Sat.Oct 03, 2020 - Fri.Oct 09, 2020

A Dangerous Year in America Enters Its Most Dangerous Month

WIRED Threat Level

Seven distinct factors between now and the election threaten to combine, compound, and reinforce each other in unpredictable ways. Security Security / National Security

IT 98

Your cyber security risk mitigation checklist

IT Governance

Are you trying to figure out the best way to protect your organisation from cyber attacks and data breaches? It can be tricky to know where to begin, which is why our Cyber Security Risk Scorecard contains a simple guide to help you secure your systems.

Risk 92

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

'Virtual Cyber Carnival' Kicks off Cybersecurity Awareness Month

Dark Reading

A new initiative will run throughout the month of October, invites the general public to play cybersecurity games (and win fabulous prizes

Clothing Retailer H&M Told to Wear $41 Million GDPR Fine

Data Breach Today

Employee Surveillance Violations Trigger Germany's Biggest Privacy Fine to Date Privacy regulators in Germany have slammed clothing retailer H&M with a $41 million fine for collecting and retaining private employee data in violation of the EU's General Data Protection Regulation.

Retail 269

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Report: U.S. Cyber Command Behind Trickbot Tricks

Krebs on Security

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet , a malware crime machine that has infected millions of computers and is often used to spread ransomware.

More Trending

Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective

Dark Reading

In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works

Risk 109

CISA Warns of Emotet Attacks Against Government Agencies

Data Breach Today

Botnet Called 'One of the Most Prevalent Ongoing Threats' The U.S. Cybersecurity and Infrastructure Security Agency is warning about a recent spike in Emotet botnet attacks - designed to spread other malware - that are targeting state and local government agencies

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.”

Revise the GDPR

Data Protector

GDPR 156

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea.

Roger Severino, Lead HIPAA Enforcer, on Fighting Hackers

Data Breach Today

In an exclusive interview, Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA, spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents

Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M

Krebs on Security

September featured two stories on a phony tech investor named John Bernard , a pseudonym used by a convicted thief named John Clifton Davies who’s fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments.

Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce

Dark Reading

Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Hackers stole a six-figure amount from Swiss universities

Security Affairs

Threat actors have hacked at least three Swiss universities, including the University of Basel and managed to drain employee salary transfers. Threat actors have managed to steal employee salary payments at several Swiss universities, including the University of Basel.

DHS: Russia Poses Greatest Threat to Election

Data Breach Today

Yet Another Report Warns of Nation-State Influence Operations In the latest in a series of election security reports from government agencies, the U.S. Department of Homeland Security says Russia poses the most serious nation-state disruption threat to the U.S.

Android Ransomware Has Picked Up Some Foreboding New Tricks

WIRED Threat Level

While it's still far more common on PCs, mobile ransomware has undergone a worrying evolution, new research shows. Security Security / Security News

New Privacy Features in iOS 14

Schneier on Security

A good rundown. Uncategorized Apple iOS privacy security engineering

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Visa shares details for two attacks on North American hospitality merchants

Security Affairs

Visa revealed that two unnamed North American hospitality merchants have been infected with some strains of point-of-sale (POS) malware.

Sales 103

Industrial Espionage Campaign Uncovered

Data Breach Today

Kaspersky: 'MontysThree' Uses Detection Evasion Techniques A hacking group is taking aim at industrial targets in an ongoing cyberespionage campaign, security firm Kaspersky reports. The group, dubbed "MontysThree," uses a variety of techniques, including steganography, to avoid detection

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware

WIRED Threat Level

The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy. Security Security / Cyberattacks and Hacks

IT 92

Swiss-Swedish Diplomatic Row Over Crypto AG

Schneier on Security

Previously I have written about the Swedish-owned Swiss-based cryptographic hardware company: Crypto AG. It was a CIA-owned Cold War operation for decades. Today it is called Crypto International , still based in Switzerland but owned by a Swedish company.

IT 92

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

University Hospital New Jersey paid a $670K ransom

Security Affairs

University Hospital New Jersey paid a $670,000 ransom this month to prevent the leak of 240 GB of stolen data, including patient information.

Fresh Wave of Phishing Emails Use Election as a Lure

Data Breach Today

Proofpoint and KnowBe4 Spot Malicious Messages Disguised as Political Announcements Security researchers are warning of a fresh wave of phishing emails with election-related lures that are designed to get users to click, opening the door to spreading the Emotet botnet or harvesting users' credentials.

Open Source Threat Intelligence Searches for Sustainable Communities

Dark Reading

As long as a community is strong, so will be the intelligence it shares on open source feeds. But if that community breaks down

IT 88

How to Improve SD-WAN Security

eSecurity Planet

Your SD-WAN solution comes with built-in security, but it's likely not enough to meet enterprise security requirements. Here are some next steps

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

The CISA agency is warning of a surge in Emotet attacks targeting multiple state and local governments in the US since August.

Cisco's $2.6 Billion Network Security Patent Infringement

Data Breach Today

Judge Says Cisco's Own Documents Showed It Infringed on 4 Centripetal Networks Patents Why did Cisco, one of the world's largest and most successful networking companies, have to pay more than $2.6 billion in damages?

On Risk-Based Authentication

Schneier on Security

Interesting usability study: “ More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication.