Wed.Aug 05, 2020

FBI Warns of Serious Risks Posed by Using Windows 7

Data Breach Today

Bureau Says Attackers Can Use Vulnerable RDP Connections to Access Networks The FBI is warning organizations that are still using Microsoft Windows 7 they are in danger of attackers exploiting vulnerabilities in the unsupported operating system to gain network access. The agency points to an uptick in such attack attempts

Risk 174

Dutch Hackers Found a Simple Way to Mess With Traffic Lights

WIRED Threat Level

By reverse-engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world. Security Security / Cyberattacks and Hacks

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How WastedLocker Evades Anti-Ransomware Tools

Data Breach Today

Sophos Says Malware Designed to Avoid Security Measures WastedLocker, a ransomware strain that reportedly shut down Garmin's operations for several days in July, is designed to avoid security tools within infected devices, according to a technical analysis from Sophos

Hackers can abuse Microsoft Teams updater to deliver malicious payloads

Security Affairs

Threat actors can abuse Microsoft Teams updater to retrieve and execute malicious code from a remote location. Security experts from Trustwave detailed the Living Off the Land technique that could allow a threat actor to abuse the MS Teams Updater to download any binary or malicious payload from a remote server. The bad news is that the issue could not be easily addressed because it is a design flaw.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Garmin Reportedly Paid a Ransom

Data Breach Today

Company Says 'Temporary Limitations' on Services Continue Garmin, a fitness tracker and navigation device firm, apparently paid a ransom to recover from a July 23 security incident that encrypted several of its systems, according to two news reports as well as expert analysis. The company says it's still experiencing 'temporary limitations" on services

More Trending

A Flaw Used by Stuxnet Wasn't Fully Fixed

Data Breach Today

Black Hat Conference Research Spots Windows Print Spooler Problems Vulnerabilities in the Microsoft Windows print spooler, an aging but important component, will be discussed at the Black Hat security conference on Thursday. The vulnerabilities are rooted in patches that Microsoft created to fix issues exploited by Stuxnet, the malware that hampered Iran's nuclear program

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data.

NSA: Beware of Devices Collecting Location Data

Data Breach Today

Warning Intended Primarily for National Security, Defense Users The NSA has issued an alert warning those working in the national security and defense sectors to mitigate the risks posed by mobile and internet of things devices, along with apps, that collect location data

Risk 119

Why Confidential Computing Is a Game Changer

Dark Reading

Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together

Cloud 71

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Behavioral Biometrics: Avoiding Mistakes

Data Breach Today

Too many companies that are implementing behavioral biometrics to combat fraud lack a complete understanding of how to make the most of the technology, says David Lacey, managing director at IDCARE, Australia and New Zealand's not-for-profit national identity and cyber support service

114
114

FBI is warning of cyber attacks against Windows 7 systems that reached end-of-life

Security Affairs

The FBI warned private industry partners of risks impacting companies running Windows 7 after the Microsoft OS reached the end of life on January 14. The Federal Bureau of Investigation is warning companies running Windows 7 systems of the greater risk of getting hacked because the Microsoft OS has reached the end of life on January 14. Early this week, the FBI has sent a private industry notification (PIN Number 20200803-002) to partners in the US private sector.

Does remote working affect the cost of a data breach?

IT Governance

Since the start of the COVID-19 pandemic, experts have warned that the switch to remote working would negatively affect organisations’ ability to detect and contain security incidents. Of course, many employers didn’t have a choice. Government guidelines in the UK and many other parts of the world urged people to work from home wherever possible. So what affect has this had on organisations’ cyber security?

Microsoft Teams Vulnerable to Patch Workaround, Researchers Report

Dark Reading

Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads

67

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Flaw in popular NodeJS ‘express-fileupload’ module allows DoS attacks and code injection

Security Affairs

Expert found a flaw in a popular NodeJS module that can allow attackers to perform a denial-of-service (DoS) attack on a server or get arbitrary code execution. The NodeJS module “ express-fileupload ,” which has more that 7.3 million times downloads from the npm repository. The NodeJS module is affected by a ‘Prototype Pollution’ CVE-2020-7699 vulnerability that can allow attackers to perform a denial-of-service (DoS) attack on a server or inject arbitrary code.

IT 64

Pen Testers Who Got Arrested Doing Their Jobs Tell All

Dark Reading

Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers

63

Exclusive: TIM’s Red Team Research finds 4 zero-days in WOWZA Streaming Engine product

Security Affairs

Researchers from TIM’s Red Team Research (RTR) have discovered another 4 new zero-day vulnerabilities in the WOWZA Streaming Engine product. Last month, the TIM’s Red Team Research (RTR) disclosed 2 new vulnerabilities affecting the Oracle Business Intelligence product with High severity.

DDoS Attacks Doubled in Q2 Compared with Prior Quarter

Dark Reading

Most attacks were small, but the big ones got bigger than ever, Cloudflare says

61

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Voting Machine Makers Are Finally Playing Nice With Hackers

WIRED Threat Level

After years of secrecy, one major election tech company is giving more hackers a look under the hood. Security Security / Security News

3 Tips for Securing Open Source Software

Dark Reading

Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate

Cyber Defense Magazine – August 2020 has arrived. Enjoy it!

Security Affairs

Cyber Defense Magazine august 2020 Edition has arrived. We hope you enjoy this month’s edition…packed with over 147 pages of excellent content. OVER 145 PAGESALWAYS FREE – LOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached.

B2C 53

What A Security Engineer & Software Engineer Learned By Swapping Roles

Dark Reading

A security engineer and infrastructure engineer with Salesforce share lessons learned from their professional role reversal, and advice for people on both teams

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

iOS 14’s Best Privacy Feature? Catching Data-Grabbing Apps

WIRED Threat Level

Apple's new operating system hasn't been released to the public yet, but its new permission notifications are already shaming developers into cleaning up their acts. Security Security / Security News

Attack of the Clone: Next-Gen Social Engineering

Dark Reading

NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections

IT 58

Microsoft Teams Patch Bypass Allows RCE

Threatpost

An attacker can hide amidst legitimate traffic in the application's update function. Cloud Security Vulnerabilities Web Security microsoft teams patch bypass remote code execution remote file share Samba security vulnerability SMB TrustWave update function

Cloud 74

Supporting Women in InfoSec

Dark Reading

Maxine Holt, research director from Omdia, explains why the time is right for women to step into more cybersecurity jobs now

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Twitter Fixes High-Severity Flaw Affecting Android Users

Threatpost

A vulnerability in Twitter for Android could have allowed attackers to access private direct messages (DMs) and other data. Mobile Security Vulnerabilities Android Data Privacy FTC Mobile security twitter twitter flaw twitter for android twitter security vulnerability

Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020

Dark Reading

Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus

NSA releases a guide to reduce location tracking risks

Security Affairs

The United States National Security Agency (NSA) is warning of risks posed by location services for staff who work in defence or national security. The United States National Security Agency (NSA) published a new guide to warn of the risks posed by location services for staff who work in defence or national security. The guide , titled “Limiting Location Data Exposure” warn of geolocation features implemented by smartphones, tablets, and fitness trackers.

Risk 51