Sat.May 02, 2020 - Fri.May 08, 2020

2020 Cyber Threats, Trends and Attacks

Data Breach Today

What You Don't See Now, Can Hurt You Later

186
186

Executive Order's Focus: Protecting Power Grid Supply Chain

Data Breach Today

Trump Bans Use of Foreign Equipment That Poses 'National Security Threat' Declaring that threats to the United States' power grid are a national emergency, President Donald Trump is taking steps designed to help defend the grid from foreign interference by focusing on the supply chain

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The World Needs Hope

Adam Shostack

A New Hope, even! Happy Star Wars Day! Star Wars

52

iOS XML Bug

Schneier on Security

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza's explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists , and Plists are used everywhere in iOS (and MacOS).

ABCs of Data Normalization for B2B Marketers

Data normalization. It’s not a far stretch to suggest that the topic isn’t exactly what gets marketers excited in their day-to-day workflow. However, if lead generation, reporting, and measuring ROI is important to your marketing team, then data normalization matters - a lot. In this eBook, we’ll break down the ins and outs of data normalization and review why it’s so critical for your marketing strategies and goals!

Zoom Installers Used to Spread WebMonitor RAT

Dark Reading

Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play

109
109

More Trending

Kaiji Botnet Targets Linux Servers, IoT Devices

Data Breach Today

Researchers: Malware Is Capable of Launching DDoS Attacks Kaiji, a newly discovered botnet, is compromising Linux servers and IoT devices using brute-force methods that target the SSH protocol, according to the security firm Intezer. The botnet has the capability to launch DDoS attacks

IoT 189

Nintendo Source Code for N64, Wii and GameCube Leaked

Data Breach Today

Nintendo Was Likely Anticipating the Dump After 2018 Intrusion Gamers are poring over a massive leak of Nintendo data, including source code for older gaming systems, prototypes of games and extensive software and hardware documentation.

177
177

Analysis: The Contact-Tracing Conundrum

Data Breach Today

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing

Google Android RCE Bug Allows Attacker Full Device Access

Threatpost

The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week. Mobile Security Vulnerabilities Android apple contact tracing CVE-2020-0103 google google play malware mobile apps patch remote code execution Security vulnerability

Access 105

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Google and Apple Reveal How Covid-19 Alert Apps Might Look

WIRED Threat Level

As contact tracing plans firm up, the tech giants are sharing new details for their framework—and a potential app interface. Security Security / Privacy

The Price of Fame? Celebrities Face Unique Hacking Threats

Dark Reading

Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows

93

Expert released PoC exploit for CVE-2020-1967 DoS flaw in OpenSSL

Security Affairs

A proof-of-concept (PoC) exploit for the recently fixed CVE-2020-1967 denial-of-service (DoS) issue in OpenSSL has been made public.

LockBit Is the New Ransomware for Hire

WIRED Threat Level

A recent infection, which managed to plunder a company's network within hours, demonstrates why the malware has become so prevalent. Security Security / Cyberattacks and Hacks

The 2019 Technographic Data Report for B2B Sales Organizations

In this report, ZoomInfo substantiates the assertion that technographic data is a vital resource for sales teams. In fact, the majority of respondents agree—with 72.3% reporting that technographic data is either somewhat important or very important to their organization. The reason for this is simple—sales teams value technographic data because it makes essential selling activities easier and more efficient.

FINRA Warns of Phishing Emails Targeting Members

Data Breach Today

Campaign Designed to Harvest Credentials of Financial Industry Regulatory Authority Members The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S.,

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware

Krebs on Security

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks.

IoT 113

Malicious Bots Infiltrate Online Food Delivery

Dark Reading

With grocery delivery in higher demand than ever, new add-ons have emerged to secure slots for consumers, presenting a new pathway for bad bots to wreak havoc

The Time-Saving Power of Intent Data for Sales

By using the power of intent data, capturing buyer interest has become more feasible for sales. Not only that, but using it will save immense time during your workflow; a win-win on all fronts.

GoDaddy Confirms Breach Affecting 28,000 Accounts: Report

Data Breach Today

Unauthorized Individual' Accessed SSH File, Company Says Web hosting giant GoDaddy confirms that a data breach has affected about 28,000 of its customers' web hosting accounts, according to a news report.

Tech Support Scam Uses Child Porn Warning

Krebs on Security

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography.

Access 212

GoDaddy discloses a data breach, web hosting account credentials exposed

Security Affairs

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials.

Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance

Schneier on Security

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s.

Paper 109

How ZoomInfo Enhances Your Database Management Strategy

Forward-thinking marketing organizations have continuously invested in a database strategy for enabling marketing processes. Download this ebook to learn how to maintain a strategy that includes refreshed information, database cleanses, and an accurate analysis at the same time.

Alert: APT Groups Targeting COVID-19 Researchers

Data Breach Today

Password-Spraying' Campaigns Aimed at Stealing Research Data, US and UK Authorities Warn Authorities in the U.S. and U.K.

Meant to Combat ID Theft, Unemployment Benefits Letter Prompts ID Theft Worries

Krebs on Security

Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank , a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states.

Fake Microsoft Teams notifications aim at stealing Office365 logins

Security Affairs

Phishing attacks impersonating notifications from Microsoft Teams targeted as many as 50,000 Teams users to steal Office365 logins.

Is CVSS the Right Standard for Prioritization?

Dark Reading

More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number

IT 107

How ZoomInfo Enhances Your ABM Strategy

For marketing teams to develop a successful account-based marketing strategy, they need to ensure good data is housed within its Customer Relationship Management (CRM) software. More specifically, updated data can help organizations outline key accounts for their campaigns. And to begin the targeting process, marketing teams must develop an Ideal Customer Profile (ICP) with appropriate firmographic and behavioral data to ensure they’re going after the correct audience.Download this eBook to learn how to start improving your marketing team's data!

Latest Phishing Campaign Spoofs Microsoft Teams Messages

Data Breach Today

Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.

Defcon Is Canceled

WIRED Threat Level

For real this time. Its sister conference, Black Hat, has also been called off. Security Security / Security News

IT 103

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

Since the end of April 2020, a new trojan has been affecting Portuguese users from several bank organizations. The modus operandi of this piece of malware is not new in Portugal.