. Zyxel has issued a patch for the vulnerability

Welcoming the USA Government to Have I Been Pwned

Troy Hunt

Over the last 2 years I've been gradually welcoming various governments from around the world onto Have I Been Pwned (HIBP) so that they can have full and unfettered access to the list of email addresses on their domains impacted by data breaches. Today, I'm very happy to announce the expansion of this initiative to include the USA government by way of their US Cybersecurity and Infrastructure Security Agency (CISA).

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

MFA Trials Can Be a Burden or a Breeze

Data Breach Today

Use These Five Tips to Quickly Spot Differences When Evaluating MFA Solutions Use these five tips to quickly spot differences when evaluating MFA solutions

118
118

More Trending

Demystifying FBI Notes on Cyber Attacks Involving Multi-Factor Authentication

Data Breach Today

Hackers are Looking for Every Opportunity to Bypass Security Measures, and MFA is no Exception. Hackers are looking for every opportunity to bypass security measures, and MFA is no exception

New APT Targets Middle Eastern Victims

Dark Reading

The new malware, dubbed "Milum," can take control of industrial devices

68

Election Integrity in COVID-19 Era

Data Breach Today

Matt Barrett and Joe Drissell of U.S. Cyberdome discuss the new initiative to foster cross-campaign cybersecurity collaboration and the ramifications of potentially holding an election during social distancing as a result of the COVID-19 pandemic

Uncovering OpenWRT remote code execution (CVE-2020-7982)

ForAllSecure

Introduction. For ForAllSecure, I’ve been focusing on finding bugs in OpenWRT using their Mayhem software. My research on OpenWRT has been a combination of writing custom harnesses, running binaries of the box without recompilation, and manual inspection of code. ForAllSecure Vulnerability Disclosures

63

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

California Modifies Consumer Privacy Regulations - Again

Data Breach Today

Attorney Sadia Mirza Reviews 'Spring Cleaning' of Landmark CCPA Privacy Law Amidst the COVID-19 pandemic, California's attorney general on March 11 released a second modification of the proposed regulations to implement the California Consumer Protection Act. Attorney Sadia Mirza explains what's included in this "spring cleaning

Malware Found Hidden in Android Utility Apps, Children's Games

Dark Reading

The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements

IT 63

Microsoft Warns of New Zero-Day Vulnerabilities in Windows

Data Breach Today

Company Has Detected 'Limited Targeted Attacks' So Far Microsoft is warning that attackers are exploiting a pair of critical, zero-day flaws in Windows that allow for remote code execution, which could enable a threat actor to take over an infected device. Although a patch for the flaws is not expected until April, the company described workarounds

118
118

Fortune 500 tech giant General Electric (GE) discloses data breach after Canon hack

Security Affairs

General Electric (GE) s a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The technology giant General Electric (GE) disclosed a data breach that exposed personally identifiable information of current and former employees, as well as beneficiaries. The data breach was caused by a security breach suffered by one of GE’s service providers, Canon Business Process Services.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

What's the Return on Investment of a Vendor Management Platform?

Data Breach Today

Improve Vendor Remote Access Security, Reduce 3rd Party Risk AND Reduce Costs An emerging technology, Vendor Privileged Access Management (VPAM) can provide both operational efficiencies and increased security in your projected ROI analysis. And that is a rare combination in InfoSec these days

Access 109

Cybercriminals' Promises to Pause During Pandemic Amount to Little

Dark Reading

As pandemic worsens, online profiteering -- from fraudsters to ransomware operators to cybercriminal hacking -- continues unabated, despite some promises from the underground

WildPressure, a new APT group targets the Middle East’s industrial sector

Security Affairs

Security experts from Kaspersky Lab have uncovered the activity of a new threat actor, tracked as WildPressure, targeting the industrial sector in th e Middle East. The WildPressure was spotted for the first time in August 2019 when researchers detected a never-before-seen malware that has no similarities with other samples analyzed by the experts. “In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum.

IT 56

How Attackers Could Use Azure Apps to Sneak into Microsoft 365

Dark Reading

Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions

58

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

MalwareBazaar – welcome to the abuse-ch malware repository

Security Affairs

Abuse. ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. Abuse. ch launched a malware repository, called MalwareBazaar , to allow experts to share known malware samples and related analysis. MalwareBazaar is available for free and only collects known malware samples, the repository will not include adware or potentially unwanted applications (PUA/PUP). “ MalwareBazaar is a project operated by abuse.

The US Army Corps of Engineers Deploys Against Coronavirus

WIRED Threat Level

The US is desperate for hospital beds. The USACE can build thousands of them in a matter of days. Security Security / Security News

Combining Online & Offline Data in Automotive – Part Two

Perficient Data & Analytics

In a previous blog post , I discussed the need and importance of combining online and offline data in the automotive industry. Now, in part two of this blog series, I will discuss some of the basic tools needed for combining online and offline data, as well as give some high-level examples of the types of offline data you may want to ingest and merge with your online data. What tools do I need?

Google Removes Adware-Laced Kids' Apps From Play Store

WIRED Threat Level

After over a million downloads, the Tekya-infected Android offerings are finally on ice. Security Security / Security News

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Automated Tools Make Cyberattacks Easier to Pull Off

Dark Reading

Gone are the days when threat actors had to actually spend time and effort planning and developing an attack on their own, Recorded Future says

50

New York Attorney General asks domain registrars to crack down on coronavirus scam sites

Security Affairs

New York Attorney General asks domain registrars, including GoDaddy, and Namecheap, to crack down on coronavirus scam sites. The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day. The New York Attorney General asks GoDaddy , Namecheap, Register.com, and Endurance International Group and other domain registrars to crack down on Coronavirus scam sites.

COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps

Data Matters

The COVID-19 crisis has created significant cybersecurity risks for organizations across the world, particularly arising from remote working, scams and phishing attacks, and weakened information governance controls. These risks warrant attention by legal counsel and information security officers in light of potentially significant adverse legal, financial and reputational consequences that could arise – all while the organization is dealing with effects of a global pandemic.

Adobe addressed a critical vulnerability in Adobe Creative Cloud App that allows deleting files

Security Affairs

Adobe has addressed a critical vulnerability in its Creative Cloud desktop application that can be exploited by hackers to delete arbitrary files. Adobe has fixed a critical vulnerability in its Creative Cloud desktop application that can be exploited by attackers to delete arbitrary files. Creative Cloud is a collection of 20+ desktop and mobile apps and services for photography, design, video, web, UX and more.

Cloud 47

Nurturing relationships while working remotely

OpenText Information Management

In the midst of media reports of job cuts and business closures, the Bank of America has just announced the hiring of 1700 new employees into critical support roles. As more and more people are instructed to stay at home, it’s impossible to overestimate the importance of seamless and continuous engagements with financial services customers. … The post Nurturing relationships while working remotely appeared first on OpenText Blogs.

Vulnerability Management Isn't Just a Numbers Game

Dark Reading

Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory

43

PRO BONO REMOTE WORKSHOPS ON MANAGING ELECTRONIC CONTENT & INFORMATION SYSTEMS FOR NON-PROFITS AND HUMANITARIAN ORGANIZATIONS

IG Guru

As you may know I’ve been advising on managing electronic records & content management systems for many years. Even with good technology, if a process for sharing & implementing collaborative content is not in place, you run a 60-80% chance of failure. I have a soft spot for non-profits & humanitarian organizations. I’d like to […].

WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike

Threatpost

The DarkHotel group could have been looking for information on tests, vaccines or trial cures. Critical Infrastructure Government Hacks Web Security apt coronavirus COVID-19 cure cyberattack Darkhotel espionage impersonation attacks testing vaccine world health organization