Wed.Nov 18, 2020

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.

As Businesses Move to Multicloud Approach, Ransomware Follows

Dark Reading

The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change

Cloud 97

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Gaming Company Confirms Ragnar Locker Ransomware Attack

Data Breach Today

Capcom Says Over 350,000 Customer, Business Records Possibly Compromised Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records potentially compromised, including sales and shareholder data.

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Security Affairs

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Latest Ransomware Trends: Lessons to Learn

Data Breach Today

Learning From Difficult Recoveries and Advice in Government Alerts As ransomware attacks on the healthcare sector continue to surge, entities should heed the lessons emerging from these incidents as well as the advice provided in alerts from government agencies, security experts say

More Trending

Brace for DNS Spoofing: Cache Poisoning Flaws Discovered

Data Breach Today

Fixes Arriving to Safeguard DNS Against Newly Found 'SAD DNS' Side-Channel Attack Researchers are warning that many domain name system server implementations are vulnerable to a spoofing attack that allows attackers to redirect, intercept and manipulate traffic.

168
168

Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women

WIRED Threat Level

A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored. Security Security / Security News

IT 85

Accused Ringleader of FIN7 Hacking Group Pleads Guilty

Data Breach Today

Andrii Kolpakov Faces 25 Years for Wire Fraud And Conspiracy, Documents Show An accused ringleader of the notorious FIN7 hacking group, which prosecutors say stole 15 million payment cards over several years, has pleaded guilty to multiple federal charges, according to court documents.

159
159

How to Identify Cobalt Strike on Your Network

Dark Reading

Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike

79

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Cybersecurity Leadership: '2020 Has Been the Perfect Storm'

Data Breach Today

CEOS and CISOs on the New Challenges to Securing Data With COVID-19 as a backdrop and 5G on the horizon, what will be 2021's top issues in identifying, protecting and defending against attacks across a dramatically expanded threat landscape?

Online Shopping Surge Puts Focus on Consumer Security Habits

Dark Reading

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say

Chinese Hacking Group Suspected of Far-Reaching Campaign

Data Breach Today

Researchers: 'FunnyDream' Targeted Over 200 Entities in Southeast Asia A recently identified Chinese hacking group dubbed "FunnyDream" has targeted more than 200 government entities in Southeast Asia since 2018 as part of an ongoing cyberespionage campaign, according to research from Bitdefender

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

North Korean Hackers Suspected of Supply-Chain Attacks

Data Breach Today

ESET: Attackers Used Hijacked Software to Target South Korean Organizations North Korean hackers are suspected of carrying out a novel-supply chain attack that targeted businesses in South Korea using stolen digital certificates, according to researchers with ESET.

139
139

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

Researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability. .

Widespread Scans Underway for RCE Bugs in WordPress Websites

Threatpost

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Vulnerabilities Web Security epsilon framework Hackers internet scans probes RCE remote code execution Security Vulnerabilities site takeover themes WordFence wordpress

Cisco fixed flaws in WebEx that allow ghost participants in meetings

Security Affairs

Cisco has addressed three flaws in Webex Meetings that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings

Dark Reading

Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them

71

Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping

Threatpost

Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.

Researchers Say They've Developed Fastest Open Source IDS/IPS

Dark Reading

With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab

70

Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole

Threatpost

Overall Google's Chrome 87 release fixed 33 security vulnerabilities. Vulnerabilities Web Security chrome 87 Chrome 87.0.4280.66 CVE-2020-16022 google Google Chrome high severity flaw Linux Mac NAT device NAT Streamslipping TCP UDP Windows

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Out With the Old Perimeter, in With the New Perimeters

Dark Reading

A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly

66

LAPD Bans Facial Recognition, Citing Privacy Concerns

Threatpost

The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.

Data flow mapping key to EU–third country data transfers

IT Governance

When the European Court of Justice invalidated the EU–US Privacy Shield earlier this year, organisations were left unsure about how to legally transfer personal data into and out of the EU.

2020 LaARMA NOSTRA CERTIFICATION REIMBURSEMENT AWARDS ANNOUNCED via AIEF

IG Guru

Palmyra, NJ (October 28,2020) – The Foundation (ARMA International Educational Foundation) is pleased to announce the recipients of the 2020 LaARMA Nostra Certification Reimbursement Awards.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

The evolution of investigation and early case assessment

OpenText Information Management

Facing ever-increasing legal, regulatory and resource pressures, corporate counsel and their external legal advisors must stay ahead of the curve to protect and promote their organization’s best interests.

Smart changes in store

Micro Focus

How Kmart modernized using AWS and Micro Focus Introduction A recent Forbes article commented, “COVID-19 will be remembered for many things and what’s becoming indisputable is how it is rapidly transforming business”.

IT 52

Webinar: Hands-on Records in a Hands-off World on Thursday, November 19th @ 12pm EST via Mid-Michigan ARMA

IG Guru

Contact mailto: midmichiganARMA@gmail.com for login information. The post Webinar: Hands-on Records in a Hands-off World on Thursday, November 19th @ 12pm EST via Mid-Michigan ARMA appeared first on IG GURU. ARMA Compliance IG News Record Retention Records Management Risk News Standards Storage Webinar ARMA Mid-Michigan COVID-19 Records Storage Retention