Mon.Aug 10, 2020

BEC Scam Targets Executives' Office 365 Accounts

Data Breach Today

Trend Micro: 'Water Nue' Payment Fraud Campaign Has Targeted 1,000 Companies Since March A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro

181
181

Smart Lock Vulnerability

Schneier on Security

Yet another Internet-connected door lock is insecure : Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code."

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Ransomware Reportedly Hits Ventilator Maker

Data Breach Today

Incident Reflects Threats Facing Those Involved in COVID-19 Response A manufacturer of transit communication systems that pivoted to build ventilators during the COVID-19 pandemic is reportedly the latest victim of the DoppelPaymer ransomware gang

Hacking It as a CISO: Advice for Security Leadership

Dark Reading

A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives

Risk 82

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Phishing Campaign Spoofs SBA Loan Offer

Data Breach Today

Malwarebytes Says Campaign Designed to Steal Banking Credentials Malwarebytes reports that a newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data

More Trending

Barclays Faces Employee Spying Probe

Data Breach Today

Privacy Watchdog in UK Investigates Bank's Use of Employee Monitoring Tools Banking giant Barclays is being probed by the U.K.'s s privacy watchdog over its use of employee-monitoring tools, after the bank in February reportedly shifted from anonymized tracking to giving managers the ability to view data for individual employees

Gamifying Password Training Shows Security Benefits

Dark Reading

When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find

Over a Billion Android Devices Are at Risk of Data Theft

WIRED Threat Level

Qualcomm has released a fix for the flaws in its Snapdragon chip, which attackers might exploit to monitor location or render the phone unresponsive. Security Security / Cyberattacks and Hacks

Risk 77

Vulnerability Prioritization: Are You Getting It Right?

Dark Reading

Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development

Risk 76

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Spying on satellite internet comms with a $300 listening station

Security Affairs

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception. Attackers could use cheap equipment like a basic home-television gear that goes from $300 to spy on the internet traffic for high-value targets.

Q2 DDoS Attacks Triple Year Over Year: Report

Dark Reading

Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19

75

Nefilim ransomware operators claim to have hacked the SPIE group

Security Affairs

Nefilim ransomware operators allegedly targeted the SPIE group, an independent European leader in multi-technical services. Researchers from threat intelligence firm Cyble reported that Nefilim ransomware operators allegedly hacked The SPIE Group , an independent European leader in multi-technical services. The number of ransomware attacks continues to increase, hackers also steal victims’ data and threaten them to release the stolen info if they don’t pay the ransom.

Lock-Pickers Face an Uncertain Future Online

Dark Reading

Teaching the hardware hacker the skill of picking locks is evolving because of the pandemic's lockdown

71

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Government paid Vote Leave AI firm to analyse UK citizens’ tweets

The Guardian Data Protection

Faculty, linked to senior Tories, hired to collect tweets as part of coronavirus-related contract Privacy campaigners have expressed alarm after the government revealed it had hired an artificial intelligence firm to collect and analyse the tweets of UK citizens as part of a coronavirus-related contract.

Can I Use the Same Security Tools on My IT and OT?

Dark Reading

You can quit worrying about IT tools in the OT environment

IT 62

Google Chrome Browser Bug Exposes Billions of Users to Data Theft

Threatpost

The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors. Vulnerabilities Web Security bypass chrome Chromium content security policy CSP CVE-2020-6519 data theft google security vulnerability

Better Business Bureau Warns of New Visa Scam

Dark Reading

Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers

60

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

TeamViewer Flaw in Windows App Allows Password-Cracking

Threatpost

Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims' passwords. Vulnerabilities Web Security crack passwords CVE-2020-13699 desktop app flaw high severity flaw patch remote code execution TeamViewer TeamViewer for windows Windows

Why a “data-culture” is key to public sector transformation

OpenText Information Management

Suzette Kent served as US federal CIO from early 2018 until her departure in July 2020. During her tenure she directed a wide range of technology and workforce initiatives, setting government-wide standards while giving agencies the freedom to tailor their efforts in mission-appropriate ways. Kent leaves behind a lasting legacy for government IT modernization … The post Why a “data-culture” is key to public sector transformation appeared first on OpenText Blogs.

IT 47

DDoS Attacks Cresting Amid Pandemic

Threatpost

Attacks were way up year-over-year in the second quarter as people continue to work from home. Most Recent ThreatLists Web Security coronavirus cybercrime DDoS Distributed Denial of Service Kaspersky NXNSAttack Pandemic rangeamp second quarter report work from home

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

The list of sites blocked in MYANMAR includes many websites that did not fall under the categories adult content or fake news. Original post at: [link]. In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news.

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Google Fixes Mysterious Audio Recording Blip in Smart Speakers

Threatpost

Google Home devices reportedly recorded noises even without the "Hey Google" prompt due to the inadvertent rollout of a home security system feature. IoT Privacy ADT google google home google nest Google Privacy hey google home security Security Smart Home

IoT 69

Disaster Preparedness during Hurricane Season

National Archives Records Express

The Atlantic hurricane season is already underway, with Tropical Storm Isaias causing considerable damage as it made landfall last week. NOAA is predicting “ an extremely active ” hurricane season in the Atlantic Basin. As a result, we wanted to take this opportunity to remind Federal agencies and records personnel dealing with the effects of Isaias, or potentially with other storms, of information from our office.

Policy into Practice — Strategies for Operationalizing Your Records Retention Schedule from Zasio

IG Guru

Zasio posts a great article on how to create a records retention schedule here. The post Policy into Practice — Strategies for Operationalizing Your Records Retention Schedule from Zasio appeared first on IG GURU. Compliance IG News Information Governance Record Retention Records Management Sponsored Data Governance Data Inventory Defensible Disposition Disposition

Modern, Open, and Smart Data Management for Db2 Leaders

Rocket Software

This was originally presented as a keynote session at the IDUG Virtual Db2 Tech Conference in July 2020. . Since my years in grad school, I’ve been interested in DB capabilities. As part of my thesis and graduate assistant work, I evaluated, operated, and used multiple DBs, including several open sources ones. As part of my thesis, I looked at the future of database technology and the functionality that was missing.

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

The Pulse of ITAD: U.N. Report: Global e-Scrap Recycling Rate Has Stagnated

InfoGoTo

A United Nations report estimates that 17.4% of e-scrap generated globally was recycled in 2019, well short of a goal of 30% by 2023. Published this month, the third edition of the Global E-Waste Monitor report estimates that 53.6 million metric tons of scrap electronics and electrical appliances were generated in 2019. That represents an increase of 21% over the past five years. In the report, “e-waste” is defined as material that’s discarded by its owner as waste without the intent of reuse.

IT 40

The Essential Role of IAM in Remote Work

The Security Ledger

The sudden shift to 100% remote work has been jarring. How can businesses ensure remote workers are productive, while protecting sensitive data and minimizing cyberthreats? Rachael Stockton of LogMeIn and LastPass provides some tips. The post The Essential Role of IAM in Remote Work appeared first on The Security Ledger. Related Stories What’s Good IAM?

Thought Leadership: National Biometric Information Privacy Act Proposed by US Lawmakers

InfoGoTo

Amidst growing concerns over the use of facial recognition technology and systems collecting biometric data, Senators Bernie Sanders (D-VT) and Jeff Merkley (D-OR) announced the introduction of a bill that would prevent private companies’ from collecting and disclosing biometric identifiers and information without consumers and employees’ consent.