Thu.Sep 24, 2020

Police Crack SMS Phishing Operation

Data Breach Today

Two Men Accused of Sending Messages to Obtain Personal, Bank Information Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. It's a rare success in the fight against unsolicited text messages

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw

Krebs on Security

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NIST Unveils Updated Guide to Privacy, Security Controls

Data Breach Today

Guidelines Describe How to Use 'Next Generation' of Controls The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

Microsoft is warning of threat actors that are actively using the Windows Server Zerologon exploits in attacks in the wild. Microsoft has published a series of Tweets to warn of attackers that are actively exploiting the Windows Server Zerologon in attacks in the wild.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Lessons to Learn From Shopify Data Breach

Data Breach Today

Security Experts Call for 'Zero Trust' Approach, Enhanced IAM Shopify's announcement this week that two employees inappropriately accessed transactional data from 200 of the merchants that use its e-commerce platform demonstrates the importance of taking a "zero trust" approach to security and improving identity and access management capabilities, security experts say

More Trending

Drop Everything and Secure Remote Workforce, Gartner Warns

Data Breach Today

10 Top Near-Term Security Projects Start With Revisiting Security for Remote Workers Revisiting remote workforce security defenses, simplifying cloud access controls and pursuing risk-based vulnerability management and passwordless authentication are among the 10 security projects that all organizations should consider for this year and next, according to advisory firm Gartner

Instagram RCE gave hackers remote access to your device

Security Affairs

Facebook has addressed a critical vulnerability in Instagram that could lead to remote code execution and turn the smartphone into a spying device.

Blackbaud Ransomware Breach Victims, Lawsuits Pile Up

Data Breach Today

More Entities Reporting Breaches Tied to Attack; Millions Affected As the tally of reported heath data breaches related to the May ransomware attack on Blackbaud continues to climb, so do the number of lawsuits filed against the cloud-based fundraising software vendor

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

Experts worldwide warn about a surge in the Emotet activity, this time the alerts are from Microsoft, Italy and the Netherlands agencies. Two weeks ago, cybersecurity agencies across Asia and Europe warned of Emotet spam campaigns targeting businesses in France, Japan, and New Zealand.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Small business cyber security: the ultimate guide

IT Governance

If you’re an SME, cyber security might feel seem impossibly complex and filled with endless pitfalls.

A Tip From a Kid Helped Uncover a Slew of Scam Apps

WIRED Threat Level

After a girl reported a suspicious TikTok profile, researchers detected aggressive adware in apps that had been downloaded 2.4 million times. Security Security / Security News

Iranian Government Hacking Android

Schneier on Security

Since Remote Work Isn't Going Away, Security Should Be the Focus

Dark Reading

These three steps will help organizations reduce long-term work-from-home security risks

Risk 76

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Alien Android Banking Trojan Sidesteps 2FA

Threatpost

A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.

Critical Instagram Flaw Could Let Attackers Spy on Victims

Dark Reading

A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report

76

Alien Android banking Trojan, the powerful successor of the Cerberus malware

Security Affairs

Security researchers spotted a new strain of Android malware, dubbed Alien, that implements multiple features allowing it to steal credentials from 226 apps. Researchers from ThreatFabric have discovered and analyzed a new strain of Android malware, tracked as Alien, that implements multiple features allowing it to steal credentials from 226 applications.

Sales 75

Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic

Dark Reading

Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

4 ways enterprises benefit from private wireless

DXC

Mobile devices such as smartphones, laptops, tablets, and augmented-reality (AR) headsets have made wireless networking essential to enterprise business.

IoT 69

Malware Attacks Declined But Became More Evasive in Q2

Dark Reading

Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says

72

Facebook Busts Russian Disinfo Networks as US Election Looms

WIRED Threat Level

The campaigns primarily targeted countries outside the US. But the same mechanisms could be used in “hack and leak” operations like those that roiled the 2016 campaign. Security Security / Cyberattacks and Hacks

Microsoft Warns of Attackers Now Exploiting 'Zerologon' Flaw

Dark Reading

The Security Intelligence team at Microsoft is tracking newly waged exploits in the wild

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Victims of Blackbaud ransomware attack to take legal action

IT Governance

Students and staff at the University of Cumbria who were affected by the ransomware attack on Blackbaud are preparing to take legal action against the software provider.

Solving the Problem With Security Standards

Dark Reading

More explicit threat models can make security better and open the door to real and needed innovation

How small organisations can fast-track ISO 27001 implementation

IT Governance

Small businesses are increasingly understanding the importance of ISO 27001 , the international information security standard, but many struggle to find the resources to commit to an implementation project.

Risk 63

Feds Hit with Successful Cyberattack, Data Stolen

Threatpost

The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit. Government Hacks Malware cisa alert cyberattack data exfiltration espionage Exploit federal agency inetinfo.exe malware microsoft office 365 credentials pulsesecure spy campaign

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Forrester study finds cloud security fears unfounded

OpenText Information Management

This blog is co-authored by Alison Clarke and Sandi Nelson. Organizations with major on-premises investments understandably have concerns about a wholesale shift to cloud content management.

Cloud 59

CrowdStrike Agrees to Acquire Preempt Security for $96M

Dark Reading

CrowdStrike plans to use Preempt Security's conditional access technology to strengthen its Falcon platform

Free Apple iPhone 12? Chatbot Scam Spreads Via Texts

Threatpost

Convincing SMS messages tell victims that they've been selected for a pre-release trial for the soon-to-be-launched device. Mobile Security Web Security apple chatbot free phone iphone 12 launch mobile phone Phishing pre release trial release date scam Smishing SMS text