Sat.May 02, 2020 - Fri.May 08, 2020

2020 Cyber Threats, Trends and Attacks

Data Breach Today

What You Don't See Now, Can Hurt You Later

142
142

Executive Order's Focus: Protecting Power Grid Supply Chain

Data Breach Today

Trump Bans Use of Foreign Equipment That Poses 'National Security Threat' Declaring that threats to the United States' power grid are a national emergency, President Donald Trump is taking steps designed to help defend the grid from foreign interference by focusing on the supply chain

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The World Needs Hope

Adam Shostack

A New Hope, even! Happy Star Wars Day! Star Wars

40

iOS XML Bug

Schneier on Security

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza's explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists , and Plists are used everywhere in iOS (and MacOS). iOS's sandboxing system depends upon three different XML parsers, which interpret slightly invalid XML input in slightly different ways.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Zoom Installers Used to Spread WebMonitor RAT

Dark Reading

Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play

77

More Trending

Kaiji Botnet Targets Linux Servers, IoT Devices

Data Breach Today

Researchers: Malware Is Capable of Launching DDoS Attacks Kaiji, a newly discovered botnet, is compromising Linux servers and IoT devices using brute-force methods that target the SSH protocol, according to the security firm Intezer. The botnet has the capability to launch DDoS attacks

IoT 144

Nintendo Source Code for N64, Wii and GameCube Leaked

Data Breach Today

Nintendo Was Likely Anticipating the Dump After 2018 Intrusion Gamers are poring over a massive leak of Nintendo data, including source code for older gaming systems, prototypes of games and extensive software and hardware documentation. The data likely dates from a 2018 network intrusion at Nintendo

135
135

Analysis: The Contact-Tracing Conundrum

Data Breach Today

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing

Google Android RCE Bug Allows Attacker Full Device Access

Threatpost

The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week. Mobile Security Vulnerabilities Android apple contact tracing CVE-2020-0103 google google play malware mobile apps patch remote code execution Security vulnerability

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Google and Apple Reveal How Covid-19 Alert Apps Might Look

WIRED Threat Level

As contact tracing plans firm up, the tech giants are sharing new details for their framework—and a potential app interface. Security Security / Privacy

The Price of Fame? Celebrities Face Unique Hacking Threats

Dark Reading

Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows

66

Expert released PoC exploit for CVE-2020-1967 DoS flaw in OpenSSL

Security Affairs

A proof-of-concept (PoC) exploit for the recently fixed CVE-2020-1967 denial-of-service (DoS) issue in OpenSSL has been made public. Recently, the OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967 , that can be exploited by attackers to launch denial-of-service (DoS) attacks.

LockBit Is the New Ransomware for Hire

WIRED Threat Level

A recent infection, which managed to plunder a company's network within hours, demonstrates why the malware has become so prevalent. Security Security / Cyberattacks and Hacks

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

FINRA Warns of Phishing Emails Targeting Members

Data Breach Today

Campaign Designed to Harvest Credentials of Financial Industry Regulatory Authority Members The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., warns that a "widespread, ongoing" phishing campaign is targeting its members

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware

Krebs on Security

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues.

Denmark, Sweden, Germany, the Netherlands and France SIGINT Alliance

Schneier on Security

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name Maximator and provides documentary evidence. The five members of this European alliance are Denmark, Sweden, Germany, the Netherlands, and France.

Paper 87

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. The malicious code was designed to target Linux-based servers and Internet of Things (IoT) devices and use them as part of a DDoS botnet.

IoT 85

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

GoDaddy Confirms Breach Affecting 28,000 Accounts: Report

Data Breach Today

Unauthorized Individual' Accessed SSH File, Company Says Web hosting giant GoDaddy confirms that a data breach has affected about 28,000 of its customers' web hosting accounts, according to a news report. The company has reset passwords and usernames for some customers as a precaution, although it says no data appears to have been altered

Meant to Combat ID Theft, Unemployment Benefits Letter Prompts ID Theft Worries

Krebs on Security

Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank , a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states. Some of these unemployment applications will trigger an automatic letter from U.S. Bank to the applicant. The letters are intended to prevent identity theft, but many people are mistaking these vague missives for a notification that someone has hijacked their identity.

Malware in Google Apps

Schneier on Security

Interesting story of malware hidden in Google Apps. This particular campaign is tied to the government of Vietnam. At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India.

Fake Microsoft Teams notifications aim at stealing Office365 logins

Security Affairs

Phishing attacks impersonating notifications from Microsoft Teams targeted as many as 50,000 Teams users to steal Office365 logins. Abnormal Security experts observed two separate phishing attacks impersonating notifications from Microsoft Teams that targeted as many as 50,000 Teams users to steal Office365 logins. The popularity of Microsoft Teams has spiked as a result of the smart working adopted by many organizations due to the COVID-19 pandemic.

Pressure Points: How to Ensure Your B2B Pipeline Passes Inspection

This eBook highlights best practices for developing a pipeline management process that helps sales leaders and their team C.L.O.S.E (you’ll see what we mean in this eBook) more revenue through data-driven prospecting, stage analysis, and subsequent sales enablement.

Alert: APT Groups Targeting COVID-19 Researchers

Data Breach Today

Password-Spraying' Campaigns Aimed at Stealing Research Data, US and UK Authorities Warn Authorities in the U.S. and U.K. are warning medical institutions, pharmaceutical companies, universities and others about "password-spraying campaigns" by advance persistent threat groups seeking to steal COVID-19 research data. Security experts outline defensive steps that organizations can take

Malicious Use of AI Poses a Real Cybersecurity Threat

Dark Reading

We should prepare for a future in which artificially intelligent cyberattacks become more common

Used Tesla Components Contain Personal Information

Schneier on Security

Used Tesla components, sold on eBay, still contain personal information , even after a factory reset. This is a decades-old problem. It's a problem with used hard drives. It's a problem with used photocopiers and printers. It will be a problem with IoT devices. It'll be a problem with everything, until we decide that data deletion is a priority. cars dataloss dataretention hardware identification internetofthings leaks

IoT 84

Defcon Is Canceled

WIRED Threat Level

For real this time. Its sister conference, Black Hat, has also been called off. Security Security / Security News

IT 83

Marketing-Led Post-COVID-19 Growth Strategies

Businesses are laying off workers, shutting their doors (some permanently), and struggling to react to the radical destruction that coronavirus (COVID-19) is doing to our society and communities. Most have already sustained massive damage, and we still have yet to see the scope of impact of the global pandemic that has upended the globe. Any return to normalcy may seem far-off, but sales and marketing are on the front lines of restarting the economy. When the dust settles, we have a responsibility to turn our shock and grief into fierce determination, and lead the charge of responsible, strategic, sustainable future growth. However, there’s no team better suited to lead that charge than the marketing department. Marketers are uniquely positioned to provide creative solutions to aid their organization in times of change and chart a course for navigating success.

Latest Phishing Campaign Spoofs Microsoft Teams Messages

Data Breach Today

Fraudsters Look to Harvest Office 365 Credentials From At-Home Employees A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security

GoDaddy discloses a data breach, web hosting account credentials exposed

Security Affairs

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials. Headquartered in Scottsdale, Arizona, the Internet domain registrar and web hosting company claims to have over 19 million customers worldwide.

Maze Ransomware Operators Step Up Their Game

Dark Reading

Investigations show Maze ransomware operators leave "nothing to chance" when putting pressure on victims to pay