August, 2020

FBI warns of an increase in online romance scams

Security Affairs

The FBI is warning of online romance scams and related financial losses, overall losses associated with those complaints exceeded $475 million.

Homoglyph attacks used in phishing campaign and Magecart attacks

Security Affairs

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

One of the Government's core objectives throughout the Brexit negotiations has been to respect data protection rights, slash Brussels' red tape and allow the United Kingdom to be a competitive safe haven for businesses all over the world.

GDPR 156

Medical Records Exposed via GitHub Leaks

Data Breach Today

Report: 9 Leaks Account for Exposure of PHI for at Least 150,000 Patients Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that.

284
284

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

R1 RCM Inc. NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc. Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019.

More Trending

What Is Data Governance? (And Why Your Organization Needs It)

erwin

Organizations with a solid understanding of data governance (DG) are better equipped to keep pace with the speed of modern business. In this post, the erwin Experts address: What Is Data Governance? Why Is Data Governance Important? What Is Good Data Governance?

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Security Affairs

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it.

Paper 114

Identifying People by Their Browsing Histories

Schneier on Security

Interesting paper: " Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories ": We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third parties.

Paper 112

Iranian Hackers Using LinkedIn, WhatsApp to Target Victims

Data Breach Today

Charming Kitten' Threat Group Continues Impersonating Journalists "Charming Kitten," a hacking group with ties to Iran, is now using LinkedIn and WhatsApp messages to contact potential victims and persuade them to visit a phishing page, according to ClearSky.

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Voice Phishers Targeting Corporate VPNs

Krebs on Security

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks.

NEW TECH: Trend Micro flattens cyber risks — from software development to deployment

The Last Watchdog

Long before this awful pandemic hit us, cloud migration had attained strong momentum in the corporate sector. As Covid19 rages on, thousands of large to mid-sized enterprises are now slamming pedal to the metal on projects to switch over to cloud-based IT infrastructure. A typical example is a Seattle-based computer appliance supplier that had less than 10 percent of its 5,000 employees set up to work remotely prior to the pandemic. Seattle reported the first Covid19 fatality in the U.S. ,

Risk 130

The IT Backbone of Cybercrime

Dark Reading

Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. Original post: [link].

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry

WIRED Threat Level

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more. Security Security / Cyberattacks and Hacks

Elon Musk Says Tesla Saved From 'Serious' Ransom Attempt

Data Breach Today

FBI: $4 Million Scheme - Mixing Malware, DDoS and Extortion - Thwarted by Insider Tesla CEO Elon Musk says a "serious attack" aimed at stealing corporate data and holding his company to ransom has been thwarted.

265
265

Microsoft Put Off Fixing Zero Day for 2 Years

Krebs on Security

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug.

NEW TECH: A better way to secure agile software — integrate app scanning, pen testing into WAF

The Last Watchdog

The amazing array of digital services we so blithely access on our smartphones wouldn’t exist without agile software development. Related: ‘Business logic’ hacks on the rise Consider that we began this century relying on the legacy “waterfall” software development process. This method required a linear plan, moving in one direction, that culminated in a beta deliverable by a hard and fast deadline. To set this deadline required a long, often tortured planning cycle.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

List of data breaches and cyber attacks in July 2020 ­– 77 million records breached

IT Governance

After mammoth amounts of personal data were leaked in May and June, we’ve seen a reversion to the mean this month. By our count, 77,775,496 records were leaked in 86 incidents.

UberEats data leaked on the dark web

Security Affairs

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS.

How Facebook and Other Sites Manipulate Your Privacy Choices

WIRED Threat Level

Social media platforms repeatedly use so-called dark patterns to nudge you toward giving away more of your data. Security Security / Privacy

Marriott Hit With Class-Action Data Breach Lawsuit

Data Breach Today

UK Claim Seeks Damages Under GDPR Over Long-Running Starwood Reservation System Hack Marriott faces a new class-action lawsuit, filed in Britain, over the breach of its Starwood guest reservation system.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S.

Zero-Trust Security 101

Dark Reading

What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak

What mixture of leadership styles should a decent data protection officer display?

Data Protector

I was recently asked this question and found it hard to answer. So much depends on the culture of the organisation and the resources available to the DPO.

Elon Musk confirms that Russian hackers tried to recruit Tesla employee to plant a malware

Security Affairs

Elon Musk confirmed that Russian hackers attempted to recruit an employee to install malware into the network of electric car maker Tesla.

Access 113

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Apple Accidentally Approved Malware to Run on MacOS

WIRED Threat Level

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time. Security Security / Security News

More Ransomware Gangs Threaten Victims With Data Leaking

Data Breach Today

22% of Ransomware Incidents Now Involve Data Exfiltration, Investigators Find Ransomware gangs are increasingly not just claiming that they'll leak data if victims don't pay, but following through.

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies.