Sat.Sep 12, 2020 - Fri.Sep 18, 2020

US Banning TikTok, WeChat Downloads

Data Breach Today

Commerce Department Says Social Media Apps Pose National Security Threat The U.S. Commerce Department is banning the downloading and hosting of China-based social media apps TikTok and WeChat effective on Sunday, citing national security concerns.

Why Darknet Markets Persist

Data Breach Today

Ease of Use and Few Alternatives Keep Bringing Users Back Empire is the latest darknet market to "exit scam," meaning administrators ran away with users' cryptocurrency, leaving the market to fail.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Software Audits During a Pandemic

Micro Focus

The letter of the law Virtually anyone who has worked in IT over a meaningful period of time has experienced a software audit, which is sometimes called a License Verification (or LV) process.

IT 83

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies.

Mining 253

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

One Data Scientist’s Quest to Quash Misinformation

WIRED Threat Level

Sara-Jayne Terp uses the tools of cybersecurity to track false claims like they’re malware. Her goal: Stop dangerous lies from hacking our beliefs. Security Security / Cyberattacks and Hacks Backchannel

More Trending

A Hacker's Playlist

Dark Reading

Nine security researchers share their favorite songs and genres

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Krebs on Security

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner.

Mining 108

CISA: Chinese Hackers Targeting US Agencies

Data Breach Today

Groups Exploiting Unpatched Vulnerabilities The U.S. Cybersecurity and Infrastructure Security Agency warns that hacking groups backed by the Chinese Ministry of State Security are exploiting several unpatched vulnerabilities to target federal agencies

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Breaching the GDPR

Data Protector

GDPR 156

Due Diligence That Money Can’t Buy

Krebs on Security

Most of us automatically put our guard up when someone we don’t know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in.

Deadly Ransomware Story Continues to Unfold

Dark Reading

A ransomware attack with fatal consequences is attracting notice and comment from around the world

Senators Demand More Details on VA Breach

Data Breach Today

Lawmakers Say 17,000 Healthcare Providers Affected; VA Disputes Claim Several Senate Democrats are demanding answers from the Department of Veterans Affairs about cybersecurity practices after a breach that the VA says exposed data on 46,000 veterans, but which the senators claim also apparently affected 17,000 healthcare providers.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Interesting Attack on the EMV Smartcard Payment Standard

Schneier on Security

It’s complicated , but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal.

Paper 105

Maze ransomware uses Ragnar Locker virtual machine technique

Security Affairs

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine.

Open Source Security's Top Threat and What To Do About It

Dark Reading

With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor

Risk 106

U.S. Imposes Sanctions on Iranian APT Group

Data Breach Today

FBI Releases Advisory on Previously Undisclosed Iranian Malware The U.S.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

A Texas County Clerk’s Bold Crusade to Transform How We Vote

WIRED Threat Level

How Dana DeBeauvoir set off the biggest, weirdest, and most promising revolution in election technology since the 1800s. Security Security / Cyberattacks and Hacks Backchannel

Chinese hackers stole info from Spanish centers working on Covid19 vaccine

Security Affairs

Chinese hackers have stolen information from Spanish laboratories working on a vaccine for COVID19, El Pais newspaper revealed. The El Pais newspaper reported that Chinese hackers have stolen information from Spanish laboratories working on a vaccine for COVID19.

New Bluetooth Vulnerability

Schneier on Security

There’s a new unpatched Bluetooth vulnerability : The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short).

Does This Exposed Chinese Database Pose a Security Threat?

Data Breach Today

ISMG View: Unless There's More To It, Database Appears to be Scraped Public Data A leaked database compiled by a Chinese company has suddenly become the focus of multiple media reports, warning that it could be used as an espionage instrument by Beijing.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Time for CEOs to Stop Enabling China's Blatant IP Theft

Dark Reading

Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty

Bank of Seychelles hit by a ransomware attack

Security Affairs

The Development Bank of Seychelles (DBS) was hit by a ransomware attack disclose the Central Bank of Seychelles (CBS). The Central Bank of Seychelles (CBS) disclosed via a press statement that the Development Bank of Seychelles (DBS) was hit by a ransomware attack.

Nihilistic Password Security Questions

Schneier on Security

Posted three years ago, but definitely appropriate for the times. Uncategorized humor passwords security questions

3 Iranian Hackers Charged With Targeting US Satellite Firms

Data Breach Today

DOJ: Hackers Used Social Engineering Techniques, Spear Phishing Three Iranian hackers have been charged in connection with using social engineering and phishing techniques to steal data and intellectual property from U.S. satellite and aerospace companies, according to the Justice Department.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

CISA Joins MITRE to Issue Vulnerability Identifiers

Dark Reading

The Cybersecurity and Infrastructure Security Agency will become a peer of MITRE in the CVE program, likely leading to continued increases in disclosed vulnerabilities

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

Researchers from Temple University have been tracking ransomware attacks on critical infrastructure all over the world.

Gen Z Has a Plan to Save the Election—Starting With the Polls

WIRED Threat Level

Poll workers, who skew elderly, are in short supply during the pandemic. Meet some of the young people trying to make up the gap. Security Security / National Security