Sat.Jun 20, 2020 - Fri.Jun 26, 2020

Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Dark Reading

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them

Average Cost of a Data Breach: $116M

Dark Reading

Sensitivity of customer information and time-to-detection determine financial blowback of cybersecurity breaches

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

5 Steps for Implementing Multicloud Identity

Dark Reading

Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations

Cloud 69

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Krebs on Security

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “ BlueLeaks ” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Nephilim Ransomware Gang Tied to Citrix Gateway Hacks

Data Breach Today

Campaign Targets Unpatched Software and Weak Authentication, Defenders Warn Hackers wielding Nefilim ransomware are targeting unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware and threatening to dump data to try to force payment, New Zealand's national computer emergency response team warns

More Trending

COVID-19 Risks of Flying

Schneier on Security

I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It's been 105 days since I've been on an airplane -- longer than any other time in my adult life -- and I have no future flights scheduled. This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying. We know a lot more about how COVID-19 spreads than we did in March.

Risk 87

New Charges, Sentencing in Satori IoT Botnet Conspiracy

Krebs on Security

The U.S. Justice Department today criminally charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced today to drug treatment and 18 months community confinement for his admitted role in the botnet conspiracy.

IoT 145

US Now Accuses Assange of Conspiring With Hacking Groups

Data Breach Today

Superseding Indictment Expands Scope of Case, But Doesn't Add Charges The U.S Department of Justice unsealed a superseding indictment against WikiLeaks founder Julian Assange that expands the scope of the government's case against him. Federal prosecutors now allege that Assange conspired with the Anonymous and LulzSec groups to obtain classified information to publish

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

Ransomware is undoubtedly one of the most unnerving phenomena in the cyber threat landscape. Numerous strains of this destructive code have been the front-page news in global computer security chronicles for almost a decade now, with jaw-dropping ups and dramatic downs accompanying its progress. Related: What local government can do to repel ransomware Ransomware came into existence in 1989 as a primitive program dubbed the AIDS Trojan that was spreading via 5.25-inch diskettes.

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Anonymous Stole and Leaked a Megatrove of Police Documents

WIRED Threat Level

The so-called BlueLeaks collection includes internal memos, financial records, and more from over 200 state, local, and federal agencies. Security Security / Cyberattacks and Hacks

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Schneier on Security

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30.

IT 87

Payment Card Skimmer Attacks Hit 8 Cities

Data Breach Today

Trend Micro: 5 of the Cities Had Previously Been Victims of Magecart-Style Attacks Eight U.S. cities recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms, according to Trend Micro, which says five of those cities had already been victims of similar Magecart-style attacks in recent years

Sales 181

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted. Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. The malicious Chrome browser extensions were discovered by researchers from Awake Security that shared their findings with Google.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Cloud Threats and Priorities as We Head Into the Second Half of 2020

Dark Reading

With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free

Cloud 84

Analyzing IoT Security Best Practices

Schneier on Security

New research: " Best Practices for IoT Security: What Does That Even Mean? " by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices.

IoT 85

Separate Phishing Attacks Target Wells Fargo, BofA Customers

Data Breach Today

Researchers: Fraudsters Using Various Methods to Steal Credentials Researchers at two security firms are tracking separate phishing campaigns that are targeting customers of Wells Fargo and Bank of America, according to reports. In each case, the fraudsters are attempting to steal users' credentials using various methods and lures

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

Researchers at Amnesty International collected evidence that a Moroccan journalist was targeted with network injection attacks using NSO Group ‘s spyware. In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

5 New InfoSec Job Training Trends: What We're Studying During COVID-19

Dark Reading

With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not

The Unintended Harms of Cybersecurity

Schneier on Security

Interesting research: " Identifying Unintended Harms of Cybersecurity Countermeasures ": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed.

Breach Notification Delay: A Step-by-Step Timeline

Data Breach Today

Senior Care Facility Operator Describes Investigation Why are some breach notifications delayed for months? This week, a company that operates senior care facilities in North Carolina and South Carolina issued a statement offering a step-by-step explanation

170
170

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

A man accused to have developed distributed denial of service (DDoS) botnets based on the Mirai botnet was sentenced to 13 months in federal prison. Kenneth Currin Schuchman, 22, of Vancouver, Washington, was sentenced to 13 months in federal prison because it has developed distributed denial of service (DDoS) botnets based on the source code of Mirai botnet.

IoT 84

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Major US Companies Targeted in New Ransomware Campaign

Dark Reading

Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec

I think, therefore I modernize: introducing Enterprise Suite 6.0

Micro Focus

I need to change – IT needs to change Rapid and large-scale IT change is a very costly exercise. Worse still, it is fraught with risk, the IT world beset with uncomfortable stories of failed transformational programs. CIOs can ill-afford such risk. By reusing valuable, trusted core applications and data, a smarter approach is available. View Article.

Risk 76

Ransomware Attacks in Healthcare: Are We Seeing a Surge?

Data Breach Today

New Risks Could Emerge as More Practices Reopen Four recent cybersecurity incidents that may have involved ransomware demonstrate the ongoing threats facing the sector during the COVID-19 pandemic. They also serve as a warning that extra watchfulness is needed as physicians reopen their clinics

New Zealand freezes assets of Russian cyber criminal Alexander Vinnik

Security Affairs

New Zealand police had frozen NZ$140 million (US$90 million) in assets linked to a Russian cyber criminal. New Zealand police announced that they had frozen NZ$140 million (US$90 million) in assets linked to the Russian nation Alexander Vinnik. Alexander Vinnik is currently in France to face a charge of money laundering for organised crime using crypto-currency.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Long-Term Effects of COVID-19 on the Cybersecurity Industry

Dark Reading

The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility

An Embattled Group of Leakers Picks Up the WikiLeaks Mantle

WIRED Threat Level

After releasing over a million hacked law enforcement files, DDoSecrets got banned from Twitter. But it has no plans to slow down. Security Security / Security News

IT 76

Hacker Group Stole $200 Million From Cryptocurrency Exchanges

Data Breach Today

Researchers: 'CryptoCore' Group Used Spear-Phishing Emails to Lure Victims A hacking group dubbed CryptoCore has stolen more than $200 million in virtual currency from several cryptocurrency exchanges over the past two years, the security firm ClearSky Cyber Security reports