Sat.Jun 27, 2020 - Fri.Jul 03, 2020

COVID-19 ‘Breach Bubble’ Waiting to Pop?

Krebs on Security

The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change — and likely for the worse.

Sales 131

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Security Value of Inefficiency

Schneier on Security

For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that's all profitable. Inefficiency, on the other hand, is waste. Extra inventory is inefficient. Overcapacity is inefficient. Using many small suppliers is inefficient. Inefficiency is unprofitable.

US Cyber Command Alert: Patch Palo Alto Networks Products

Data Breach Today

Critical' Authentication Bypass Risk Posed by Easy-to-Exploit PAN-OS Software Flaw Palo Alto Networks product alert: All users should immediately patch a "critical" flaw in Pan-OS that can be remotely exploited to bypass authentication and take full control of systems or gain access to networks, U.S. Cyber Command and the Cybersecurity Infrastructure and Security Agency warn

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

Researchers revealed that the number of daily brute-force attacks on Windows RDP has doubled during the pandemic lockdown. Security experts from ESET revealed that the number of daily brute-force attacks on Windows RDP has doubled during the COVID-19 lockdown. The phenomenon is not surprising because during the COVID-19 lockdown employees were forced to work from home remote accessing company infrastructure.

More Trending

Is It Legal for Cops to Force You to Unlock Your Phone?

WIRED Threat Level

Because the relevant Supreme Court precedents predate the smartphone era, the courts are divided on how to apply the Fifth Amendment. Security Security / Privacy

IT 67

University of California SF Pays Ransom After Medical Servers Hit

Dark Reading

As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine

IT 79

POS Malware Using DNS to Steal Payment Card Data

Data Breach Today

Researchers: Revamped Alina Trojan Targeting Windows-Based Devices Fraudsters are using a revamped version of the Alina Trojan to target Windows-based POS devices to steal payment card data, according to Century Link's Black Lotus Labs. The malware operators are using unsecured DNS protocols to exfiltrate the data

158
158

Refreshing Insights for Modern COBOL

Micro Focus

Introduction In its seventh decade, COBOL’s heritage is legendary. This month sees yet another stride forward in COBOL innovation, with the latest release of the Micro Focus Visual COBOL and Enterprise product sets. But what of its practitioners? Where is the investment? We caught up two new members of the COBOL community, from our recent. View Article. Application Modernization and Connectivity Company Culture #WomenInSTEM COBOL ITSkills Modernization WomeninTech

IT 87

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

The Worst Hacks and Breaches of 2020 So Far

WIRED Threat Level

Iran, China, Russia—the gang was all here in the first half of this year. Oh, and also an unprecedented pandemic that’s been a boon for hackers. Security Security / Cyberattacks and Hacks

7 IoT Tips for Home Users

Dark Reading

Whether for business or pleasure, you're on your own once you walk into the house with a new Internet of Things device. Here's how to keep every one secure

IoT 87

It's Official: CCPA Enforcement Begins

Data Breach Today

Move Comes Despite Lack of Final Version of Sweeping Data Protection Law Enforcement of the California Consumer Privacy Act officially began Wednesday despite the lack of a final, codified version of the regulation. Experts weigh in on compliance steps organizations should take

IT 155

Hacked by Police

Schneier on Security

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

List of data breaches and cyber attacks in June 2020 ­– 7 billion records breached

IT Governance

The first half of 2020 ended on a familiarly bad note, with 92 security incidents accounting for at least 7,021,195,399 breached records. That figure was boosted significantly by KeepNet Labs finally bowing to pressure and admitting that a third party did in fact briefly expose five billion records online.

Files Stolen from 945 Websites Discovered on Dark Web

Dark Reading

Researchers who found the archived SQL files estimate up to 14 million people could be affected

Operators Behind Valak Malware Expand Malicious Campaign

Data Breach Today

Financial, Manufacturing, Healthcare and Insurance Firms Victimized The operators behind the Valak malware strain have expanded their malicious campaigns to other parts of the world, targeting financial, manufacturing, healthcare and insurance firms, according to Cisco Talos. Attackers are now using existing email threads and ZIP files to spread the information stealer

iPhone Apps Stealing Clipboard Data

Schneier on Security

iOS apps are repeatedly reading clipboard data , which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a banner warning every time an app reads clipboard contents.

IT 86

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

Security Affairs

Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability , tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated as critical severity and received a CVSS 3.x base score of 10.

22,900 MongoDB Databases Affected in Ransomware Attack

Dark Reading

An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind

FakeSpy Android Malware Disguised as Postal Service Messages

Data Breach Today

Researchers: Attackers Use SMS Phishing Messages to Spread Info Stealer The operators behind an updated version of the FakeSpy malware are targeting Android devices using SMS phishing messages to spread the info stealer, according to Cybereason. The messages are designed to appear to come from postal and delivery services

Android Apps Stealing Facebook Credentials

Schneier on Security

Google has removed 25 Android apps from its store because they steal Facebook credentials : Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack. Asian media firm E27 has been hacked by a hacking group identifying themselves as “Korean Hackers” and “Team Johnwick”that asked for a “donation” to provide information on the vulnerabilities they have exploited in the attack.

DDoS Attacks Jump 542% from Q4 2019 to Q1 2020

Dark Reading

The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs

83

Brute-Force Attacks Targeting RDP on the Rise

Data Breach Today

ESET Researchers: Attacks Open the Door to Launching Ransomware, Planting Cryptominers Since the start of the COVID-19 pandemic, the number of brute-force attacks targeting RDP connections has steadily increased, spiking to 100,000 incidents per day in April and May, according to the security firm ESET. These attacks pave the way for launching ransomware attacks and planting cryptominers

New Mac Ransomware Is Even More Sinister Than It Appears

WIRED Threat Level

The malware known as ThiefQuest or EvilQuest also has spyware capabilities that allow it to grab passwords and credit card numbers. Security Security / Cyberattacks and Hacks Security / Security News

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Alleged cyber attacks caused fire and explosions at nuclear and military facilities in Iran

Security Affairs

The root cause of a series of explosions at important facilities in Iran may be cyberattacks allegedly launched by Israel. A recent sequence of fires and explosions at important Iranian facilities may have been caused by cyber attacks as part of an operation conducted by Israel. Recently several major Iranian industrial facilities suffered a sequence of mysterious incidents.

CISA Issues Advisory on Home Routers

Dark Reading

The increase in work-from-home employees raises the importance of home router security

Detecting Network Security Incidents

Data Breach Today

ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents