Sat.Oct 31, 2020 - Fri.Nov 06, 2020

Zoom Snooping: How Body Language Can Spill Your Password

Threatpost

Researchers figure out how to read what people are typing during a Zoom call using shoulder movements. Hacks Privacy blurring Cisco WebEx Hangouts keystroke keystroke inference pixilation Side-channel attack skype video conferencing video security zoom

Beware a New Google Drive Scam Landing in Inboxes

WIRED Threat Level

Scammers are luring people into Google Docs in an attempt to get them to visit potentially malicious websites. Security Security / Security Advice

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

List of data breaches and cyber attacks in October 2020 – 18.4 million records breached

IT Governance

With 117 publicly reported security incidents, October 2020 is the leakiest month we’ve ever recorded. The good news is that those data breaches and cyber attacks accounted for just 18,407,479 breached records.

Marriott Hit With $24 Million GDPR Privacy Fine Over Breach

Data Breach Today

Privacy Regulator in UK Cautions Organizations to Conduct Thorough Due Diligence Hotel giant Marriott has been hit with the second largest privacy fine in British history, after it failed to contain a massive, long-running data breach. But the final fine of $23.8

GDPR 275

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

More Trending

Determining What Video Conference Participants Are Typing from Watching Shoulder Movements

Schneier on Security

Accuracy isn’t great, but that it can be done at all is impressive. Murtuza Jadiwala, a computer science professor heading the research project, said his team was able to identify the contents of texts by examining body movement of the participants.

Paper 110

DOJ Seizes $1 Billion Worth of Bitcoin Linked to Silk Road

Data Breach Today

Prosecutors Says Stolen Cryptocurrency Tied to Mysterious Digital Wallet The U.S. Justice Department is looking to seize more than $1 billion worth of bitcoin that investigators have linked to the notorious Silk Road darknet marketplace.

254
254

Why Paying to Delete Stolen Data is Bonkers

Krebs on Security

Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted.

This Ballot-Count Livestream Is the Only Thing Worth Watching

WIRED Threat Level

Take a deep breath and enjoy democracy at work. Security Security / National Security

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Nuclear Regulation Authority shut down email systems after a cyber attack

Security Affairs

Japan’s Nuclear Regulation Authority (NRA) issued a warning of temporary suspension of its email systems, likely caused by a cyber attack. The Japan’s Nuclear Regulation Authority (NRA) temporarily suspended its email systems, the interruption is likely caused by a cyber attack.

Access 111

Additional Hacking Tools Tied to North Korean-Linked Group

Data Breach Today

Cybereason Finds Kimsuky Group Using Fresh Spying Tools, Infrastructure Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis.

233
233

Rising Ransomware Breaches Underscore Cybersecurity Failures

Dark Reading

Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone

Feds Seize $1 Billion in Stolen Silk Road Bitcoins

WIRED Threat Level

A hacker identified only as Individual X had been sitting on a cryptocurrency gold mine for seven years before the IRS came knocking. Security Security / Security News

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

VMware finally fixed the critical CVE-2020-3992 flaw in ESXi

Security Affairs

VMware has released new patches for ESXi after learning that a fix released in October for the critical CVE-2020-3992 flaw was incomplete.

Cloud 104

Post-Election Day: US on Guard for Hacking, Misinformation

Data Breach Today

Time is Ripe for Interference, But US Projects Confidence After weeks of rising anxiety, Election Day proceeded in the U.S. with no public indications of interference.

225
225

9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

Dark Reading

This year has been the ultimate test of business resilience, and if anything is now clear, it's this: It's time for security pros to rewrite their playbooks in preparation a more dangerous wave of attacks

IT 106

New Windows Zero-Day

Schneier on Security

Google’s Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver.

IT 98

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

A data breach broker is selling account databases of 17 companies

Security Affairs

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies.

Feds Release More Details on Emails Allegedly Sent By Iran

Data Breach Today

FBI, CISA Release IP Addresses And Other Technical Details Linked To Emails The FBI and CISA have released more technical details, including IOCs and IP addresses, which investigators say tie Iranian hackers to a series of threatening emails sent to some Democratic voters in the weeks leading up to the 2020 elections.

225
225

How Can I Help Remote Workers Secure Their Home Routers?

Dark Reading

The most effective way is with employee security education

Zoom Finally Has End-to-End Encryption. Here's How to Use It

WIRED Threat Level

You can lock down your meetings like never before—even if you have to give up a few features to do so. Security Security / Security Advice

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Maze ransomware is going out of the business

Security Affairs

The Maze ransomware operators are shutting down their operations for more than one year the appeared on the threat landscape in May 2019.

Rackspace Hosted Email Flaw Actively Exploited by Attackers

Data Breach Today

Fraudsters Have Been Using SMTP Multipass Flaw for Business Email Compromise Schemes Attackers have been actively exploiting a flaw in Rackspace's hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams, warns IT security testing consultancy 7 Elements.

Bug Bounty Hunters' Pro Tips on Chasing Vulns & Money

Dark Reading

From meditation to the right mindset, seasoned vulnerability researchers give their advice on how to maximize bug bounty profits and avoid burnout

98

Records Management Vs. Information Governance - It's AND not OR

AIIM

When the dominant terminologies to describe a problem change, there is often a corresponding confusion in the roles that individuals play.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Security Affairs

Cisco disclosed a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software and the availability of PoC exploit code.

Marriott and BA's Reduced Privacy Fines: GDPR Realpolitik

Data Breach Today

Final Fines Set Precedent, Avoid Court Cases, Likely Reflect EU Penalty Benchmarks Large, recently levied privacy fines against the likes of British Airways, H&M and Marriott show regulators continuing to bring the EU's General Data Protection Regulation to bear after businesses get breached.

GDPR 202

Microsoft & Others Catalog Threats to Machine Learning Systems

Dark Reading

Thirteen organizations worked together to create a dictionary of techniques used to attack ML models and warn that such malicious efforts will become more common

97