Sat.May 30, 2020 - Fri.Jun 05, 2020

Modernization Facts: The Path to Digital Transformation

Micro Focus

A Changing Normality The worldwide pandemic of 2020 is forcing rapid change for entire organizations—even industries. The ability for organizations to transform into digital-first entities is key to survival. IDC predicts that 60 percent of global GDP will be digitized by 2022. So what does an organization with significant investments in current IT systems do. View Article.

Mobile Phishing Attacks Increase Sharply

Dark Reading

Organizations need to include smartphones and tablets in their phishing mitigation strategies, a new report suggests

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Enough is Enough

Zapproved

It should not be a privilege for every person in America to live their lives feeling safe and secure. We must fight white supremacy individually and together if we hold hope for a better, community for us all. Zapproved News Zapproved news

Kaspersky IDs Sophisticated New Malware Targeted at Air-Gapped Systems

Dark Reading

USBCulprit' is one of several tools that suggest previously known Cycldek group is more dangerous than previous assumed, security vendor says

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

TrickBot Update Makes Malware Harder to Detect: Report

Data Breach Today

Updated Module Runs on System Memory, Leaving Little Trace The developers behind TrickBot have updated it to run from an infected device's memory to help better avoid detection, according to researchers at Palo Alto Network's Unit 42. The use of this malware has increased during the COVID-19 pandemic

IT 167

More Trending

Maze Ransomware leaks files of ST Engineering group

Security Affairs

ST Engineering is the last victim of the Maze Ransomware operators that published their data on their leak website. ST Engineering is one of the leading engineering groups worldwide, it specializes in the aerospace, electronics, land systems, and marine sectors. The group operates in more than 100 countries and reported revenue of $7.86b in FY2019. The Maze ransomware operators announced the release of stolen data on their leak site.

Anonymous demands justice for George Floyd and threatens attacks

Security Affairs

The hacktivist collective group Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. Anonymous demands justice for George Floyd and threatens to ‘expose the many crimes’ of Minneapolis Police. George Floyd was killed by a white police officer by kneeling on his neck for more than eight minutes. We are interventionist. We are hacktivist. We are journalist. We are activist. We are justice. We are legion. Expect us. We are from the internet.

Federal Agencies Reported Fewer Security Incidents in 2019

Data Breach Today

But OMB Report Says 'High-Value Assets' Need Better Protection U.S. federal agencies reported 8% fewer cybersecurity incidents in 2019 compared to the previous year, according to the White House's Office of Management and Budget. But 71 audits of agencies' "high-value assets" showed many remain susceptible to attacks because of a lack of security measures

Ransomware Attacks Hit 2 More Healthcare Organizations

Data Breach Today

Security Advisers Offer Risk Mitigation Tips Two ransomware incidents recently reported to federal regulators as health data breaches illustrate that the surge in such attacks show no signs of abating. Security advisers offer risk mitigation tips

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. You feel ready to take on rising security threats while continuously delivering quality software updates. But how do you monitor your new program? Are you truly able to gauge the state of your projects? To ensure the success of this new breed of a team, you need to know the metrics to look at and how to advocate these metrics to C-Suite and stakeholders. Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion

Krebs on Security

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities.

Paper 186

Zoom's Commitment to User Security Depends on Whether you Pay It or Not

Schneier on Security

Zoom was doing so well. And now we have this : Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. Free users for sure we don't want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose," Yuan said on the call. This is just dumb.

?Nonlethal? Anti-Protest Weapons Can Cause Serious Harm

WIRED Threat Level

Rubber bullets and tear gas are billed as relatively safe. They're anything but. Security Security / Security News

'Anonymous' Leak of Minneapolis Police Data Is a Hoax

Data Breach Today

Hacktivism or Disinformation? Whoever Leaked the Data, It's Culled From Old Breaches Not all data breaches are what they might seem, and not all leakers are who they might claim to be. Take the doxing of the Minneapolis Police Department, supposedly by Anonymous hacktivists: The leaked employee information was almost certainly culled from old breaches. So who did it, and why

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those don’t.

New 'Tycoon' Ransomware Strain Targets Windows, Linux

Dark Reading

Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before

How to Protest Safely in the Age of Surveillance

WIRED Threat Level

Law enforcement has more tools than ever to track your movements and access your communications. Here's how to protect your privacy if you plan to protest. Security Security / Security Advice

COVID-19 Drives Spike in Mobile Phishing Attacks: Report

Data Breach Today

Researchers Say Targeted Campaigns Are Spoofing Banks' Login Sites The shift to working from home during the COVID-19 pandemic has led to an increase in mobile phishing campaigns, with attackers targeting remote workers whose devices lack adequate security protections, according to the security firm Lookout. Many of these campaigns are designed to steal users' banking credentials

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

API Security and Hackers: What?s the Need?

Security Affairs

API Security – There is a considerable demand for data-centric projects, that is why companies have quickly opened their data to their ecosystem through REST or SOAP APIs. APIs work as doors for a company – closely guarding data of an organization. However, there are some challenges created: how do we hold the doors open to the world while simultaneously sealing them off from hackers? Here are the simple tips for API security, let’s have a look! Authentication.

Local, State Governments Face Cybersecurity Crisis

Dark Reading

Ransomware hit small government organizations hard in 2019. Now they have to deal with budget cuts, pandemic precautions, social unrest, and the coming election cycle

The Health Collaborative: Prescribing data for better health

IBM Big Data Hub

Using data to navigate the COVID-19 crisis. From electronic healthcare records to mapping the human genome, data remains critical to quality healthcare

75

Big GDPR Fines in UK and Ireland: What's the Holdup?

Data Breach Today

Both Countries Have Each Issued Only a Single, Finalized Fine Under EU's Privacy Law The EU's General Data Protection Regulation was meant to finally bring in line organizations that didn't treat Europeans' personal data with respect. But two years after the regulation went into full effect, why have both the U.K. and Ireland each issued only one final GDPR fine to date

GDPR 187

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

IP-in-IP flaw affects devices from Cisco and other vendors

Security Affairs

A flaw in the IP-in-IP tunneling protocol that can be exploited for DoS attacks and to bypass security controls impact devices from Cisco and other vendors. A vulnerability that affects the IP-in-IP tunneling protocol (aka IP Encapsulation within IP) implemented by Cisco and other vendors could be exploited for denial-of-service (DoS) attacks and to bypass security controls.

Spear-Phishing Campaign Hits Developer Collaboration System Users

Dark Reading

Users of Zeplin, a popular developer and designer collaboration system, have been hit with new waves of spear-phishing attacks in the last month

Password Changing After a Breach

Schneier on Security

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in place to mitigate harm.

Phishers Use Fake VPN Alerts to Steal Office 365 Passwords

Data Breach Today

Report: Fraudsters Target Remote Workers With Spoofed Updates Fraudsters are using fake VPN update alerts to target remote workers in an effort to steal their Microsoft Office 365 credentials, according to the security firm Abnormal Security

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

Security Affairs

Two security flaws in the PageLayer WordPress plugin can be exploited to potentially wipe the contents or take over WordPress sites. Security experts from WordFence discovered two high severity security vulnerabilities in the PageLayer WordPress plugin that could potentially allow attackers to wipe the contents or take over WordPress sites using vulnerable plugin versions.

RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes

Dark Reading

Remote Access Trojans (RATs) can be the beginning of very bad things on your network or workstations

Catches of the month: Phishing scams for June 2020

IT Governance

One of the more damaging side-effects of the coronavirus pandemic has been the increase in targeted phishing scams. Action Fraud estimates that Britons were conned out of £3.5 million in the first two months of lockdown, with cyber criminals cashing in on the uncertainty that the pandemic has caused. As of 15 May, the UK’s cyber crime agency had uncovered 7,796 phishing emails linked to COVID-19.