October, 2020

Cybercrime: 12 Top Tactics and Trends

Data Breach Today

From Ransomware and DDoS to Malware and SIM Swapping: Europol Describes Latest Threats Ransomware attacks remain the top cyber-enabled threat seen by law enforcement.

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Krebs on Security

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot , a global menace that has infected millions of computers and is used to spread ransomware.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

FBI and the DHS’s CISA agencies published a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia.

Ransomware Knocks Out Voter Database in Georgia

Data Breach Today

Report: Hall County Continuing to Restore Systems An Oct. 7 ransomware attack targeted a database used to verify voter signatures in Georgia, and the database is still not fully functional. The DoppelPaymer gang has taken credit for the attack

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Breach at Dickey’s BBQ Smokes 3M Cards

Krebs on Security

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week.

Sales 242

More Trending

The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Schneier on Security

Senator Ron Wyden asked, and the NSA didn’t answer : The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.

IT 114

Botnet Infects Hundreds of Thousands of Websites

Dark Reading

KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence

Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users

Security Affairs

Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams.

Clothing Retailer H&M Told to Wear $41 Million GDPR Fine

Data Breach Today

Employee Surveillance Violations Trigger Germany's Biggest Privacy Fine to Date Privacy regulators in Germany have slammed clothing retailer H&M with a $41 million fine for collecting and retaining private employee data in violation of the EU's General Data Protection Regulation.

Retail 270

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Report: U.S. Cyber Command Behind Trickbot Tricks

Krebs on Security

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet , a malware crime machine that has infected millions of computers and is often used to spread ransomware.

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

WIRED Threat Level

The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history. Security Security / Cyberattacks and Hacks

IMSI-Catchers from Canada

Schneier on Security

Gizmodo is reporting that Harris Corp.

Sales 109

NSS Labs Shuttered

Dark Reading

The testing firm's website says it has 'ceased operations' as of Oct.

IT 111

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems.

6 Russians Indicted for Destructive NotPeyta Attacks

Data Breach Today

DOJ: Russian GRU Officers Targeted 2018 Olympics, French Elections and More The U.S.

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware.

Is it still necessary for data protection laws to have particular processing rules for specific types pf personal data?

Data Protector

I think not. European laws have special rules for the processing of “sensitive data” or “special category data” regardless of the context within which the data will be processed. This has been the case in the UK since the coming into force of the first (1984) Data Protection Act.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Google Responds to Warrants for “About” Searches

Schneier on Security

One of the things we learned from the Snowden documents is that the NSA conducts “about” searches. That is, searches based on activities and not identifiers. A normal search would be on a name, or IP address, or phone number.

Rising Ransomware Breaches Underscore Cybersecurity Failures

Dark Reading

Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone

Google discloses unpatched Windows zero-day exploited in the wild

Security Affairs

Google researchers disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation.

Access 108

Elite Russian Sandworm Hackers' OPSEC Problem

Data Breach Today

US Indictment Airs Russian Military's Dirty Laundry Although Russia's elite nation-state hackers are capable of waging destructive attacks, the GRU military intelligence Sandworm operators have not been able to remain in the shadows, a U.S. federal grand jury indictment suggests

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Krebs on Security

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today. Image: Shutterstock.

Why have I joined the LinkedIn Data Protection Reform Group?

Data Protector

There is an ongoing debate on the rights that data controllers should have, compared with the rights that private individuals should have. There’s also an ongoing debate on what role our national Data Protection supervisory authority should play in developing and enforcing privacy laws.

GDPR 156

Detecting Deep Fakes with a Heartbeat

Schneier on Security

Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face: In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation.

Paper 112

Massive New Phishing Campaigns Target Microsoft, Google Cloud Users

Dark Reading

At least three campaigns are now underway

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Enel Group suffered the second ransomware attack this year

Security Affairs

Multinational energy company Enel Group has been hit by Netwalker ransomware operators that are asking a $14 million ransom. Systems at the multinational energy company Enel Group has been infected with Netwalker ransomware , it is the second ransomware attack suffered by the energy giant this year.

Feds Release More Details on Emails Allegedly Sent By Iran

Data Breach Today

FBI, CISA Release IP Addresses And Other Technical Details Linked To Emails The FBI and CISA have released more technical details, including IOCs and IP addresses, which investigators say tie Iranian hackers to a series of threatening emails sent to some Democratic voters in the weeks leading up to the 2020 elections.

225
225

Attacks Aimed at Disrupting the Trickbot Botnet

Krebs on Security

Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot , an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.