Sat.Jul 18, 2020 - Fri.Jul 24, 2020

Twitter Hacking for Profit and the LoLs

Krebs on Security

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter.

Mining 216

Rise of the Robots: How You Should Secure RPA

Dark Reading

Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to Check Your Devices for Stalkerware

WIRED Threat Level

You deserve privacy. Here's how to check your phone, laptop, and online accounts to make sure no one's looking over your shoulder. Security Security / Privacy Security / Security Advice

Emotet Botnet Returns After Months-Long Hiatus

Data Breach Today

Security Researchers Detect New Spam Campaigns in US and UK After a nearly six-month hiatus, the Emotet botnet has sprung back to life with a spam campaign targeting the U.S. and U.K., according to multiple security research reports.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Thinking of a Cybersecurity Career? Read This

Krebs on Security

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills.

More Trending

Lending Privilege – how can we do more to lift one another up and create a more inclusive workplace?

Micro Focus

The story continues Our INSPIRE podcast journey just keeps on getting better. Hot on the heels of our podcast with June Manley, founder of F4, I am super excited to introduce podcast number four in our INSPIRE series with Anjuan Simmons.

114
114

DOJ: Chinese Hackers Targeted COVID-19 Vaccine Research

Data Breach Today

2 Indicted for Theft of a Broad Range of Intellectual Property in US and Elsewhere The U.S. Department of Justice has charged two Chinese nationals with hacking into the systems of hundreds of organizations in the U.S. and abroad.

239
239

NY Charges First American Financial for Massive Data Leak

Krebs on Security

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003.

Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc

The Last Watchdog

Cloud migration, obviously, is here to stay. Related: Threat actors add ‘human touch’ to hacks To be sure, enterprises continue to rely heavily on their legacy, on-premises datacenters. But there’s no doubt that the exodus to a much greater dependency on hybrid cloud and multi-cloud resources – Infrastructure-as-a-Service ( IaaS ) and Platforms-as-a-Service ( PaaS ) – is in full swing.

Cloud 124

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Garmin shut down its services after an alleged ransomware attack

Security Affairs

Smartwatch and wearable device maker Garmin had to shut down some of its connected services and call centers following a ransomware attack.

NSA, CISA Warn of Threats to US Critical Infrastructure

Data Breach Today

Remote Access by Decentralized Workforce Creates Risks The NSA and CISA issued a joint warning that U.S. critical infrastructure is increasingly becoming a hacking target and organizations need to guard against attacks.

Risk 236

Russia's GRU Hackers Hit US Government and Energy Targets

WIRED Threat Level

A previously unreported Fancy Bear campaign persisted for well over a year—and indicates that the notorious group has broadened its focus. Security Security / Cyberattacks and Hacks

Hacking a Power Supply

Schneier on Security

This hack targets the firmware on modern power supplies. Yes, power supplies are also computers.).

Paper 110

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

REVil ransomware infected 18,000 computers at Telecom Argentina

Security Affairs

Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend. Telecom Argentina , one of the largest internet service providers in Argentina, was hit by a ransomware attack.

Garmin Tight-Lipped About Cause of Outage

Data Breach Today

Some Employees Reportedly Say Ransomware Likely Involved Garmin has not yet announced what caused an outage of its Garmin Connect fitness tracking service as well as its website. But some employees reportedly are attributing the outage to ransomware

Twitter Cracks Down on QAnon. Your Move, Facebook

WIRED Threat Level

Twitter's new policy won't make the conspiracy group disappear. But experts say it could dramatically reduce its ability to spread. Security Security / National Security

IT 113

Email Security Features Fail to Prevent Phishable 'From' Addresses

Dark Reading

The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Diebold Nixdorf warns of a wave of ATM black box attacks across Europe

Security Affairs

ATM maker Diebold Nixdorf is warning banks a new ATM black box attack technique that was recently employed in cyber thefts in Europe. Black box attacks are a type of jackpotting attack aimed at forcing an ATM to dispense the cash by sending a command through a “black box” device.

Twitter Hijackers Used Well-Honed Fraudster Playbook

Data Breach Today

Customer Service Representatives Have Long Been Targeted for Account Takeovers The hijacking of 130 Twitter accounts last week is extraordinary in perhaps one particular aspect: Why didn't it happen sooner?

IT 206

Fawkes: Digital Image Cloaking

Schneier on Security

Fawkes is a system for manipulating digital images so that they aren't recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking.

Paper 104

A Hidden Risk for Domestic Violence Victims: Family Phone Plans

WIRED Threat Level

Abusers can use shared accounts to stalk and harass victims, and plans aren’t always easy to escape. Security Security / Privacy

Risk 99

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Spanish state-owned railway infrastructure manager ADIF infected with ransomware

Security Affairs

ADIF, a Spanish state-owned railway infrastructure manager under the responsibility of the Ministry of Development, was hit by REVil ransomware operators.

China-Backed APT Group Reportedly Targets India, Hong Kong

Data Breach Today

Researchers: Recently Uncovered Hacking Group Has Been Operating Since 2014 An hacking group that appears to have ties to the government of China has been targeting victims in India and Hong Kong, according to the security firm Malwarebytes

Update on NIST's Post-Quantum Cryptography Program

Schneier on Security

Common Problems with Content Migrations

AIIM

The international standard on records management, ISO 15489 defines migration as the: "Act of moving records from one system to another, while maintaining the records' authenticity, integrity, reliability, and usability.". But, migration is much broader than just records.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Tedrade banking malware families target users worldwide

Security Affairs

The Tetrade term coined by Kaspersky experts to refer four large banking trojan families developed and spread by Brazilian crooks worldwide.

Battling ID Fraud With Behavioral Biometrics

Data Breach Today

Javelin's John Buzzard on Spotting Patterns of Fraud Continuous authentication can play a key role in combating fraud, says John Buzzard, lead fraud and security analyst at Javelin Strategy and Research, who discusses the role of behavioral biometrics

Adversarial Machine Learning and the CFAA

Schneier on Security

I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities.

Paper 100