Fri.May 29, 2020

Top Ransomware Attack Vectors: RDP, Drive-By, Phishing

Data Breach Today

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Breached 6 Unpatched Cisco Internal Servers

Data Breach Today

Servers Support Company's Virtual Networking Service Six internal servers that Cisco uses to support its virtual networking service were compromised earlier this month after the company failed to patch two SaltStack zero day vulnerabilities.

IT 237

MY TAKE: Technologists, privacy advocates point to flaws in the Apple-Google COVID-19 tracing app

The Last Watchdog

If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profoundly and permanently disrupted by the coronavirus pandemic.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Capital One Must Turn Over Mandiant's Forensics Report

Data Breach Today

Data Breach Class Action Lawsuit Plaintiffs Have Been Seeking the Findings Capital One has been ordered by a federal judge to turn over a forensics report covering its 2019 data breach, which has been sought by plaintiffs in a class-action lawsuit.

More Trending

NSA: Russian Hackers Targeting Vulnerable Email Servers

Data Breach Today

Sandworm Group Has Been Exploiting Flaw in Exim Servers Since 2019 A Russian government-backed hacking group that's been tied to a series of cyberespionage campaigns has been quietly exploiting a critical remote code execution vulnerability in Exim email servers since 2019, the U.S.

Steganography in targeted attacks on industrial enterprises in Japan and Europe

Security Affairs

Threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks, Kaspersky reported. Researchers from Kaspersky’s ICS CERT unit reported that threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks.

Revamped Valak Malware Targets Exchange Servers

Data Breach Today

Malware, Now Acting as an Infostealer, Spotted in US and Germany: Cybereason A recently revamped version of the Valak strain of malware is targeting Microsoft Exchange servers in the U.S. and Germany, according to recent research from Cybereason.

172
172

Bank of America Security Incident Affects PPP Applicants

Dark Reading

The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

OnDemand | Implementing Zero Trust

Data Breach Today

Enterprises Can Adopt Zero Trust While Leveraging Existing Identity And Access Controls. View this webinar and learn how implementing Zero Trust can deliver near term business value while reducing risk

Risk 156

All Links Are Safe. Right?

Dark Reading

Today is a perfect day for a security breach

Analysis: Surge in Attacks Against Banks

Data Breach Today

The latest edition of the ISMG Security Report analyzes why cyberattacks against banks have surged in recent weeks. Plus: The increasingly ruthless tactics of ransomware gangs; cybersecurity strategies for small businesses

Digital Distancing with Microsegmentation

Dark Reading

Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections

88

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Identity Verification in Healthcare: Revamping a Framework

Data Breach Today

A 15-year-old identity framework originally designed for narrow use by pharmaceutical companies is being revamped and updated for broader use in healthcare, says Kyle Neuman, managing director of SAFE Identity, an industry consortium and certification body that's coordinating the project

Bogus Security Technology: An Anti-5G USB Stick

Schneier on Security

Cisco Announces Patches to SaltStack

Dark Reading

The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available

84

Himera and AbSent-Loader Leverage Covid19 lures

Security Affairs

Researchers at ZLab spotted a new phishing campaign using Covid19 lures to spread Himera and Absent-Loader. . Introduction. During our Cyber Defense monitoring activities we intercepted waves of incoming emails directed to many companies under our protective umbrella.

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Abandoned Apps May Pose Security Risk to Mobile Devices

Dark Reading

Mobile providers don't often update users when applications are not supported by developers, security firm says

Risk 79

Steganography Anchors Pinpoint Attacks on Industrial Targets

Threatpost

Ongoing spear-phishing attacks aim at stolen Windows credentials for ICS suppliers worldwide. Critical Infrastructure Cryptography Malware Web Security ICS industrial targets Mimikatz Spear Phishing steganography suppliers targeted attacks

Four critical data management attributes for AI and digital transformation

IBM Big Data Hub

Many enterprises have a tangled data management system, comprised of an assortment of products assembled together, in an attempt to meet the complex needs of modern day data management.

NSA Warns of Sandworm Backdoor Attacks on Mail Servers

Threatpost

The Russian spy group, a.k.a. BlackEnergy, is actively compromising Exim mail servers via a critical security vulnerability. Government Vulnerabilities Web Security Black Energy critical vulnerability CVE-2019-10149 Cyberattacks Exim Exploit mail server NSA russia sandworm spy group warning

Pressure Points: How to Ensure Your B2B Pipeline Passes Inspection

This eBook highlights best practices for developing a pipeline management process that helps sales leaders and their team C.L.O.S.E (you’ll see what we mean in this eBook) more revenue through data-driven prospecting, stage analysis, and subsequent sales enablement.

Octopus Scanner Malware: open source supply chain attack via NetBeans projects on GitHub

Security Affairs

GitHub has issued a security alert warning of a malware campaign that is spreading on its platform via boobytrapped NetBeans Java projects.

ACLU Sues Clearview AI Over Faceprint Collection, Sale

Threatpost

Watchdog group said company has violated the Illinois BIPA and ‘will end privacy as we know it’ without intervention. Privacy ACLU biometric data Clearview AI Court case faceprint Identity theft Illinois Biometric Information Privacy Act Lawsuit legal complaint New York Security Vimeo

Sales 102

Facebook Announces Messenger Security Features that Don't Compromise Privacy

Schneier on Security

Note that this is " announced ," so we don't know when it's actually going to be implemented.

?Hack-For-Hire? Firms Spoof WHO To Target Google Credentials

Threatpost

Google TAG report reveals that "hack for hire" firms are tapping into the coronavirus pandemic via WHO phishing lures. Web Security activity coronavirus COVID-19 Cyberattacks google credentials google tag hack for hire influence campaigns Phishing Spear Phishing who

Marketing-Led Post-COVID-19 Growth Strategies

Businesses are laying off workers, shutting their doors (some permanently), and struggling to react to the radical destruction that coronavirus (COVID-19) is doing to our society and communities. Most have already sustained massive damage, and we still have yet to see the scope of impact of the global pandemic that has upended the globe. Any return to normalcy may seem far-off, but sales and marketing are on the front lines of restarting the economy. When the dust settles, we have a responsibility to turn our shock and grief into fierce determination, and lead the charge of responsible, strategic, sustainable future growth. However, there’s no team better suited to lead that charge than the marketing department. Marketers are uniquely positioned to provide creative solutions to aid their organization in times of change and chart a course for navigating success.

4 lessons for the pharma supply chain after COVID-19

OpenText Information Management

The medical supply chain has proved remarkably resilient during the Covid-19 crisis with drug shortages kept to a minimum. However, the pandemic has exposed a weakness in global supply chains that have to address as the world economy recovers. How should companies prepare for the next global shock?

IoT 67

ICT solutions provider NTT Com discloses security breach

Security Affairs

NTT Communications (NTT Com), a subsidiary of tech giant NTT Corp, disclosed a data breach that impacted hundreds of customers. NTT Communications (NTT Com) , a subsidiary of the tech giant NTT Corp, disclosed a data breach that impacted hundreds of customers.

Zscaler Buys Edge Networks

Dark Reading

The acquisition is Zscaler's second major buy this quarter

64