Wed.Nov 18, 2020

Microsoft Warns of Office 365 Phishing Attacks

Data Breach Today

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials.

As Businesses Move to Multicloud Approach, Ransomware Follows

Dark Reading

The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change

Cloud 111
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Gaming Company Confirms Ragnar Locker Ransomware Attack

Data Breach Today

Capcom Says Over 350,000 Customer, Business Records Possibly Compromised Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records potentially compromised, including sales and shareholder data.

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Security Affairs

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Latest Ransomware Trends: Lessons to Learn

Data Breach Today

Learning From Difficult Recoveries and Advice in Government Alerts As ransomware attacks on the healthcare sector continue to surge, entities should heed the lessons emerging from these incidents as well as the advice provided in alerts from government agencies, security experts say

More Trending

Cybersecurity Leadership: '2020 Has Been the Perfect Storm'

Data Breach Today

CEOS and CISOs on the New Challenges to Securing Data With COVID-19 as a backdrop and 5G on the horizon, what will be 2021's top issues in identifying, protecting and defending against attacks across a dramatically expanded threat landscape?

Telegram Still Hasn’t Removed an AI Bot That’s Abusing Women

WIRED Threat Level

A deepfake bot has been generating explicit, non-consensual images on the platform. The researchers who found it say their warnings have been ignored. Security Security / Security News

IT 103

Brace for DNS Spoofing: Cache Poisoning Flaws Discovered

Data Breach Today

Fixes Arriving to Safeguard DNS Against Newly Found 'SAD DNS' Side-Channel Attack Researchers are warning that many domain name system server implementations are vulnerable to a spoofing attack that allows attackers to redirect, intercept and manipulate traffic.

157
157

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Accused Ringleader of FIN7 Hacking Group Pleads Guilty

Data Breach Today

Andrii Kolpakov Faces 25 Years for Wire Fraud And Conspiracy, Documents Show An accused ringleader of the notorious FIN7 hacking group, which prosecutors say stole 15 million payment cards over several years, has pleaded guilty to multiple federal charges, according to court documents.

148
148

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

Researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability. .

Chinese Hacking Group Suspected of Far-Reaching Campaign

Data Breach Today

Researchers: 'FunnyDream' Targeted Over 200 Entities in Southeast Asia A recently identified Chinese hacking group dubbed "FunnyDream" has targeted more than 200 government entities in Southeast Asia since 2018 as part of an ongoing cyberespionage campaign, according to research from Bitdefender

Cisco fixed flaws in WebEx that allow ghost participants in meetings

Security Affairs

Cisco has addressed three flaws in Webex Meetings that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants.

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

North Korean Hackers Suspected of Supply-Chain Attacks

Data Breach Today

ESET: Attackers Used Hijacked Software to Target South Korean Organizations North Korean hackers are suspected of carrying out a novel-supply chain attack that targeted businesses in South Korea using stolen digital certificates, according to researchers with ESET.

141
141

Online Shopping Surge Puts Focus on Consumer Security Habits

Dark Reading

Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say

Smart changes in store

Micro Focus

How Kmart modernized using AWS and Micro Focus Introduction A recent Forbes article commented, “COVID-19 will be remembered for many things and what’s becoming indisputable is how it is rapidly transforming business”.

IT 89

How to Identify Cobalt Strike on Your Network

Dark Reading

Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike

87

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

Widespread Scans Underway for RCE Bugs in WordPress Websites

Threatpost

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers. Vulnerabilities Web Security epsilon framework Hackers internet scans probes RCE remote code execution Security Vulnerabilities site takeover themes WordFence wordpress

Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings

Dark Reading

Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them

82

Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole

Threatpost

Overall Google's Chrome 87 release fixed 33 security vulnerabilities. Vulnerabilities Web Security chrome 87 Chrome 87.0.4280.66 CVE-2020-16022 google Google Chrome high severity flaw Linux Mac NAT device NAT Streamslipping TCP UDP Windows

Data flow mapping key to EU–third country data transfers

IT Governance

When the European Court of Justice invalidated the EU–US Privacy Shield earlier this year, organisations were left unsure about how to legally transfer personal data into and out of the EU.

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

LAPD Bans Facial Recognition, Citing Privacy Concerns

Threatpost

The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.

Researchers Say They've Developed Fastest Open Source IDS/IPS

Dark Reading

With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab

75

Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping

Threatpost

Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.

Out With the Old Perimeter, in With the New Perimeters

Dark Reading

A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly

75

4 AI Hacks to Make Sales Teams More Efficient

Over the last two years, there’s been a 76 percent increase in AI adoption across sales organizations. For sales teams, AI opens up a world of new possibilities, including automating outreach, identifying best-fit buyers, and keeping CRMs flush with fresh data. Read on to learn the four AI hacks sales teams need to improve their performance. Download the eBook today!

The evolution of investigation and early case assessment

OpenText Information Management

Facing ever-increasing legal, regulatory and resource pressures, corporate counsel and their external legal advisors must stay ahead of the curve to protect and promote their organization’s best interests.

2020 LaARMA NOSTRA CERTIFICATION REIMBURSEMENT AWARDS ANNOUNCED via AIEF

IG Guru

Palmyra, NJ (October 28,2020) – The Foundation (ARMA International Educational Foundation) is pleased to announce the recipients of the 2020 LaARMA Nostra Certification Reimbursement Awards.

How to Choose the Right Access Management, Authentication and SSO Solution

Thales Cloud Protection & Licensing

How to Choose the Right Access Management, Authentication and SSO Solution. sparsh. Thu, 11/19/2020 - 06:33. The access management market has been more relevant this year than ever before.

B2C 62