Thu.Aug 06, 2020

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.

Twitter Rushes to Fix Flaw in Android Version

Data Breach Today

Vulnerability Could Enable Hackers to Access User Data, Including Direct Messages Twitter rushed out a fix for a flaw in the Android version of its social media platform that could have allowed hackers to access user data, including within the direct message feature. The news comes as more details have emerged about a recent Twitter hacking incident

Access 161

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry

WIRED Threat Level

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more. Security Security / Cyberattacks and Hacks

Canon USA Websites Offline Following Cyber Incident

Data Breach Today

Outage Happened After Data Disappeared From Company's Cloud Platform Several Canon USA corporate websites remained offline Thursday after the company reportedly sustained a ransomware attack. Earlier, the imaging company reported user data was missing from a cloud database

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

How to Talk Technology When You’re Not Technical

AIIM

Some people are hyper-technical, and they can be intimidating if you don’t feel technically minded. It can feel like you’re not even speaking the same language as they seem to bury you in TLAs and FLAs (Three-Letter Acronyms and Four-Letter Acronyms). Information professionals can communicate with their technical colleagues – even when they’re not that technical. Driving Forces. How many people really understand what’s going on in their car as they drive down the road?

More Trending

The NSA on the Risks of Exposing Location Data

Schneier on Security

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance.

Risk 74

Election Security: A Harsh Assessment

Data Breach Today

Security Researcher, CISA Director Raise Serious Concerns A security researcher says voting equipment in the U.S. is still riddled with security flaws that opportunistic foreign adversaries could use to pose a threat to the November election. Meanwhile, the director of CISA calls Russian ransomware attacks one of the biggest threats to the election

The Quest to Liberate $300,000 of Bitcoin From an Old Zip File

WIRED Threat Level

The story of a guy who wouldn't let a few quintillion possible decryption keys stand between him and his cryptocurrency. Security Security / Security News

Building a Stronger Security Infrastructure

Data Breach Today

Insights on Protecting Customer Data During the Pandemic As organizations collect more consumer data during the COVID-19 pandemic, how can they protect it? Peter Yapp, former deputy director at the UK's National Cyber Security Center, provides insights on building a stronger security infrastructure

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Ripple20: More Vulnerable Devices Identified

Dark Reading

Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities

Banking on Uncertainty - The Future of Financial Crime and Compliance

Data Breach Today

Even before the pandemic set us on the road to a global recession, many banks were struggling to balance the polarising pressures of a changing world and keeping to business as usual

3 Tips For Better Security Across the Software Supply Chain

Dark Reading

It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain

IT 66

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

Netwalker ransomware operators breached the networks of Forsee Power , a well-known player in the electromobility market. A new company has been added to the list of the victims of the Netwalker ransomware operators, it is Forsee Power , which provides advanced lithium-ion battery systems for any mobility application.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The Feds Want These Teams to Hack a Satellite—From Home

WIRED Threat Level

Meet the hackers who, this weekend, will try to commandeer an actual orbiter as part of a Defcon contest hosted by the Air Force and the Defense Digital Service. Security Security / Cyberattacks and Hacks Science

Getting to the Root: How Researchers Identify Zero-Days in the Wild

Dark Reading

Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it

IT 62

I'm Partnering with NordVPN as a Strategic Advisor

Troy Hunt

I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there: But one of them is literally called “Secure VPN”, how is this possible?! Are You Using These VPN Apps?

2019 Breach Leads to $80 Million Fine for Capital One

Dark Reading

The fine is part of a series of steps required by the Office of the Comptroller of the Currency

60

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

The Subtle Tricks Shopping Sites Use to Make You Spend More

WIRED Threat Level

Through deceptive designs known as “dark patterns,” online retailers try to nudge you toward purchases you wouldn’t otherwise make. Security Security / Security Advice

Exploiting Google Cloud Platform With Ease

Dark Reading

Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement

Cloud 60

Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros

Threatpost

At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users. Black Hat Mobile Security apple black hat USA 2020 CVE-2019-1457 Exploit exploit chain macOS macros macros attacks Microsoft Microsoft Office Patrick Wardle vulnerability zero-click

Using IoT Botnets to Manipulate the Energy Market

Dark Reading

Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Canon Admits Ransomware Attack in Employee Note, Report

Threatpost

The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems, reportedly thanks to the Maze gang. Breach Hacks Malware Web Security Canon confirmation consumer electronics cyberattack employee memo garmin maze Outage Ransomware Attack us website

Four Rules and Three Tools to Protect Against Fake SaaS Apps

Dark Reading

Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe

IT 58

Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs

Threatpost

Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed. Black Hat Vulnerabilities Black Hat USA Car hacks car vulnerability connected car e-series Mercedes-Benz patch remote start remote unlock SSRF

A Mix of Optimism and Pessimism for Security of the 2020 Election

Dark Reading

DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November's election

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

What Is Data Literacy?

erwin

How Data Literacy Turns Data from a Burden to a Benefit. Today, data literacy is more important than ever. Data is now being used to support business decisions few executives thought they’d be making even six months ago.

Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl

Dark Reading

SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets

Risk 56

Navigational Charts added to NARA’s Format Guidance Bulletin

National Archives Records Express

This post is written by Sharmila Bhatia and Michael Horsley. We have added Navigational Charts to Appendix A: Table of File Formats of NARA Bulletin 2014-04, Format Guidance for the Transfer of Permanent Records. Records in this format can now be transferred as permanent records to the National Archives. NAID 102279243 1799 A Map of the Head of Chesapeake Bay and Susquehanna River, Shewing the Navigation of the same with a Topographical description Country from an actual Survey by C.