Sat.Feb 15, 2020 - Fri.Feb 21, 2020

Defense Department Agency Reports Data Breach

Data Breach Today

Defense Information Systems Agency Has a Security Mission A U.S.

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

44% of Security Threats Start in the Cloud

Dark Reading

Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud

Cloud 87

Hackers Were Inside Citrix for Five Months

Krebs on Security

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Phishing Campaigns Tied to Coronavirus Persist

Data Breach Today

UN's World Health Organization Warns of Fraud Attempts As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud. Here's an update on the latest developments

More Trending

Russia Doesn't Want Bernie Sanders. It Wants Chaos

WIRED Threat Level

The point of Kremlin interference has always been to find democracy’s loose seams, and pull. Security Security / National Security

IT 114

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program.

Google Removes 500 Chrome Extensions Tied to Malvertising

Data Breach Today

Researchers Say Attackers Stole Browser Data and Redirected Users to Malicious Sites Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security.

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

The Last Watchdog

Just five years ago, the Public Key Infrastructure, or PKI , was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

MGM Data Breach Affects Over 10 Million Customers

Adam Levin

The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year.

Encoding Stolen Credit Card Data on Barcodes

Krebs on Security

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service , the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards.

IT 210

Hackers Post Details on MGM Resorts Guests: Report

Data Breach Today

Breached Cloud Server Contained Data on 10 Million Guests Hackers have posted on an underground forum the personal information of 10.6 million MGM Resorts guests, ZDNet reports. The hotel chain confirms it was breached last year

Cloud 240

Inrupt, Tim Berners-Lee's Solid, and Me

Schneier on Security

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data.

IoT 111

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

US administration requests $9.8B for cyber 2021 budget for the Department of Defense

Security Affairs

The US administration requested $9.8 billion for cyber in next year’s budget for the Department of Defense, the amount is the same as last year. The US administration requested $9.8

10 Tough Questions CEOs Are Asking CISOs

Dark Reading

CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer

Ransomware Attack Hit US Natural Gas Facility

Data Breach Today

CISA Alert: Incident Led to Two-Day Shutdown A ransomware attack on a U.S. natural gas compression facility led to a two-day shutdown of operations, according to an alert from the Cybersecurity and Infrastructure Security Agency

Policy vs Technology

Schneier on Security

Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. (He

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

Security Affairs

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts.

Sales 108

Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

Dark Reading

In addition, more third parties are discovering the attacks rather than the companies themselves

105
105

Cybersecurity Plan for 2020 US Election Unveiled

Data Breach Today

CISA Describes Its Role as Security Facilitator The U.S.

Hacking McDonald's for Free Food

Schneier on Security

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month.

Pressure Points: How to Ensure Your B2B Pipeline Passes Inspection

This eBook highlights best practices for developing a pipeline management process that helps sales leaders and their team C.L.O.S.E (you’ll see what we mean in this eBook) more revenue through data-driven prospecting, stage analysis, and subsequent sales enablement.

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

Security Affairs

A security expert found a flaw in SharePoint that could be exploited to remotely execute arbitrary code by sending a specially crafted SharePoint application package.

Olympics Could Face Disruption from Regional Powers

Dark Reading

Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say

101
101

GAO: Census Bureau Comes Up Short on Cybersecurity

Data Breach Today

With 2020 Census Slate to Start April 1, Bureau Still Has Work to Do The U.S. Census Bureau has not done enough to address cybersecurity issues in preparation for the 2020 census, which is slated to begin April, according to a new report from the Government Accountability Office

Voatz Internet Voting App Is Insecure

Schneier on Security

This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.".

Paper 104

Marketing-Led Post-COVID-19 Growth Strategies

Businesses are laying off workers, shutting their doors (some permanently), and struggling to react to the radical destruction that coronavirus (COVID-19) is doing to our society and communities. Most have already sustained massive damage, and we still have yet to see the scope of impact of the global pandemic that has upended the globe. Any return to normalcy may seem far-off, but sales and marketing are on the front lines of restarting the economy. When the dust settles, we have a responsibility to turn our shock and grief into fierce determination, and lead the charge of responsible, strategic, sustainable future growth. However, there’s no team better suited to lead that charge than the marketing department. Marketers are uniquely positioned to provide creative solutions to aid their organization in times of change and chart a course for navigating success.

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium.

RSAC 2020: Trust in the Cloud. What Should You Do with Your Encryption Keys?

Thales eSecurity

In the past decade, businesses started evaluating the pros and cons of moving to the cloud in order to meet the increased demand for the cost and IT efficiency benefits of cloud computing and Software as a Service (SaaS).

Mobile Banking Users Targeted in SMS Phishing Campaign

Data Breach Today

Researchers Say Attackers Targeted American and Canadian Banking Customers Cybercriminals targeted mobile banking users by sending malicious SMS messages to their smartphones as part of a phishing campaign to steal account holders' information, including usernames and passwords, according to the cybersecurity firm Lookout.