Wed.Jun 24, 2020

Ransomware Gangs Go (Lady) Gaga for Data Breaches

Data Breach Today

Extortionists Exfiltrating Data Before Crypto-Locking Systems Many ransomware gangs hell-bent on seeing a criminal payday have now added data-exfiltration to their shakedown arsenal. Gangs' extortion play: Pay us, or we'll dump stolen data. One massive takeaway is that increasingly, ransomware outbreaks also are data breaches, thus triggering breach-notification rules

Average Cost of a Data Breach: $116M

Dark Reading

Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Getting the Most From Information Security Investments

Data Breach Today

How to Avoid Addressing Problems 'Too Far Downstream' Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren't reaping maximum benefits. "We We are addressing problems too far downstream," he says

Frost & Sullivan databases available for sale on a hacker forum

Security Affairs

business consulting firm Frost & Sullivan suffered a data breach, a threat actor is offering for sale its databases on a hacker forum. firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. Frost & Sullivan is a business consulting firm involved in market research and analysis, growth strategy consulting, and corporate training across multiple industries.

Sales 82

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Evil Corp's 'WastedLocker' Campaign Demands Big Ransoms

Data Breach Today

Researchers: Cybercrime Group, Formerly Known for Dridex, Is Not Exfiltrating Data The Evil Corp cybercrime group, originally known for the Dridex banking Trojan, is now using new ransomware called WastedLocker, demanding ransom payments of $500,000 to $1 million, according to security researchers at NCC Group's Fox-IT

More Trending

Sodinokibi Ransomware Gang Targets POS Software

Data Breach Today

Symantec: Attackers Use Weaponized Cobalt Strike to Spread Malware The Sodinokibi ransomware gang is targeting point-of-sale payment device software after infecting networks with its crypto-locking malware, according to Symantec

COVID-19 Risks of Flying

Schneier on Security

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer than any other time in my adult life -- and I have no future flights scheduled. This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying. We know a lot more about how COVID-19 spreads than we did in March.

Risk 77

$90 Million Seized in Fraud Case Tied to BTC-e Exchange

Data Breach Today

Russian Alexander Vinnik Charged in Connection With Fraud Scheme Police have confiscated $90 million from a company allegedly owned by Alexander Vinnik, who is accused of money laundering and defrauding individuals through BTC-e, a cryptocurrency exchange he controlled

130
130

I think, therefore I modernize: introducing Enterprise Suite 6.0

Micro Focus

I need to change – IT needs to change Rapid and large-scale IT change is a very costly exercise. Worse still, it is fraught with risk, the IT world beset with uncomfortable stories of failed transformational programs. CIOs can ill-afford such risk. By reusing valuable, trusted core applications and data, a smarter approach is available. View Article.

Risk 76

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Nurses Allege Hospital Falsified COVID-19 Testing

Data Breach Today

Meanwhile, Hospital Alleges Workers Violated Patient Privacy Policies A lawsuit filed against a small Georgia hospital by four of its nurses who allege the facility "schemed to manufacture false negative COVID-19 test results" for several patients who previously tested positive is shining a light on delicate issues involving whistleblowers and the privacy of patient records

Von der Leyen said Chinese cyberattacks on EU hospitals cannot be tolerated

Security Affairs

European Commission President Ursula von der Leyen called out China for launching cyberattacks EU hospitals and health care institutions during the COVID-19 pandemic. European Commission President Ursula von der Leyen publicly linked to China a series of cyber attacks against EU hospitals and health care institutions during the COVID-1 9 pandemic.

Using AI for Improved Threat Detection

Data Breach Today

Enterprises need to move away from manual threat detection methods to leverage artificial intelligence, which can help boost defenses, says Dr. Jassim Haji, president of Artificial Intelligence Society, Bahrain Chapter

REvil ransomware gang scans healthcare victim’s network for PoS systems

Security Affairs

Symantec researchers observed REvil ransomware operators scanning one of their victim’s network for Point of Sale (PoS) servers. Symantec researchers observed REvil ransomware operators scanning one of their victim’s network for Point of Sale (PoS) servers. Researchers from Symantec’s Threat Intelligence team reported that the REvil ransomware operators have been observed while scanning one of their victim’s network for Point of Sale (PoS) servers.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Advantage CISO: Why Cybersecurity Should Shine in 2021

Data Breach Today

Expel CISO Bruce Potter on How to Influence Strategy and Budget It's a good time to be a CISO. You have the board's attention, and now you can use your position to ensure appropriate resources to tackle key challenges such as identity & access, cloud application security and third-party risk. Expel CISO Bruce Potter discusses how best to influence these decisions

No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it

Dark Reading

Government-mandated Internet shutdowns occur far more regularly than you might expect

VMware addresses critical flaws in Workstation and Fusion

Security Affairs

VMware addressed 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity code issues on the hypervisor. VMware has addressed 10 vulnerabilities affecting ESXi, Workstation and Fusion products, including critical and high-severity issues that can be exploited by attackers to execute arbitrary code on the hypervisor. The most serious issue is a critical use-after-free flaw, tracked as CVE-2020-3962, that affects the SVGA device.

“BlueLeaks” Exposes Huge Trove of Law Enforcement Data

Adam Levin

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. The data, called “BlueLeaks,” was shared online by a group called Distributed Denial of Secrets, or DDoSecrets), a Wikileaks-style organization committed to “enabling the free transmission of data in the public interest.”.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges. The CryptoCore group, aks Crypto-gang, “Dangerous Password”, and “Leery Turtle” has been active since 2018.

Google Will Delete Your Data by Default—in 18 Months

WIRED Threat Level

Starting today, the search giant will make a previously opt-in auto-delete feature the norm. Security Security / Privacy

Rethinking Enterprise Access, Post-COVID-19

Dark Reading

New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access

Self-Propagating Lucifer Malware Targets Windows Systems

Threatpost

A new devilish malware is targeting Windows systems with cryptojacking and DDoS capabilities. Malware Vulnerabilities Web Security Apache Struts command and control cryptojacking DDoS Exploit Lucifer malware Microsoft Windows oracle weblogic Windows XMRig miner

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Sanctions for the Loss of Ephemeral Messaging

ARMA International

ARMA is pleased to provide access to an article originally published on BloombergIndustry.com. Just how “ephemeral” are so-called ephemeral messages? In this article , former United States magistrate judge Ronald J. Hedges and Gail Gottehrer explore issues surrounding the potential for spoliation sanctions under Fed.

Cryptocurrency Pump and Dump Scams

Schneier on Security

Really interesting research: " An examination of the cryptocurrency pump and dump ecosystem ": Abstract : The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud. This paper examines pump and dump schemes. The recent explosion of nearly 2,000 cryptocurrencies in an unregulated environment has expanded the scope for abuse. We quantify the scope of cryptocurrency pump and dump schemes on Discord and Telegram, two popular group-messaging platforms.

Paper 58

Max Jaiswal on managing data for the world’s largest life insurer

IBM Big Data Hub

Max Jaiswal is the enterprise data team lead at AIA Australia , a pan-Asian life insurance company with presence in 18 markets across the Asia-Pacific region. The 100-year-old firm is the largest life insurer in the world, and the largest company on the Hong Kong stock exchange , with assets of USD $230 billion. The company’s brand promise is simple: to help people live healthier, longer, better lives

Necessity drives innovation in public sector

OpenText Information Management

As COVID-19 has swept the globe, it has sent many public sector organizations into crisis mode. The response from government agencies and departments has been impressive as they moved to handle these circumstances with a speed that few would have thought possible. For public sector technology, the COVID-19 crisis can be seen as a large beta … The post Necessity drives innovation in public sector appeared first on OpenText Blogs.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

IBM’s Cloud Pak for Data helps Wunderman Thompson build guideposts for reopening

IBM Big Data Hub

As communities and businesses worldwide look to understand the economic impact of COVID-19 and prepare for an eventual recovery, the biggest test of decision-making will be the data that will inform the business decisions. Was it trusted? Was it timely? Was it enough? To date, there are many efforts to release COVID-19 dashboards that can give us a hint on what to do next.

Risk 56

Apple Buys Fleetsmith

Dark Reading

The fleet management company becomes part of Apple in a deal announced today

53

Data and AI Virtual Forum recap: adopting AI is all about organizational change

IBM Big Data Hub

Follow @IBMAnalytics. During IBM’s first Data and AI Virtual Forum a Forrester-led panel of AI leaders, who happen to be women, discussed how their organizations have achieved business critical AI outcomes in the face of a known skill gap

52