Mon.Sep 14, 2020

CISA: Chinese Hackers Targeting US Agencies

Data Breach Today

Groups Exploiting Unpatched Vulnerabilities The U.S. Cybersecurity and Infrastructure Security Agency warns that hacking groups backed by the Chinese Ministry of State Security are exploiting several unpatched vulnerabilities to target federal agencies

Due Diligence That Money Can’t Buy

Krebs on Security

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Does This Exposed Chinese Database Pose a Security Threat?

Data Breach Today

ISMG View: Unless There's More To It, Database Appears to be Scraped Public Data A leaked database compiled by a Chinese company has suddenly become the focus of multiple media reports, warning that it could be used as an espionage instrument by Beijing.

Interesting Attack on the EMV Smartcard Payment Standard

Schneier on Security

It’s complicated , but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal.

Paper 108

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Russia-Backed Hackers Try to Harvest Office 365 Credentials

Data Breach Today

Microsoft Offers More Details on Group's Efforts to Target US Election Campaigns Microsoft is providing additional details about how a hacking group affiliated with Russian military intelligence is attempting to harvest Office 365 credentials associated with election campaigns in the U.S. and U.K.

More Trending

TikTok Reportedly Picks Oracle as US 'Technology Partner'

Data Breach Today

Chinese State Media Says TikTok Operations and Source Code Off Limits to US Buyers Potentially capping a fraught political showdown, China's TikTok, which is owned by Beijing-based ByteDance, has reportedly chosen Oracle to be its U.S. technology partner," rejecting a bid by Microsoft.

IT 196

Open Source Security's Top Threat and What To Do About It

Dark Reading

With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor

Risk 94

Patient Monitoring Software Vulnerabilities Identified

Data Breach Today

Philips and DHS Issue Advisories; Mitigation Tips Offered Federal authorities and medical device maker Philips have issued security alerts about security vulnerabilities in some of the company's patient monitoring software.

Risk 157

Staples discloses data breach exposing customer order data

Security Affairs

Giant office retail company Staples disclosed a data breach, threat actors accessed some of its customers’ order data. Staples, the office retail giant, disclosed a data breach, it notified its customers that their order data have been accessed by threat actors without authorization.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

IRS Seeks Fresh Ways to Trace Cryptocurrency Transactions

Data Breach Today

Tech Firms to Receive Grants to Support Research Efforts in Cybercrime Fight The IRS is offering grants of up to $625,000 to tech companies that devise ways to help the tax agency trace cryptocurrency transactions as part of its investigations into money laundering and other types of cybercrimes

IT 157

CBP Seized OnePlus Buds as ‘Counterfeit’ AirPods. Now It's Doubling Down

WIRED Threat Level

The US government has detained thousands of wireless earbuds on suspicion of being fake Apple goods—despite crystal clear branding from an established company. Security Security / Security News

TikTok Picks Oracle as US 'Technology Partner'

Data Breach Today

Chinese State Media Says TikTok Operations and Source Code Off Limits to US Buyers Potentially capping a fraught political showdown, China's TikTok, which is owned by Beijing-based ByteDance, has chosen Oracle to be its U.S. technology partner," rejecting a bid by Microsoft.

IT 155

Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks

Dark Reading

In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

Zerologon attack allows threat actors to take over enterprise networks by exploiting the CVE-2020-1472 patched in the August 2020 Patch Tuesday.

E-Commerce Sites Hit With New Attack on Magento

Dark Reading

The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life

86

Popular Marketing Tool exposes data of users of dating sites

Security Affairs

Personal details of hundreds of users of dating sites were exposed online earlier this month. An Elasticsearch server containing personal details of hundreds of thousands of dating site users were exposed online without authentication.

More Printers Could Mean Security Problems for Home-Bound Workers

Dark Reading

Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Thousands of Magento stores hacked in a few days in largest-ever skimming campaign

Security Affairs

Thousands of Magento online stores have been hacked over the past few days as part of the largest ever skimming campaign.

CMS 74

Magecart Attack Impacts More Than 10K Online Shoppers

Threatpost

Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Security Through an Economics Lens: A Guide for CISOs

Dark Reading

An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles

Cloud Leak Exposes 320M Dating-Site Records

Threatpost

A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.

Cloud 93

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Large Cloud Providers Much Less Likely Than Enterprises to Get Breached

Dark Reading

Pen-test results also show a majority of organizations have few protections against attackers already on the network

Cloud 68

4 Key Tools for Your Remote Work Tech Stack

OneHub

The sudden transition to remote working has meant that virtual tools and technologies are now uppermost in most business leaders minds. From chat and video to file sharing and more, there’s lots to consider when it comes to empowering teams to work efficiently from home.

Sales 92

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the Cybersecurity Law & Policy Scholars Virtual Conference on September 17, 2020.

MaskOn for Security giveaway

OpenText Information Management

As many of us are still working from home today, security is top of mind. We want to hear from you about your experiences with security and remote work over the last few months. Every 2 weeks, we’ll be sharing a new question on our LinkedIn and Twitter pages.

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

TikTok Fixes Flaws That Opened Android App to Compromise

Threatpost

The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue. Mobile Security Vulnerabilities Android app privacy app security arbitrary code execution data theft google play mobile app tiktok tiktok app Update

New PIN Verification Bypass Flaw Affects Visa Contactless Payments via the Hacker News

IG Guru

Check out this story here. The post New PIN Verification Bypass Flaw Affects Visa Contactless Payments via the Hacker News appeared first on IG GURU.

Risk 56

The post pandemic legal landscape

OpenText Information Management

The legal industry is not known for embracing change. Faced with the COVID-19 pandemic, legal professionals have been forced to re-evaluate their business models and reassess the best way to work. For law firms, to survive the downturn, many different approaches were taken (e.g.,

55