Sat.Apr 25, 2020 - Fri.May 01, 2020

Work-at-Home: The Impact on Security

Data Breach Today

Survey Sizes Up Increased Risks, New Duties for Security Staff The shift to working at home is opening the door to cybersecurity incidents. Some 23% of respondents to a small survey conducted by the training organization (ISC)2 say their organization has experienced an increase in cybersecurity incidents since transitioning to remote work

Ascending to new heights of CSR

Micro Focus

Today, I am pleased to announce that Micro Focus is joining over 80 companies who have pledged their support to North American-based Ascend’s COVID-19 Action Agenda. Micro Focus joins the ranks of Goldman Sachs & Co, Bank of America, Deloitte, The Coca Cola Company, Facebook, Procter & Gamble, Uber, Pfizer and many more global companies. View Article. Company Culture Corporate Ascend Corporate Social Responsibility INSPIRE

65

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

COVID-19: Stages of Re-Entry Planning

Data Breach Today

Pandemic Expert Regina Phelps on How to Strategize for Life After Quarantine As politicians and protesters argue about the merits and timing of emerging from COVID-19 quarantine, crisis management expert Regina Phelps lays out a 10-step re-entry plan. Her word of counsel: "Caution

146
146

Google found zero-click vulnerabilities in Apple’s multimedia processing components

Security Affairs

Google Project Zero white-hat hackers have disclosed zero-click vulnerabilities affecting multiple Apple operating systems. White-hat hackers at Google Project Zero team have discovered several zero-click vulnerabilities impacting multiple Apple’s multimedia processing components is several Apple operating systems. Multimedia processing components could be a privileges entry point for threat actos that attempt to hack into the mobile OS, including the Apple one.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

The ADL Calls Out Steam for Giving Extremists a Pass

WIRED Threat Level

The nonprofit has identified hundreds of profiles that espouse hate, with little attempt from the gaming platform to stop them. Security Security / Security News

More Trending

COVIDSafe App Teardown & Panel Discussion

Troy Hunt

I've written a bunch about COVID-19 contact tracing apps recently as they relate to security and privacy, albeit in the form of long tweets.

IT 87

What Is Fleeceware and How Can You Protect Yourself?

WIRED Threat Level

Sneaky developers are charging big bucks for basic apps. Here's how to spot a scam in sheep's clothing. Security / Security News

How Cybercriminals are Weathering COVID-19

Krebs on Security

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services.

Retail 162

Enterprise Security Woes Explode with Home Networks in the Mix

Threatpost

Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the corporate network. Cloud Security Featured IoT Security Analyst Summit Vulnerabilities Web Security automated attacks bots coronavirus COVID-19 enterprise security fingerprinting corporate risk home networks Kaspersky Microsoft nate warfield network perimeter refrigerators samsung tvs sas@home Security Vulnerabilities work from home

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

How Spies Snuck Malware Into the Google Play Store—Again and Again

WIRED Threat Level

Malicious Android apps from the so-called PhantomLance campaign targeted hundreds of users, and at least two slipped past Google's defenses. Security Security / Cyberattacks and Hacks

NEW TECH: CASBs continue evolving to help CISOs address multiplying ‘cloud-mobile’ risks

The Last Watchdog

It can be argued that we live in a cloud-mobile business environment. Related: The ‘shared responsibility’ burden Most organizations are all caught up, to one degree or another, in migrating to hybrid cloud networks. And startups today typically launch with cloud-native IT infrastructure. Mobile comes into play everywhere. Employees, contractors, suppliers and customers consume and contribute from remote locations via their smartphones.

Risk 153

Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Security Affairs

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Banco BCR has equity of $806,606,710 and assets of $7,607,483,881, it is one of the most solid banks in Central America.

Securing Internet Videoconferencing Apps: Zoom and Others

Schneier on Security

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

The number of RDP brute-force attacks is skyrocketing in mid-March due to remote working imposed during the COVID-19 pandemic. Researchers from Kaspersky Lab are observing a significant increase in the number of RDP brute-force attacks since the beginning of the COVID-19 pandemic. Earlier this month, researchers from Shodan reported a 41% increase in the number of RDP endpoints exposed online, since the beginning of the COVID-19 pandemic.

Ransomware: Average Business Payout Surges to $111,605

Data Breach Today

Ryuk and Sodinokibi Largely Responsible for One-Third Increase in Average Payments The average ransom paid by victims to ransomware attackers, when they paid, reached $111,605 in the first quarter of this year, up by one-third from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate

Would You Have Fallen for This Phone Scam?

Krebs on Security

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

The Last Watchdog

As coronavirus-themed cyber attacks ramp up, consumers and companies must practice digital distancing to keep themselves protected. Related: Coronavirus scams leverage email As we get deeper into dealing with the coronavirus outbreak, the need for authorities and experts to communicate reliably and effectively with each other, as well as to the general public, is vital. That, of course, presents the perfect environment for cybercrime that pivots off social engineering.

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Me on COVID-19 Contact Tracing Apps

Schneier on Security

I was quoted in BuzzFeed: "My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? This is just something governments want to do for the hell of it.

IT 88

10 Ransomware Strains Being Used in Advanced Attacks

Data Breach Today

Advanced Hackers Continue to Linger in Breached Networks for Weeks or Months Many attackers continue to camp out in networks for months, conducting reconnaissance and stealing sensitive data before unleashing ransomware. Experts say many recent efforts trace to gangs wielding the RobbinHood, Valet Loader, NetWalker, PonyFinal, Maze and Sodinokibi strains of crypto-locking malware

Cybercriminals Are Exploiting the Covid-19 Pandemic

Adam Levin

Cybercriminals are actively targeting Covid-19 hotspots with malware and phishing campaigns, according to a new report from Bitdefender. The report, “ Coronavirus-themed Threat Reports Haven’t Flattened the Curve ,” shows a direct correlation between confirmed Covid-19 cases and malware attacks exploiting the crisis. These findings confirm a similar report that showed a 30000% increase in Covid-19-themed attacks from January to March.

SHARED INTEL: New book on cyber warfare foreshadows attacks on elections, remote workers

The Last Watchdog

It’s difficult to convey the scope and scale of cyber attacks that take place on a daily basis, much less connect the dots between them. Related: The Golden Age of cyber spying A new book by Dr. Chase Cunningham — Cyber Warfare – Truth, Tactics, and Strategies — accomplishes this in a compelling, accessible way. Cunningham has the boots-on-the-ground experience and storytelling chops to pull this off.

Pressure Points: How to Ensure Your B2B Pipeline Passes Inspection

This eBook highlights best practices for developing a pipeline management process that helps sales leaders and their team C.L.O.S.E (you’ll see what we mean in this eBook) more revenue through data-driven prospecting, stage analysis, and subsequent sales enablement.

Fake Microsoft Teams Emails Phish for Credentials

Dark Reading

Employees belonging to organizations in industries such as energy, retail, and hospitality have been recipients, Abnormal Security says

Phishing Campaigns Target Senior Executives via Office 365

Data Breach Today

Top Victims Include Financial Services and Law Firms, Group-IB Warns A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB. The campaign, which targets Office 365 users, appears to trace to attackers operating from Nigeria and South Africa

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22.

BEST PRACTICES: How testing for known memory vulnerabilities can strengthen DevSecOps

The Last Watchdog

DevOps wrought Uber and Netflix. In the very near future DevOps will help make driverless vehicles commonplace. Related: What’s driving ‘memory attacks’ Yet a funny thing has happened as DevOps – the philosophy of designing, prototyping, testing and delivering new software as fast as possible – has taken center stage. Software vulnerabilities have gone through the roof.

Marketing-Led Post-COVID-19 Growth Strategies

Businesses are laying off workers, shutting their doors (some permanently), and struggling to react to the radical destruction that coronavirus (COVID-19) is doing to our society and communities. Most have already sustained massive damage, and we still have yet to see the scope of impact of the global pandemic that has upended the globe. Any return to normalcy may seem far-off, but sales and marketing are on the front lines of restarting the economy. When the dust settles, we have a responsibility to turn our shock and grief into fierce determination, and lead the charge of responsible, strategic, sustainable future growth. However, there’s no team better suited to lead that charge than the marketing department. Marketers are uniquely positioned to provide creative solutions to aid their organization in times of change and chart a course for navigating success.

How Did Facebook Beat a Federal Wiretap Demand?

Schneier on Security

This is interesting : Facebook Inc. in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press.

Contact-Tracing App Privacy: Apple, Google Refuse to Budge

Data Breach Today

Germany Changes Tack to Decentralized Model; Some US States Seek More Control Apple and Google have promised to help facilitate contact-tracing apps, but they've rejected calls to give users' location data to governments, as the U.K., France and some U.S. states are demanding. In response, Germany is among those now backing a privacy-preserving, decentralized model

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

The Israeli authorities are alerting organizations in the water industry following a series of cyberattacks that hit water facilities in the country. The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks that targeted the water facilities.