Tue.Oct 20, 2020

Bitcoin 'Mixer' Fined $60 Million

Data Breach Today

FinCEN: Helix and Coin Ninja Sites Violated Anti-Money Laundering Laws The Treasury Department has fined the owner of two bitcoin "mixing" sites $60 million for violating anti-money laundering laws.

IT 180

Ransomware Attacks Show Little Sign of Slowing in 2021

Dark Reading

Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

6 Russians Indicted for Destructive NotPeyta Attacks

Data Breach Today

DOJ: Russian GRU Officers Targeted 2018 Olympics, French Elections and More The U.S.

NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

Dark Reading

Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers

103
103

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Trickbot Rebounds After 'Takedown'

Data Breach Today

CrowdStrike: Botnet's Activity Has Already Picked Up The recent "takedown" of Trickbot by Microsoft and others had only a temporary effect; the botnet's activity levels have already rebounded, according to Crowdstrike and other security firms

More Trending

6 Takeaways: Russian Spies Accused of Destructive Hacking

Data Breach Today

Experts Say Day of Reckoning Overdue; How Might Moscow Respond? officials have accused the Russian government of behaving "maliciously or irresponsibly" by taking steps such as crashing Ukraine power grids in the dead of winter and causing more than $10 billion in damages via NotPetya malware.

Nefilim ransomware gang published Luxottica data on its leak site

Security Affairs

The Nefilim ransomware operators have posted a long list of files that appear to belong to Italian eyewear and eyecare giant Luxottica. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry.

Hacking Incident Has an Unusual Ending

Data Breach Today

178
178

Microsoft took down 120 of 128 Trickbot servers in recent takedown

Security Affairs

Microsoft brought down TrickBot infrastructure last week, but a few days later the botmasters set up a new command and control (C&C) servers.

IoT 89

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Tom Kellermann on the Price of Digital Transformation

Data Breach Today

Analysis of Latest Global Incident Response Threat Report VMware Carbon Black is out with its latest Global Incident Response Threat Report, which describes "the perfect storm" for increasingly sophisticated attacks heading into 2021.

Trickbot Tenacity Shows Infrastructure Resistant to Takedowns

Dark Reading

Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact

88

Cybersecurity's Inconvenient Truth: The Nation-State Threat

Data Breach Today

Curry, Kellermann and King on Why You Should Be Outraged by Adversaries' Cyber Assaults Has the nation-state threat become like the weather - something everyone talks about, but no one can do anything about? It's time for a strategic change.

NSA details top 25 flaws exploited by China-linked hackers

Security Affairs

The US National Security Agency (NSA) has shared the list of top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild.

MDM 85

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Cybersecurity Visuals

Schneier on Security

The Hewlett Foundation just announced its top five ideas in its Cybersecurity Visuals Challenge. The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity.

Hackers are targeting CVE-2020-3118 flaw in Cisco devices

Security Affairs

Cisco warns of attacks attempting to exploit the CVE-2020-3118 vulnerability that affects multiple carrier-grade routers running Cisco IOS XR Software.

Google’s Waze Can Allow Hackers to Identify and Track Users

Threatpost

The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.

IT 112

How Automation can help you in Managing Data Privacy

Security Affairs

The global data privacy landscape is changing and everyday we can see new regulations emerge. These regulations are encouraging organizations to be better custodians of the consumers data and create a healthier space for data privacy.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

Threatpost

Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.

Ransomware attackers donate stolen money to charity

IT Governance

A criminal hacking group that extorted millions of dollars in a series of cyber attacks is now donating money to charity. The DarkSide crooks said they wanted to “make the world a better place”, after posting receipts for $10,000 in Bitcoin donations to The Water Project and Children International.

Businesses Rethink Endpoint Security for 2021

Dark Reading

The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year

Facebook: A Top Launching Pad For Phishing Attacks

Threatpost

Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. Facebook Vulnerabilities Web Security amazon apple blacklisted acts block applications cybercriminals Facebook.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Farsight Labs Launched as Security Collaboration Platform

Dark Reading

Farsight Security's platform will offer no-cost access to certain tools and services

Mobile Browser Bugs Open Safari, Opera Users to Malware

Threatpost

A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.

Do Standards Exist That Certify Secure IoT Systems?

Dark Reading

The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products

IoT 70

VPN Security: How VPNs Work and How to Buy the Best One

eSecurity Planet

Virtual private networks (VPNs) come with different protocols and features, so choosing the best one requires some research. We outline your options

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Office 365 OAuth Attack Targets Coinbase Users

Threatpost

Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth. Hacks Web Security account takeover Coinbase consent app email attack inbox access malicious OAuth app Microsoft oauth Office 365

Building the Human Firewall

Dark Reading

Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what

Ransomware Group Makes Splashy $20K Donation to Charities

Threatpost

Cybercriminal gang Darkside sent $20K in donations to charities in a ‘Robin Hood’ effort that’s likely intended to draw attention to future data dumps, according to experts.