October, 2020

Cybercrime: 12 Top Tactics and Trends

Data Breach Today

From Ransomware and DDoS to Malware and SIM Swapping: Europol Describes Latest Threats Ransomware attacks remain the top cyber-enabled threat seen by law enforcement.

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Krebs on Security

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot , a global menace that has infected millions of computers and is used to spread ransomware.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

FBI and the DHS’s CISA agencies published a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia.

Ransomware Knocks Out Voter Database in Georgia

Data Breach Today

Report: Hall County Continuing to Restore Systems An Oct. 7 ransomware attack targeted a database used to verify voter signatures in Georgia, and the database is still not fully functional. The DoppelPaymer gang has taken credit for the attack

Open Source & Open Standards: Navigating the Intricacies of a Symbiotic Partnership

Speaker: Guy Martin, Executive Director of OASIS Open

The COVID-19 global pandemic has raised the already bright visibility of technology to an even higher level. Join Guy Martin, Executive Director at OASIS Open, as he presents this webinar that will discuss how we can make open source and open standards even more effective by helping them recapture their strong partnership.

Breach at Dickey’s BBQ Smokes 3M Cards

Krebs on Security

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week.

Sales 263

More Trending

The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Schneier on Security

Senator Ron Wyden asked, and the NSA didn’t answer : The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.

IT 114

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

WIRED Threat Level

The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history. Security Security / Cyberattacks and Hacks

Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users

Security Affairs

Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams.

Clothing Retailer H&M Told to Wear $41 Million GDPR Fine

Data Breach Today

Employee Surveillance Violations Trigger Germany's Biggest Privacy Fine to Date Privacy regulators in Germany have slammed clothing retailer H&M with a $41 million fine for collecting and retaining private employee data in violation of the EU's General Data Protection Regulation.

Retail 268

Leading Advertising and Analytics Company Outperforms With a Graph Database

Xandr, a division of AT&T, has built an identity graph that connects information on people, households, and more. The company is using this graph to provide advertisers an ability to deliver commercials more successfully than ever before. Learn more.

Report: U.S. Cyber Command Behind Trickbot Tricks

Krebs on Security

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet , a malware crime machine that has infected millions of computers and is often used to spread ransomware.

Surviving Radical Disruption with Data Intelligence

erwin

It’s certainly no secret that data has been growing in volume, variety and velocity, and most companies are overwhelmed by managing it, let alone harnessing it to put it to work. We’re now generating 2.5

Rising Ransomware Breaches Underscore Cybersecurity Failures

Dark Reading

Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone

Apple's T2 Security Chip Has an Unfixable Flaw

WIRED Threat Level

The Checkm8 vulnerability that exposed years of iPhones to jailbreaking has finally been exploited in Macs as well. Security Security / Cyberattacks and Hacks

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

Is the Abaddon RAT the first malware using Discord as C&C?

Security Affairs

Abaddon is the first RAT that uses the freeware instant messaging and VoIP app and digital distribution platform Discord as a command & control server.

6 Russians Indicted for Destructive NotPeyta Attacks

Data Breach Today

DOJ: Russian GRU Officers Targeted 2018 Olympics, French Elections and More The U.S.

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware.

Is Climbing the Corporate Ladder Still a Thing?

erwin

Thoughts on erwin Insights Day No. 2 Keynote. If you didn’t watch New York Times Best-Selling Author Keith Ferrazzi’s keynote from erwin Insights 2020 , what are you waiting for?

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

The new DevSecOps team is up and running, and you feel ready to take on rising security threats while delivering quality software updates. But that leaves just one question: how do you monitor your new program as effectively and efficiently as possible? Join Shannon Lietz, Director of DevsecOps at Intuit, and award-winning innovator, to learn the answers to these questions so you can lead your DevSecOps team to the top!

NSS Labs Shuttered

Dark Reading

The testing firm's website says it has 'ceased operations' as of Oct.

IT 110

A Navy SEAL, a Quadcopter, and a Quest to Save Lives in Combat

WIRED Threat Level

On the battlefield, any doorway can be a death trap. A special ops vet, and his businessman brother, have built an AI to solve that problem. Security Security / National Security

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems.

Elite Russian Sandworm Hackers' OPSEC Problem

Data Breach Today

US Indictment Airs Russian Military's Dirty Laundry Although Russia's elite nation-state hackers are capable of waging destructive attacks, the GRU military intelligence Sandworm operators have not been able to remain in the shadows, a U.S. federal grand jury indictment suggests

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Krebs on Security

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock.

New Report on Police Decryption Capabilities

Schneier on Security

There is a new report on police decryption capabilities: specifically, mobile device forensic tools (MDFTs). Short summary: it’s not just the FBI that can do it. This report documents the widespread adoption of MDFTs by law enforcement in the United States.

Teach Your Employees Well: How to Spot Smishing & Vishing Scams

Dark Reading

One of the best ways to keep employees from falling victim to these social-engineering attacks is to teach them the signs

109
109

The Man Who Speaks Softly—and Commands a Big Cyber Army

WIRED Threat Level

Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing. Security Security / National Security Backchannel

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Google discloses unpatched Windows zero-day exploited in the wild

Security Affairs

Google researchers disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation.

Access 112

Feds Release More Details on Emails Allegedly Sent By Iran

Data Breach Today

FBI, CISA Release IP Addresses And Other Technical Details Linked To Emails The FBI and CISA have released more technical details, including IOCs and IP addresses, which investigators say tie Iranian hackers to a series of threatening emails sent to some Democratic voters in the weeks leading up to the 2020 elections.

224
224

Attacks Aimed at Disrupting the Trickbot Botnet

Krebs on Security

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.