August, 2020

FBI warns of an increase in online romance scams

Security Affairs

The FBI is warning of online romance scams and related financial losses, overall losses associated with those complaints exceeded $475 million.

Homoglyph attacks used in phishing campaign and Magecart attacks

Security Affairs

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. The hackers targeted visitors of several sites using typo-squatted domain names, and modified favicons to inject software skimmers used to steal payment card information.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

One of the Government's core objectives throughout the Brexit negotiations has been to respect data protection rights, slash Brussels' red tape and allow the United Kingdom to be a competitive safe haven for businesses all over the world.

GDPR 156

Medical Records Exposed via GitHub Leaks

Data Breach Today

Report: 9 Leaks Account for Exposure of PHI for at Least 150,000 Patients Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that.

284
284

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

R1 RCM Inc. NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc. Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019.

More Trending

What Is Data Governance? (And Why Your Organization Needs It)

erwin

Organizations with a solid understanding of data governance (DG) are better equipped to keep pace with the speed of modern business. In this post, the erwin Experts address: What Is Data Governance? Why Is Data Governance Important? What Is Good Data Governance?

Identifying People by Their Browsing Histories

Schneier on Security

Interesting paper: " Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories ": We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third parties.

Paper 113

Apple Accidentally Approved Malware to Run on MacOS

WIRED Threat Level

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time. Security Security / Security News

Iranian Hackers Using LinkedIn, WhatsApp to Target Victims

Data Breach Today

Charming Kitten' Threat Group Continues Impersonating Journalists "Charming Kitten," a hacking group with ties to Iran, is now using LinkedIn and WhatsApp messages to contact potential victims and persuade them to visit a phishing page, according to ClearSky.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Microsoft Put Off Fixing Zero Day for 2 Years

Krebs on Security

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug.

NEW TECH: Trend Micro flattens cyber risks — from software development to deployment

The Last Watchdog

Long before this awful pandemic hit us, cloud migration had attained strong momentum in the corporate sector. As Covid19 rages on, thousands of large to mid-sized enterprises are now slamming pedal to the metal on projects to switch over to cloud-based IT infrastructure. A typical example is a Seattle-based computer appliance supplier that had less than 10 percent of its 5,000 employees set up to work remotely prior to the pandemic. Seattle reported the first Covid19 fatality in the U.S. ,

Risk 122

The IT Backbone of Cybercrime

Dark Reading

Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too

US Postal Service Files Blockchain Voting Patent

Schneier on Security

The US Postal Service has filed a patent on a blockchain voting method: Abstract: A voting system can use the security of blockchain and the mail to provide a reliable voting system.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

ATM Hackers Have Picked Up Some Clever New Tricks

WIRED Threat Level

Over the last few years, so-called jackpotting attacks have gotten increasingly sophisticated—while cash machines remain largely the same. Security Security / Cyberattacks and Hacks

More Ransomware Gangs Threaten Victims With Data Leaking

Data Breach Today

22% of Ransomware Incidents Now Involve Data Exfiltration, Investigators Find Ransomware gangs are increasingly not just claiming that they'll leak data if victims don't pay, but following through.

Voice Phishers Targeting Corporate VPNs

Krebs on Security

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks.

NEW TECH: A better way to secure agile software — integrate app scanning, pen testing into WAF

The Last Watchdog

The amazing array of digital services we so blithely access on our smartphones wouldn’t exist without agile software development. Related: ‘Business logic’ hacks on the rise Consider that we began this century relying on the legacy “waterfall” software development process. This method required a linear plan, moving in one direction, that culminated in a beta deliverable by a hard and fast deadline. To set this deadline required a long, often tortured planning cycle.

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

University of Utah Pays in Cyber-Extortion Scheme

Dark Reading

Though a ransomware attempt was thwarted, the university paid to prevent the release of student PII

Copying a Key by Listening to It in Action

Schneier on Security

Researchers are using recordings of keys being used in locks to create copies.

IT 111

What mixture of leadership styles should a decent data protection officer display?

Data Protector

I was recently asked this question and found it hard to answer. So much depends on the culture of the organisation and the resources available to the DPO.

Former Uber CSO Charged With Covering Up 2016 Data Breach

Data Breach Today

Joe Sullivan Accused of Making 'Hush Money' Bitcoin Payoff to Hackers The U.S.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies.

The NSA and FBI Expose Fancy Bear's Sneaky Hacking Tool

WIRED Threat Level

Plus: TikTok tracking, Russian SIMs, and more of this week's top security news. Security Security / Security News

Cryptominer Found Embedded in AWS Community AMI

Dark Reading

Researchers advise Amazon Web Services users running Community Amazon Machine Images to verify them for potentially malicious code

111
111

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. Original post: [link].

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

International data transfers: an opinion the EDPB (probably) won’t publish

Data Protector

One of the consequences of the Scherms II decision is that EU organisations need to take greater care in determining how best to protect the flows of personal data outside the EU.

Malware-Wielding Extortionists Target Tesla: 8 Takeaways

Data Breach Today

How Many Organizations' Threat Models Feature Russian Criminals Bribing Insiders?

240
240

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

At the height of his cybercriminal career, the hacker known as “ Hieupc ” was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world’s top data brokers.