September, 2020

FBI, CISA Warn of Election Results Disinformation Campaigns

Data Breach Today

Nation-States, Others Could Try to Undermine Confidence in Election Process With less than 45 days to go before the November election, the FBI and CISA have issued a warning that nation-state hackers and cybercriminals may attempt to spread disinformation regarding the final vote tallies as a way to undermine confidence in the voting process.

251
251

Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere

WIRED Threat Level

So-called single sign-on options offer a lot of convenience. But they have downsides that a good old fashioned password manager doesn't. Security Security / Security Advice

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Due Diligence That Money Can’t Buy

Krebs on Security

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in.

A powerful DDoS attack hit Hungarian banks and telecoms services

Security Affairs

Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam. A powerful DDoS attack hit some Hungarian banking and telecommunication services that briefly disrupted them.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Former NSA Director Keith Alexander Joins Amazon’s Board of Directors

Schneier on Security

This sounds like a bad idea. Uncategorized Amazon NSA privacy surveillance

More Trending

Morgan Stanley Hit With $5 Million Data Breach Suit

Data Breach Today

Poor Procedures for Discarding Old Equipment Led to Breach, Lawsuit Alleges A $5 million lawsuit seeking class action status has been filed against Morgan Stanley, claiming the financial organization failed to properly safeguard personally identifiable information when the company discarded old computer equipment.

179 Arrested in Massive Global Dark Web Takedown

WIRED Threat Level

Operation Disruptor is an unprecedented international law enforcement effort, stemming from last year’s seizure of a popular underground bazaar called Wall Street Market. Security Security / Security News

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies.

Mining 253

Victims of ThunderX ransomware can recover their files for free

Security Affairs

Good news for the victims of the ThunderX ransomware, cybersecurity firm Tesorion has released a decryptor to recover their files for free. Cybersecurity firm Tesorion has released a free decryptor for the ThunderX ransomware that allows victims to recover their files.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Hacking a Coffee Maker

Schneier on Security

As expected, IoT devices are filled with vulnerabilities : As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it.

IoT 108

A Guide to the NIST Cybersecurity Framework

Dark Reading

With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help

FBI Warns: Credential Stuffing Attacks on the Rise

Data Breach Today

Stolen Credentials, Lack of MFA Leading to Millions in Banking Losses The FBI is warning organizations in the financial sector about an increase in botnet-launched credential stuffing attacks that are leading to the theft of millions.

256
256

One Data Scientist’s Quest to Quash Misinformation

WIRED Threat Level

Sara-Jayne Terp uses the tools of cybersecurity to track false claims like they’re malware. Her goal: Stop dangerous lies from hacking our beliefs. Security Security / Cyberattacks and Hacks Backchannel

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Who’s Behind Monday’s 14-State 911 Outage?

Krebs on Security

Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft ‘s Azure web services platform, which also was struggling with a widespread outage at the time.

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

Samba team has released a security patch to address the Zerologon issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Samba team has released a security patch to address the Zerologon (CVE-2020-1472) issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC).

Breaching the GDPR

Data Protector

GDPR 156

Making the Case for Medical Device Cybersecurity

Dark Reading

With an increasing number of Internet-connected medical devices in use to manage diabetes, protection against a variety of wireless network attacks could very well be a matter of life and death for patients

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Cyber Incidents Disrupt More Schools

Data Breach Today

Districts in Connecticut, Florida Among the Latest Targets The start of classroom instruction at Hartford Public Schools in Connecticut was canceled Tuesday as a result of a ransomware attack - the latest in a series of cyber incidents to disrupt schools this fall.

Julian Assange Lays Out His Case Against US Extradition

WIRED Threat Level

The argument hinges in part on psychiatrists' testimony that Assange is a high suicide risk. Security Security / Security News

Risk 110

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

Tyler Technologies , a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations.

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019.

IoT 109

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Adequacy

Data Protector

In data protection law, transfers of personal data must be safeguarded by written contracts between the parties.

Legality of Security Research to be Decided in US Supreme Court Case

Dark Reading

A ruling that a police officer's personal use of a law enforcement database is "hacking" has security researchers worried for the future

Bye-Bye Bitcoins: Empire Darknet Market 'Exit Scams'

Data Breach Today

Darknet Market Is the Latest to See Administrators Steal Users' Cryptocurrency Message to anyone who placed or fulfilled an order via the world's largest darknet market, Empire, in recent weeks: Say bye-bye to your cryptocurrency.

The Best Privacy-Friendly Alternatives to Google Maps

WIRED Threat Level

Google Maps is arguably the easiest mapping service to use, but that doesn't mean it's the most secure. Security Security / Security Advice

Design Thinking for Product Teams: Leverage Human Insight Throughout Development

Product teams must increase their exposure hours with customers—seeing and hearing them. Human insights and the design thinking framework can be applied to your development cycle to help you build better products and experiences for your customers.

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Krebs on Security

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware.

Interesting Attack on the EMV Smartcard Payment Standard

Schneier on Security

It’s complicated , but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal.

Paper 105