October, 2019

Malware Most Foul: Emotet, Trickbot, Cryptocurrency Miners

Data Breach Today

Researchers: Targeted Crime Attacks Surge, Continue to Blend With Nation-State Campaigns Banking Trojans and cryptocurrency mining malware continue to be among the most-seen types of malicious code used for nontargeted attacks.

Mining 239

SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster

The Last Watchdog

To pay or not to pay? That’s the dilemma hundreds of organizations caught in the continuing surge of crippling ransomware attacks have faced. Related: How ransomware became such a scourge The FBI discourages it, as you might have guessed. What’s more, the U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

7 Cybersecurity Threats That Can Sneak Up on You

WIRED Threat Level

From rogue USB sticks to Chrome extensions gone wild, here is a quick guide to some basic risks you should look out for. Security Security / Security Advice

Risk 114

When Improving Processes, Anticipate Circumstances Beyond Your Control

Weissman's World

We spend a lot of time advocating for process improvement everywhere we can – the proven thinking being that even the best information available loses value if it can’t be effectively shared and leveraged.

IT 197

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Zynga's Breach Notification: How to Not Inform Victims

Data Breach Today

Don't Blame Us, Blame Hackers, Mobile Gaming Giant Says "Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes.

More Trending

We need to talk about Go

Thales eSecurity

I love the Go programming language. It’s easy to use, concise and powerful. These characteristics appeal to the typical programmer’s mindset. Yet, the brevity of the language can be a source of frustration.

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

The Last Watchdog

It’s clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small- to medium-sized businesses (SMBs) and small- to medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data.

Risk 160

SIM cards used in 29 countries are vulnerable to Simjacker attack

Security Affairs

Security researchers at Adaptive Mobile who discovered the SimJacker issue have published the list of countries where mobile operators use flawed SIM cards.

Paper 114

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

WIRED Threat Level

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment. Security Security / Cyberattacks and Hacks

IT 114

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Unpatched VPN Servers Targeted by Nation-State Attackers

Data Breach Today

Breaches at NetworkSolutions, Register.com, and Web.com

Krebs on Security

Top domain name registrars NetworkSolutions.com , Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com.

Own Your Cloud Security

Thales eSecurity

It’s hard to believe it’s mid-October. Along with autumn, comes National Cybersecurity Awareness Month (NCSAM). The NCSAM 2019 focuses on personal accountability. Driven through mass public engagement, the ‘Own IT. Secure. Protect IT.’

Cloud 119

SHARED INTEL: Threat actors add a human touch to boost effectiveness of automated attacks

The Last Watchdog

Trends in fashion and entertainment come and go. The same holds true for the cyber underground.

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Top cybersecurity certifications to consider for your IT career

Security Affairs

With the right cybersecurity certifications, you can attain your goals seamlessly and in a fast way and speed up your career. Cyber attacks are making headlines almost every day in today’s era. The attacks have increased both in number and complexity.

Decades-Old Code Is Putting Millions of Critical Devices at Risk

WIRED Threat Level

Nearly two decades ago, a company called Interpeak created a network protocol that became an industry standard. It also had severe bugs that are only now coming to light. Security Security / Cyberattacks and Hacks

Risk 113

How Cybercriminals Continue to Innovate

Data Breach Today

Europol Report: Ransomware, DDoS, Business Email Compromises Are Persistent Threats Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency.

Avast, NordVPN Breaches Tied to Phantom User Accounts

Krebs on Security

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Can smart cities be secured and trusted?

Thales eSecurity

It is the year 2030, and you have had another busy day. As you finish what you thought would be your last espresso and grab your laptop to leave work, your colleague tells you that you need to stay late for an urgent meeting. Panic sets in, but you push past it and put a plan into motion.

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

The Last Watchdog

Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud.

Risk 159

sudo flaw allows any users to run commands as Root on Linux

Security Affairs

Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287.

How the City of Angels Is Tackling Cyber Devilry

Dark Reading

A new mobile app makes a cybersecurity threat lab available to more small businesses in Los Angeles

Pressure Points: How to Ensure Your B2B Pipeline Passes Inspection

This eBook highlights best practices for developing a pipeline management process that helps sales leaders and their team C.L.O.S.E (you’ll see what we mean in this eBook) more revenue through data-driven prospecting, stage analysis, and subsequent sales enablement.

How Google Is Using AI to Help Ensure Android App Security

Data Breach Today

Google Security Evangelist Mike Burr Describes Android Security Measures Mike Burr of Google provides an overview of Android security efforts, including using artificial intelligence to scan Android apps

Takeaways from the $566M BriansClub Breach

Krebs on Security

Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths.

Sales 160

Speakers Censored at AISA Conference in Melbourne

Schneier on Security

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake , former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate.

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

The Last Watchdog

Digital commerce has come to revolve around two types of identities: human and machine. Great effort has gone into protecting the former, and yet human identities continue to get widely abused by cyber criminals. By comparison, scant effort has gone into securing the latter. This is so in spite of the fact that machine identities are exploding in numbers and have come to saturate digital transformation. Related: IoT exposures explained I’ve conversed several times with Jeff Hudson about this.

Marketing-Led Post-COVID-19 Growth Strategies

Businesses are laying off workers, shutting their doors (some permanently), and struggling to react to the radical destruction that coronavirus (COVID-19) is doing to our society and communities. Most have already sustained massive damage, and we still have yet to see the scope of impact of the global pandemic that has upended the globe. Any return to normalcy may seem far-off, but sales and marketing are on the front lines of restarting the economy. When the dust settles, we have a responsibility to turn our shock and grief into fierce determination, and lead the charge of responsible, strategic, sustainable future growth. However, there’s no team better suited to lead that charge than the marketing department. Marketers are uniquely positioned to provide creative solutions to aid their organization in times of change and chart a course for navigating success.

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920.

Attackers Hide Behind Trusted Domains, HTTPS

Dark Reading

One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds

IT 110

FBI: Cybercriminals Are Bypassing Multifactor Authentication

Data Breach Today

Threat Actors Using Social Engineering, Other Technical Techniques to Circumvent MFA Protections The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections