Fri.Sep 25, 2020

Federal Agency Hacked Using Stolen Office 365 Credentials

Data Breach Today

CISA: Hacker Apparently Exploited VPN Vulnerabilty The U.S.

Who is Tech Investor John Bernard?

Krebs on Security

John Bernard , the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups , appears to be a pseudonym for John Clifton Davies , a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How a Phishing Awareness Test Went Very Wrong

Data Breach Today

Tribune Publishing Co. Employees Outraged at Phishing Test Teasing a Bonus Training employees to resist phishing emails is key to preventing compromises. But an exercise run by Tribune Publishing Co. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships

Source Code of Windows XP, Server 2003 leaked

Security Affairs

The source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on bulletin board website 4chan.

IT 89

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

GDPR Compliance Used as Phishing Lure

Data Breach Today

Campaign Designed to Steal Credentials A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security

More Trending

Facebook Removes More Accounts Linked to Russia

Data Breach Today

Latest Social Media Crackdown Comes As FBI Issues Fresh Warning on Election Interference Facebook is again cracking down on fake accounts and pages linked to a Russian IRA troll farm or the country's military intelligence units that were being used for disinformation campaigns. Meanwhile, the FBI issued a fresh warning that threat actors are attempting to target U.S. voting infrastructure

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes. The configuration of the VPN solutions is important to keep organizations secure and to avoid dangerous surprises.

IoT 84

Warning: Attackers Exploiting Windows Server Vulnerability

Data Breach Today

Attacks Targeting 'Zerologon' Vulnerability Spotted in the Wild Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Security Affairs

Cisco patched 34 high-severity flaws affecting its IOS and IOS XE software, some of them can be exploited by a remote unauthenticated attacker. Cisco on Thursday released security patches for 34 high-severity vulnerabilities affecting its IOS and IOS XE software. The IT giant issued 25 advisories as part of the September 2020 semiannual IOS and IOS XE Software Security Advisory Bundled Publication.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Calls Grow to Restore White House Cybersecurity Leader Role

Data Breach Today

Lack of Cybersecurity Leadership, Direction Cited by Government Watchdog The U.S. Government Accountability Office is urging Congress to pass legislation to reestablish the White House cybersecurity coordinator role, to coordinate the government's response to online attacks and other cybersecurity challenges facing the nation

6 Things to Know About the Microsoft 'Zerologon' Flaw

Dark Reading

Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns

77

Analysis: Are Darknet Markets Here to Stay?

Data Breach Today

The latest edition of the ISMG Security Report features an analysis on why criminals continue to use darknet markets, despite the risks. Also featured: Hackers target Virgin Mobile KSA; coping with COVID-19 stress

CISA says federal agency compromised by malicious cyber actor

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and exfiltrated data. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a hacker breached a US federal agency and threat actors exfiltrated data. CISA published a detailed incident report related to the incident but didn’t disclose the name of the hacked agency.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Premera Blue Cross Slapped With $6.8 Million HIPAA Fine

Data Breach Today

Penalty Is Second Largest Ever Issued Premera Blue Cross has agreed to pay a $6.85 million fine, the second largest HIPAA settlement ever announced by federal regulators. The case stems from a 2014 breach, which went undetected for nine months and exposed the information of 10.4 million individuals

135
135

Twitter warns developers of possible API keys leak

Security Affairs

Twitter is warning developers that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. Twitter is sending emails to developers to warn them that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. According to the social media firm, the browser used by developers may have cached the sensitive data while accessing certain pages on developer.twitter.com.

Why Encrypted Chat Apps Aren't Replacing Darknet Markets

Data Breach Today

Many Vendors of Illegal Drugs, Weapons, Hacking Tools Prefer Markets With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. But encrypted apps have their own downsides

Navigating the Asia-Pacific Threat Landscape: Experts Dive In

Dark Reading

At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare

66

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The Swiss Parliament Agrees on the Draft Bill of a New Data Protection Act

Data Matters

After three years of discussions and in a final debate, the Swiss parliament has agreed on the final draft bill of a new and modernized data protection law. In particular, the National Council and the Council of States found a compromise on the these outstanding issues: Definition of the term “profiling” (Article 4 (f) and (fbis) nDPA): The two chambers followed the suggestion of the Council of States to introduce “high risk profiling” in addition to normal “profiling”.

Getting Over the Security-to-Business Communication Gap in DevSecOps

Dark Reading

Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff

FortiGate VPN Default Config Allows MitM Attacks

Threatpost

The client's default configuration for SSL-VPN has a certificate issue, researchers said. IoT Vulnerabilities Web Security Authentication certificate default configuration fortigate Fortinet Man in the middle attack small and medium sized businesses ssl vpn VPN

RASP 101: Staying Safe With Runtime Application Self-Protection

Dark Reading

The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know

62

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

NAGARA Fall Online Forum 2020 Pre-Approved for Credits by ACA, ARMA, and the ICRM on 10/30

IG Guru

NAGARA’s 2020 Fall Online Forum: ARCHIVES! has been pre-approved for 5.0 CEUs by ARMA International, 5.0 ARCs from ACA, and 5.0 CMPs from ICRM. There’s no better way to maintain your certifications than by attending the 2020 Fall Online Forum!

CEO of NS8 Charged with Securities Fraud

Schneier on Security

The founder and CEO of the Internet security company NS8 has been arrested and “charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud.” ” I admit that I’ve never even heard of the company before. Uncategorized cybersecurity fraud

Sales 59

Ring’s Flying In-Home Camera Drone Escalates Privacy Worries

Threatpost

Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone. IoT Privacy 2FA always home cam amazon concerns Connected Device Data security drone End to end encryption Internet of things Multi Factor Authentication Ring security camera Smart Home surveillance Two Factor Authentication video surveillance

Polish police shut down major group of hackers in the country

Security Affairs

Polish police dismantled a major group of hackers that was behind several criminal activities, including ransomware attacks, and banking fraud. Polish authorities have dismantled a major hacker group that was involved in multiple cybercrime activities, including ransomware attacks, malware distribution, SIM swapping, banking fraud, running rogue online stores, and even making bomb threats at the behest of paying customers.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

The Top Six Benefits of Data Modeling – What Is Data Modeling?

erwin

Understanding the benefits of data modeling is more important than ever. Data modeling is the process of creating a data model to communicate data requirements, documenting data structures and entity types. It serves as a visual guide in designing and deploying databases with high-quality data sources as part of application development.

The Best Chrome Extensions to Prevent Creepy Web Tracking

WIRED Threat Level

Ad trackers follow you everywhere online—but it doesn’t have to be that way. Security Security / Security Advice

IT 55

Industrial Cyberattacks Get Rarer but More Complex

Threatpost

The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks. Critical Infrastructure IoT Malware Most Recent ThreatLists attack volume building automation COVID-19 Cyberattacks first half 2020 gas Industrial Control Systems Kaspersky Oil ransomware Remote Desktop Protocol remote working the report work from home Worms