April, 2020

COVID-19: Stages of Re-Entry Planning

Data Breach Today

Pandemic Expert Regina Phelps on How to Strategize for Life After Quarantine As politicians and protesters argue about the merits and timing of emerging from COVID-19 quarantine, crisis management expert Regina Phelps lays out a 10-step re-entry plan. Her word of counsel: "Caution

153
153

BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

The Last Watchdog

Cyber criminals who specialize in plundering local governments and school districts are in their heyday. Related : How ransomware became a scourge Ransomware attacks and email fraud have spiked to record levels across the U.S. in each of the past three years, and a disproportionate number of the hardest hit organizations were local public agencies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fresh COVID-19 Phishing Scams Try to Spread Malware: Report

Data Breach Today

Organizations Targeted With Ransomware, Infostealer Two recently uncovered phishing campaigns used COVID-19 themes as a lure in an attempt to spread ransomware and information stealers, according to Palo Alto Networks' Unit 42 division

TikTok Content Could Be Vulnerable to Tampering: Researchers

Data Breach Today

Video-Sharing Service Does Not Always Use TLS/SSL Encryption TikTok, a video-sharing service, has been delivering video and other media without TLS/SSL encryption, which means it may be possible for someone to tamper with content, researchers say. That could be especially damaging in the current pandemic environment, where misinformation and confusion abounds

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Apple Rushes to Patch iOS Zero-Day Flaws

Data Breach Today

Vulnerabilities Have Likely Been Exploited for Years, Researchers Warn Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize control of iPhone and iPad email apps, giving them access to users' messages

Access 165

More Trending

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

The Outlaw Hacking Group is back, malware researchers from Cybaze-Yoroi ZLab have uncovered a new botnet that is targeting European organizations. Introduction. During our daily monitoring activities, we intercepted a singular Linux malware trying to penetrate the network of some of our customers. The Linux malware is the well-known “ Shellbot ”, it is a crimetool belonging to the arsenal of a threat actor tracked as the “Outlaw Hacking Group. ”.

Another Story of Bad 1970s Encryption

Schneier on Security

This one is from the Netherlands. It seems to be clever cryptanalysis rather than a backdoor. The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. The Netherlands could eavesdrop on confidential communication from countries such as Iran, Egypt and Saudi Arabia. Philips, together with Siemens, built an encryption machine in the late 1970s.

Attackers Increasingly Using Web Shells to Create Backdoors

Data Breach Today

NSA, Australian Signals Directorate, Offer Mitigation Tips The U.S. National Security Agency and the Australian Signals Directorate offer guidance on how to mitigate the growing threat posed by attackers using web shells to create backdoors

A Tale of 3 Breaches: Incident Response Challenges

Data Breach Today

Recent Healthcare Incidents Spotlight Problems That May Worsen Amid COVID-19 Crisis Three recently disclosed health data security incidents - including the discovery of a large email hack that happened nearly a year ago - serve as reminders of the ongoing incident response challenges facing healthcare organizations. And these difficulties are likely to worsen during the COVID-19 crisis

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Cybercriminals Using Zoom, WebEx as Phishing Lures: Report

Data Breach Today

Campaigns Aimed at Stealing Credentials, Distributing Malware Cybercriminals are using spoofed messages and images from Zoom and Cisco WebEx as lures in new phishing campaigns that are designed to steal credentials or distribute malware, according to the security firm Proofpoint

New COVID19 wiper overwrites MBR making computers unusable

Security Affairs

A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR. SonicWall’s security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). Unfortunately, this is one of the numerous attacks conducted by cyber criminals and nation-state actors in an attempt to take advantage of the COVID19 epidemic.

CISA Warns Patched Pulse Secure VPNs Still Vulnerable

Data Breach Today

Hackers Using Stolen Active Directory Credentials to Access Networks CISA issued a warning to organizations running Pulse Secure VPN servers that their networks may still be vulnerable to hacking even if they applied patches for a previous flaw. Attackers are now using stolen Active Directory credentials to access networks

Access 153

Microsoft Buys Corp.com So Bad Guys Can’t

Krebs on Security

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp.

Sales 193

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

We’ve come to rely on our smartphones to live out our digital lives, both professionally and personally. When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy. Reacting to the BYOD craze , mobile security frameworks have veered from one partially effective approach to the next over the past decade.

MDM 125

Securing Internet Videoconferencing Apps: Zoom and Others

Schneier on Security

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud.

White-Hat Hackers Help 'Fold' COVID-19 Proteins

Dark Reading

A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease

87

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Genetic Testing Lab Hack Affects 233,000

Data Breach Today

Second Largest Health Data Breach So Far This Year A California-based genetic testing laboratory has reported an email hacking incident that may have exposed medical information on nearly 233,000 individuals. It's the second-largest health data breach posted to the federal health data breach tally so far in 2020

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong.

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

The Last Watchdog

Ransomware continues to endure as a highly lucrative criminal enterprise. Ransomware hacking groups extorted at least $144.35 million from U.S. organizations between January 2013 and July 2019. That’s the precise figure recently disclosed by the FBI — the true damage is almost certainly a lot steeper, given only a portion of cyber crimes ever get reported to law enforcement. To get a foot in the door, ransomware purveyors direct weaponized email at a targeted employee.

Read all about it! COBOL 2020 Press Commentary – Confidence or Concern?

Micro Focus

Today’s top story: COBOL We have all been reading with interest the wide variety of commentary in recent days regarding the programming language COBOL in the middle of the debate. The commentary ranges from bewilderment that it is still so widely used, to bewilderment at those who didn’t realize it was still in use, to those who were amazed at. View Article.

IT 87

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Global Surveillance in the Wake of COVID-19

Schneier on Security

OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time.

267 Million Facebook identities available for 500 euros on the dark web

Security Affairs

Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords. Hackers are offering for sale over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums, the archive doesn’t include passwords. Early March, the security expert Bob Diachenko uncovered an Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names.

Sales 87

Ransomware: Average Business Payout Surges to $111,605

Data Breach Today

Ryuk and Sodinokibi Largely Responsible for One-Third Increase in Average Payments The average ransom paid by victims to ransomware attackers, when they paid, reached $111,605 in the first quarter of this year, up by one-third from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate

When in Doubt: Hang Up, Look Up, & Call Back

Krebs on Security

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

Design Thinking for Product Teams: Leverage Human Insight Throughout Development

Product teams must increase their exposure hours with customers—seeing and hearing them. Human insights and the design thinking framework can be applied to your development cycle to help you build better products and experiences for your customers.

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

The Last Watchdog

Application programming interface. It’s the glue holding digital transformation together. Related: A primer on ‘credential stuffing’ APIs are the conduits for moving data to-and-fro in our digitally transformed world. APIs are literally everywhere in the digital landscape, and more are being created every minute. APIs connect the coding that enables the creation and implementation of new applications. However, APIs also manifest as a wide open, steadily expanding attack vector.

Cybercrime May Be the World's Third-Largest Economy by 2021

Dark Reading

The underground economy is undergoing an industrialization wave and booming like never before

87

Contact Tracing COVID-19 Infections via Smartphone Apps

Schneier on Security

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Details, such as we have them, are here.) It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy protections; they're well thought out. I was going to write a long essay about the security and privacy concerns, but Ross Anderson beat me to it. Note that some of his comments are UK-specific.).

Paper 88