Sat.Aug 08, 2020 - Fri.Aug 14, 2020

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

R1 RCM Inc. NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc. Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019.

Alert: Russian Hackers Deploying Linux Malware

Data Breach Today

Alert From NSA and FBI Warns of Drovorub Malware Used by 'Fancy Bear' Group An alert from U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Research Casts Doubt on Value of Threat Intel Feeds

Dark Reading

Two commercial threat intelligence services and four open source feeds rarely provide the same information, raising questions about how security teams should gauge their utility

Maze ransomware gang leaked Canon USA’s stolen files

Security Affairs

Maze ransomware operators have leaked online the unencrypted files allegedly stolen from Canon during a recent ransomware attack.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Why & Where You Should You Plant Your Flag

Krebs on Security

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

More Trending

How Facebook and Other Sites Manipulate Your Privacy Choices

WIRED Threat Level

Social media platforms repeatedly use so-called dark patterns to nudge you toward giving away more of your data. Security Security / Privacy

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Security Affairs

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. A team of Chinese experts from Sky-Go, the Qihoo 360 division focused on car hacking, discovered 19 vulnerabilities in a Mercedes-Benz E-Class, including some issues that can be exploited by attackers to remotely hack a vehicle.

Paper 87

Microsoft Patch Tuesday, August 2020 Edition

Krebs on Security

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up!

SANS Institute Sees Its Breach as Teachable Moment

Data Breach Today

Cyberecurity Training Center Wants Others to Learn From Phishing Attack The SANS Institute, which is known for its cybersecurity training courses, is now planning to turn its own data breach into a teachable moment for its membership

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Microsoft Patches 120 Vulnerabilities, Two Zero-Days

Dark Reading

The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities


Drovorub Malware

Schneier on Security

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread. cyberespionage cybersecurity espionage fbi implants malware nsa russia

A British AI Tool to Predict Violent Crime Is Too Flawed to Use

WIRED Threat Level

A government-funded system known as Most Serious Violence was built to predict first offenses but turned out to be wildly inaccurate. Business Business / Artificial Intelligence Security

More Microsoft Zero-Day Flaws Being Exploited

Data Breach Today

Microsoft and CISA Recommend Immediate Patching of Critical Bugs Two critical, zero-day vulnerabilities affecting Internet Explorer and multiple versions of the Windows operating system are being exploited in the wild, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency warn, urging prompt patching

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Security Jobs With a Future -- And Ones on the Way Out

Dark Reading

Some titles are hot, while others are not, amid rapidly shifting business priorities

Smart Lock Vulnerability

Schneier on Security

Yet another Internet-connected door lock is insecure : Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code."

Homoglyph attacks used in phishing campaign and Magecart attacks

Security Affairs

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. The hackers targeted visitors of several sites using typo-squatted domain names, and modified favicons to inject software skimmers used to steal payment card information.

North Korean Hackers Wage Job-Themed Spear-Phishing Attacks

Data Breach Today

ClearSky: Operation 'DreamJob' Lures Defense Workers With Fake Job Opportunities Hackers with suspected ties to North Korea's government are conducting a cyber espionage campaign that's circulating "job opportunity" spear-phishing emails targeting employees of defense contractors, according to the security firm ClearSky.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

SANS Security Training Firm Hit with Data Breach

Dark Reading

A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports

The NSA's Tips to Keep Your Phone From Tracking You

WIRED Threat Level

Plus: A Canon ransomware hack, a nasty Twitter bug, and more of the week's top security news. Security Security / Security Advice

North Korea’s Lazarus compromised dozens of organizations in Israel

Security Affairs

Since January 2020, the North Korea-linked Lazarus APT has successfully compromised dozens of organizations in Israel and other countries.

BEC Scam Targets Executives' Office 365 Accounts

Data Breach Today

Trend Micro: 'Water Nue' Payment Fraud Campaign Has Targeted 1,000 Companies Since March A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro


The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Zero-Trust Security 101

Dark Reading

What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak

Belarus Has Shut Down the Internet Amid a Controversial Election

WIRED Threat Level

Human rights organizations have blamed the Belarusian government for widespread outages. Security Security / Security News

TeamViewer flaw can allow hackers to steal System password

Security Affairs

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it. TeamViewer is a popular software application for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.

Avaddon Ransomware Joins Data-Leaking Club

Data Breach Today

Operators Create a Dedicated Leak Site, Continue Recruiting Affiliates Yet another ransomware-wielding gang has threatened to steal and leak the data of any victims who refuse to pay a ransom: The operators of Avaddon ransomware have created a dedicated data-leak site that already lists a construction firm victim, and the gang continues to recruit new affiliates

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Healthcare Industry Sees Respite From Attacks in First Half of 2020

Dark Reading

Breach disclosures are down, and reported ransomware attacks have also plummeted. Good news -- or a calm before the storm

Flaws Could Have Exposed Cryptocurrency Exchanges to Hackers

WIRED Threat Level

Researchers found troubling bugs in open-source libraries used by financial institutions. Security Security / Cyberattacks and Hacks

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group. The name comes from drovo [?????], which translates to “firewood”, or “wood” and rub [???],