Sat.Jul 11, 2020 - Fri.Jul 17, 2020

Introducing the PhishingKitTracker

Security Affairs

Experts that want to to study phishing attack schema and Kit-composition can use the recently PhishingKitTracker, which is updated automatically. If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits. A phishing kit is not a phishing builder, but a real implementation (actually re-implementation) of a third party website built to lure your victim.

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Sales 176

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Malware Hidden in Chinese Tax Software

Data Breach Today

Researchers: 'GoldenHelper' Backdoor Designed to Access Corporate Networks Malware designed to provide backdoor access to corporate networks, gain administrative privileges and deliver additional payloads was hidden in tax software the Chinese government requires companies doing business in the nation to use, researchers at the security firm Trustwave report

Access 159

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

WIRED Threat Level

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting. Security Security / Security News

IT 87

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Who’s Behind Wednesday’s Epic Twitter Hack?

Krebs on Security

Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of this attack, and point to clues about who may have been behind it.

More Trending

US Secret Service Forms Cyber Fraud Task Force

Data Breach Today

Newly Formed Task Force Combines Electronic and Financial Crimes Units The U.S. Secret Service is combining its electronic and financial crimes units into a single task force that will focus on investigating cyber-related financial crimes such as BEC schemes and ransomware attacks. The move comes as lawmakers want the Secret Service to take a more active role in fighting cybercrime

Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

Security Affairs

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link]. I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun. “We are hacktivists, we usually hack for many various causes related to activism.”

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So if you’re a Windows (ab)user, it’s time once again to back up and patch up (preferably in that order).

Cryptocurrency Scam Spreads Across High-Profile Twitter Accounts

Dark Reading

Twitter accounts belonging to former president Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, and Bill Gates are among those hijacked in a massive cryptocurrency scam


Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Billing Vendor Breach Affects 275,000

Data Breach Today

Not Yet Clear How Many of Firm's Healthcare Clients Were Affected Some 275,000 individuals served by a variety of healthcare sector organizations had data exposed as a result of a breach at Houston-based billing and debt collection vendor Benefit Recovery Specialists Inc. A breach at another debt collection vendor last year wound up affecting more than 20 million individuals


Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries.

NSA on Securing VPNs

Schneier on Security

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and requires regular maintenance.

Cybersecurity Leaders: Invest In Your People

Dark Reading

Training, especially cross-training, is insanely powerful when team members are able to experience, train, and work together. It also builds trust

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

LiveAuctioneers Confirms Breach After Records Posted for Sale

Data Breach Today

CloudSEK: 3.4 Million Customers' Records Being Marketed on Darknet Auction website LiveAuctioneers has acknowledged that it sustained a data breach in June. The announcement came after threat intelligence firm CloudSEK reported that it discovered about 3.4 million LiveAutioneers customers' records had been posted for sale on a darknet forum

Sales 164

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. A credible actor is selling details of 142 million MGM hotel guests on the dark web , the news was reported in exclusive by ZDNet.

Sales 85

How Two-Factor Authentication Keeps Your Accounts Safe

WIRED Threat Level

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier. Security Security / Security Advice

99% of Websites at Risk of Attack Via JavaScript Plug-ins

Dark Reading

The average website includes content from 32 different third-party JavaScript programs, new study finds

Risk 85

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Several Prominent Twitter Accounts Hijacked in Crypto Scam

Data Breach Today

Joe Biden, Bill Gates, Barack Obama, Elon Musk Among Those Affected by Hacking Several prominent business executives and politicians, including Joe Biden, Elon Musk and Bill Gates, had their Twitter accounts hijacked in what appears to be a cryptocurrency scam, according to media reports. Some security experts believe that two-factor authentication protections failed

Enigma Machine for Sale

Schneier on Security

A four-rotor Enigma machine -- with rotors -- is up for auction. encryption enigma historyofcryptography historyofsecurity

Sales 82

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The US DHS CISA issued an emergency directive urging government agencies to patch the recently disclosed SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited.

Twitter Attack Raises Concerns Over its Internal Controls

Dark Reading

Attackers temporarily gained control of the accounts of Joe Biden, Barack Obama, Bill Gates, and others, to tweet a bitcoin scam

IT 83

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Brazilian Banking Trojans Spread to Other Nations

Data Breach Today

Kaspersky: Fraudsters Now Target North America, Europe, Latin America The operators behind a family of Brazilian banking Trojans are expanding their operations to other parts of Latin America as well as North America and Europe, according to Kaspersky. Some of these malware variants have been re-engineered to better avoid security tools

Twitter Hackers May Have Bribed an Insider

Schneier on Security

Motherboard is reporting that this week's Twitter hack involved a bribed insider. Twitter has denied it. I have been taking press calls all day about this. And while I know everyone wants to speculate about the details of the hack, we just don't know -- and probably won't for a couple of weeks. hacking insiders leaks socialmedia twitter

IT 81

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France. The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity. Orange S.A.

How Nanotechnology Will Disrupt Cybersecurity

Dark Reading

Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

The Insider Threat: A Growing Concern

Data Breach Today

Researcher Randy Trzeciak Analyzes the Latest Trends, Offers Fraud Detection Advice As companies lay off employees and deal with financial challenges during the COVID-19 pandemic, they're also facing an increase in the number of insider fraud incidents, says Randy Trzeciak, director of the National Insider Threat Center at Carnegie Mellon University, who offers fraud detection tips


Does TikTok Really Pose a Risk to US National Security?

WIRED Threat Level

Concerns about the Chinese government shouldn't be dismissed, experts say. But banning TikTok would be a drastic measure. Security Security / National Security

Risk 80

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. Google announced the update of its Google Ads Enabling Dishonest Behavior policy to “prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.”