Thu.Nov 19, 2020

Chinese Hackers Exploit Zerologon Flaw for Cyberespionage

Data Breach Today

Researchers: 'Cicada' Campaign Targeting Japanese Companies The Chinese hacking group "Cicada" is exploiting the critical Zerologon vulnerability in Windows Server as part of a cyberespionage campaign that's mainly targeting Japanese companies' locations around the world, according to the security firm Symantec.

ISP Security: Do We Expect Too Much?

Dark Reading

With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. But is the security provided by ISPs good enough to be the only security SMBs and remote employees need

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Synthetic ID Fraud: Risk Mitigation Strategies

Data Breach Today

Meridian Credit Union's Saif Nawaz on Using New Technologies As synthetic ID fraud in the financial services sector continues to rise next year, organizations must use new technologies to mitigate the risks, says Saif Nawaz of Meridian Credit Union in Canada

Risk 188

A Facebook Messenger Flaw Could Have Let Hackers Listen In

WIRED Threat Level

The vulnerability was found through the company's bug bounty program, now in its tenth year. Security Security / Security News

IT 98

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Fresh Malware Targets Brazilian E-Commerce Site Users

Data Breach Today

Researchers Discover Phishing Campaign Spoofs Site Researchers at the security firm Cybereason have uncovered a multistage malware variant that evades antivirus tools and is targeting users of a major Brazilian e-commerce site

More Trending

Using an 'Intrinsic Security' Approach

Data Breach Today

Organizations need to build security into their cloud environments to help thwart cyberthreats, says Tom Com of VMware, who describes this "intrinsic security" approach

Cloud 159

Go SMS Pro Messaging App Exposed Users' Private Media Files

Dark Reading

The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages

88

The US Military Buys Commercial Location Data

Schneier on Security

Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned.

The Yellow Brick Road to Risk Management

Dark Reading

Beginning the journey to risk management can be daunting, but protecting your business is worth every step

Risk 84

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Inside the Cit0Day Breach Collection

Troy Hunt

It's increasingly hard to know what to do with data like that from Cit0Day. If that's an unfamiliar name to you, start with Catalin Cimpanu's story on the demise of the service followed by the subsequent leaking of the data.

Cybercriminals Get Creative With Google Services

Dark Reading

Attacks take advantage of popular services, including Google Forms and Google Docs

81

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Threatpost

Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.

IoT 110

New Proposed DNS Security Features Released

Dark Reading

Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Drupal addressed CVE-2020-13671 Remote Code Execution flaw

Security Affairs

Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671.

CMS 75

Telos Goes Public

Dark Reading

Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut

REvil ransomware demands 500K ransom to Managed.com hosting provider

Security Affairs

Managed web hosting provider Managed.com was hit with REvil ransomware that forced it to take down their servers and web hosting systems. Managed web hosting provider Managed.com was hit by a REvil ransomware attack over the weekend that took their servers and web hosting systems offline.

IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk

Threatpost

Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices.

IoT 107

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Nation-state actors from Russia, China, Iran, and North Korea target Canada

Security Affairs

Canada Centre for Cyber Security warns of risks related to state-sponsored programs from China, Russia, Iran, and North Korea.

Japanese Gaming Company Capcom Confirms Ransomware Attack, Compromised User Data

Adam Levin

Capcom Co., the Japanese video game company known for Street Fighter and Resident Evil, has confirmed the compromise of personally identifiable information (PII) associated with over 350,000 customers, business partners, and employees of the gaming giant.

Tis’ the Season for Online Holiday Shopping; and Phishing

Threatpost

Watch out for these top phishing approaches this holiday season. InfoSec Insider Web Security brian foster COVID-19 holiday season infosec insider mobiliron online shopping phishing lures Smishing Spear Phishing top phishing types Vishing

2021 Cybersecurity Spending: How to Maximize Value

Dark Reading

This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

Threatpost

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks.

CIPL Submits Response to China’s Personal Information Protection Law

Hunton Privacy

On November 18, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the Standing Committee of the National People’s Congress (“NPC”) of the People’s Republic of China on the Draft Personal Information Protection Law (“PIPL”).

GDPR 101

Leveraging manufacturing data in a smart, connected and secure way

OpenText Information Management

Recently, there’s been increasing talk about how both the Industrial Internet of things (IIoT) and Digital Twins play a crucial role in an organization’s response to the pandemic. However, the same challenge remains and is potentially magnified by the current crisis.

Unpatched Browsers Abound, Study Shows

Dark Reading

Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome, Menlo Security says

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Food-Supply Giant Americold Admits Cyberattack

Threatpost

A reported ransomware attack took down operations at the company, which in talks for COVID-19 vaccine-distribution contracts. Critical Infrastructure Malware americold cold storage conagra COVID-19 vaccine cyberattack food supply chain operations OT ransomware vaccine distribution vaccine storage

Iowa Hospital Alerts 60K Individuals Affected by June Data Breach

Dark Reading

The data breach began with a compromised employee email account

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks

Threatpost

While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks - from phishing to ransomware.