Sat.Jul 04, 2020 - Fri.Jul 10, 2020

Ransomware + Exfiltration + Leaks = Data Breach

Data Breach Today

Data-Leaking Extortionists' Revised Playbook Goes Way Beyond Ransomware Ransomware-wielding attackers continue to pummel organizations. But labeling these as being just ransomware attacks often misses how much these incidents involve serious network intrusions, exfiltration of extensive amounts of data, data leaks and, as a result, reportable data breaches

Half a Million IoT Passwords Leaked

Schneier on Security

It is amazing that this sort of thing can still happen: the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long way to go to secure the IoT. dataloss internetofthings leaks passwords

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Traffic Analysis of Home Security Cameras

Schneier on Security

Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what's going on in front of the camera, and infer when there is someone home. News article. Slashdot thread. cameras cloudcomputing internetofthings securitymonitoring trafficanalysis

Cloud 79

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

CISA warns organizations of cyberattacks from the Tor network

Security Affairs

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about cyberattacks from the Tor network. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) is warning enterprises of cyberattacks launched from the Tor network. Threat actors leverage the Tor network to hide the real source of their attacks and avoid that their C2 infrastructure could be identified and shut down by.

Risk 87

More Trending

SentinelOne released free decryptor for ThiefQuest ransomware

Security Affairs

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor.

Employee Surveillance: Who's the Boss(ware)?

Data Breach Today

Pandemic Drives Increased Adoption of Workplace Monitoring Tools With so many employees working from home during the COVID-19 pandemic, vendors of time-tracking and productivity-monitoring software report surging interest in their wares. Regardless of whether organizations deploy light-touch or more Big Brother types of approaches, beware potential privacy repercussions

NASA Still Struggling With Agency-Wide Cybersecurity Program

Data Breach Today

IG Report Finds Agency's Infrastructure Remains Tempting Target for Hackers A recent Inspector General's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3 billion on IT, networking and security technology in 2019. The oversite report offers a series of improvements that NASA should make

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

WIRED Threat Level

For companies that haven't patched their BIG-IP products, it may already be too late. Security Security / Cyberattacks and Hacks

IT 78

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Google Tsunami vulnerability scanner is now open-source

Security Affairs

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data.

Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition

Dark Reading

For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived

Malware Found Pre-Installed on Low-Cost Android Smartphones

Data Breach Today

Phones Sold Through US Government-Subsidized Program For the second time this year, security researchers have found malware embedded in low-cost Android smartphones distributed through a U.S. government program, security firm Malwarebytes reports

Enterprise Architect Salary: What to Expect and Why

erwin

Enterprise architecture plays a key role in the modern enterprise, so the average enterprise architect salary reflects the demand. In this post: Average Salary for an Enterprise Architect. What Does an Enterprise Architect Do? Enterprise Architect Salary Expectations. What’s Influencing Enterprise Architecture Salaries? The Tools Enterprise Architects Need to Thrive. Average Salary for an Enterprise Architect.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

Security Affairs

Researchers have found a way to bypass F5 Networks mitigation for the actively exploited BIG-IP vulnerability, and hackers already used it. Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability. Unfortunately, threat actors in the wild were already using the bypass technique before its public disclosure.

As Offices Reopen, Hardware from Home Threatens Security

Dark Reading

Devices out of sight for the past several months could spell trouble when employees bring them back to work

5 Billion Unique Credentials Circulating on Darknet

Data Breach Today

Bank Account Credentials Sell for an Average of $71, Report Finds Five billion unique user credentials are circulating on darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks, according to the security firm Digital Shadows

Access 191

2020 Likely To Break Records for Breaches

Adam Levin

2020 is on the path to becoming a record-breaking year for data breaches and compromised personal data. A recent article released by cybersecurity and antivirus firm Bitdefender shows that 8.4 billion records have already been exposed, and that’s only accounting for the first quarter of 2020. For comparison, that’s a 273% increase over the first two quarters of 2019 combined.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

15 billion credentials available in the cybercrime marketplaces

Security Affairs

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows r evealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites.

Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers

Dark Reading

RSA data reveals a continued shift away from browser-based fraud as attackers target mobile apps

83

Health Data Breach Trends: A Mid-Year Assessment

Data Breach Today

Biggest Incidents Have a Wide Variety of Causes What major health data breach trends emerged in the first half of 2020? Here's a rundown of the latest statistics - plus an analysis by experts

China Closing Its Squid Spawning Grounds

Schneier on Security

China is prohibiting squid fishing in two areas -- both in international waters -- for two seasons, to give squid time to recover and reproduce. This is the first time China has voluntarily imposed a closed season on the high seas. Some experts regard it as an important step forward in China's management of distant-water fishing (DWF), and crucial for protecting the squid fishing industry.

IT 77

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Project Freta, a free service that allows finding malware in OS memory snapshots

Security Affairs

Microsoft launched Project Freta, a free service that allows users to find malware, including rootkit, in operating system memory snapshots. Microsoft has unveiled a new project, dubbed Project Freta , for the discovery of malicious code in operating system memory snapshots. The Project Freta is a cloud-based service that allows users to collect forensic evidence of attacks on Linux systems, including the artifacts related to rootkits and other sophisticated malware.

Cloud 84

Biden Campaign Hires 2 Top Cybersecurity Executives

Dark Reading

The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election

Lawsuits After Ransomware Incidents: The Trend Continues

Data Breach Today

In Latest Case, Florida Practice Sued for Damages, and Security Mandates Sought A lawsuit seeking damages as well as security mandates has been filed against a Florida-based orthopedic group in the wake of a ransomware incident. It's the latest in a series of such legal actions in healthcare, including one in which a preliminary settlement has been reached

ThiefQuest Ransomware for the Mac

Schneier on Security

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected: For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It's a good reminder to get your software from trustworthy sources, like developers whose code is "signed" by Apple to prove its legitimacy, or from Apple's App Store itself.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Try2Cry ransomware implements wormable capability to infect other Windows systems

Security Affairs

A new piece of ransomware dubbed Try2Cry leverages infected USB flash drives and Windows shortcuts (LNK files) to infect other Windows systems. A new ransomware dubbed Try2Cry implements wormable capabilities to infect other Windows systems by using USB flash drives or Windows shortcuts (LNK files). The Try2Cry ransomware was discovered by the malware researcher Karsten Hahn while analyzing an unidentified malware sample.

Applying the 80-20 Rule to Cybersecurity

Dark Reading

How security teams can achieve 80% of the benefit for 20% of the work

How Ekans Ransomware Targets Industrial Control Systems

Data Breach Today

Researchers Identified Malware Variants With Advanced Capabilities Researchers with FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems, according to a new report. Ekans, also known as Snake, was first spotted earlier this year