Sat.Nov 07, 2020 - Fri.Nov 13, 2020

Probing Marriott's Mega-Breach: 9 Cybersecurity Takeaways

Data Breach Today

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

9 New Tactics to Spread Security Awareness

Dark Reading

Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages.

IoT 167

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

How a Game Developer Leaked 46 Million Accounts

Data Breach Today

WildWorks Data Breach Shows Danger of Sharing Sensitive Keys Over Chat Chat and collaboration software tools such as Slack are critical for software development teams.

More Trending

The EU’s draft Data Governance Act: an own goal?

Data Protector

The EU’s draft Data Governance Act is designed to facilitate the greater sharing of non-Personal data within the EU. Such big data ought to provide new insights and benefit the lives of EU citizens, the EU thinking goes.

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Related: CEOs quit Tweeting to protect their companies A confluence of technical and social developments points to username-and-password logons becoming obsolete over the next few years.

FTC Settlement With Zoom Sets Security Requirements

Data Breach Today

Agency Requires Comprehensive Security Program As part of a settlement of allegations that Zoom "engaged in a series of deceptive and unfair practices that undermined the security of its users," the U.S.

Patch Tuesday, November 2020 Edition

Krebs on Security

Adobe and Microsoft each issued a bevy of updates today to plug critical security holes in their software. Microsoft’s release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users.

IT 181

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

2020 Was a Secure Election

Schneier on Security

Over at Lawfare: “ 2020 Is An Election Security Success Story (So Far).” ” What’s more, the voting itself was remarkably smooth.

Manufacturing Sees Rising Ransomware Threat

Dark Reading

Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats

IRS Domain Spoofed in Fraud Campaign

Data Breach Today

Researchers Say Scammers Use Social Engineering Strategies A recently uncovered phishing campaign is using a spoofed U.S.

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike

Security Affairs

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

The Security Failures of Online Exam Proctoring

Schneier on Security

Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them.

Data Privacy Gets Solid Upgrade With Early Adopters

Dark Reading

The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Lee, which gives users more control of their data

Banking Trojan Can Spy on Over 150 Financial Apps

Data Breach Today

Kaspersky: Ghimob Malware Started in Brazil But Is Spreading A recently uncovered banking Trojan targeting Android devices can spy on over 150 apps, including those of banks, cryptocurrency exchanges and fintech firms, as a way to gather credentials and other data, according to an analysis by security firm Kaspersky.

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

Many popular OS and applications have been hacked during this year’s edition of the Tianfu Cup hacking competition.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

The Scammer Who Wanted to Save His Country

WIRED Threat Level

Last fall, a hacker gave Glenn Greenwald a trove of damning messages between Brazil’s leaders. Some suspected the Russians. The truth was far less boring. Security Security / Cyberattacks and Hacks Backchannel

Want to Avoid an Extreme Cyberloss? Focus on the Basics

Dark Reading

New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events

105
105

Tom Kellermann: Post-Election Security Analysis

Data Breach Today

Cybersecurity Strategist Warns of Pre-Inauguration Nation-State Strikes The good news: U.S. election security measures seem to have worked. The bad news: Disinformation and misinformation campaigns continue.

Breached Mashable User Database Leaked Online

Adam Levin

The personal information of technology and culture website Mashable.com users has been discovered in a leaked database online. Mashable announced the leak late November 8, in an announcement on its website. “[W]e

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

New Zealand Election Fraud

Schneier on Security

It seems that this election season has not gone without fraud.

IT 95

Three APT groups have targeted at least seven COVID-19 vaccine makers

Security Affairs

At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns. Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments.

APT Groups Target Firms Working on COVID-19 Vaccines

Data Breach Today

Microsoft Says Attacks on Seven Companies Blocked Three state-sponsored advanced persistent threat groups - one Russian, two North Korean - have been targeting companies across the globe involved with COVID-19 vaccine and treatment development, Microsoft says

224
224

The Double-Edged Sword of Cybersecurity Insurance

Dark Reading

With ransomware on the rise, more organizations are opting to purchase cyber insurance -- tipping off criminals about how much to demand for access back to pilfered systems and data

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

What’s new in OpenText Life Sciences Smart View 20.4

OpenText Information Management

With the shift to remote work environments, Life Sciences organizations need a way to provide their workers with secure and compliant access to highly regulated content that is stored on-premises.

Costaricto APT: Cyber mercenaries use previously undocumented malware

Security Affairs

CostaRicto APT is targeting South Asian financial institutions and global entertainment companies with undocumented malware.

Biden's Cybersecurity Mission: Regain Momentum

Data Breach Today

Experts Say Cybersecurity Will Be a Higher Priority Cybersecurity is poised to become a higher White House priority when President-elect Joe Biden takes office. And he's expected to renew key international relationships needed in the fight against cyberattacks