Sat.Jul 25, 2020 - Fri.Jul 31, 2020

3 Charged in Twitter Hack

Data Breach Today

Florida Teen, 2 Others Charged in Connection With Compromising 130 Accounts A Florida teenager was arrested and two others were charged in connection with hacking 130 high-profile Twitter accounts to pull off a cryptocurrency scam, prosecutors say

171
171

Medical Device Security Alerts: The Latest Updates

Data Breach Today

More Devices Affected by 'Ripple20' Vulnerabilities Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data and Goliath Book Placement

Schneier on Security

Notice the copy of Data and Goliath just behind the head of Maine Senator Angus King. This demonstrates the importance of a vibrant color and a large font. books dataandgoliath schneiernews

52

Business ID Theft Soars Amid COVID Closures

Krebs on Security

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Twitter Hackers Targeted Employees With Phone Phishing

Data Breach Today

Social Media Firm Says Fraudsters Executed Their Cryptocurrency Scam Within a Day The hackers who hijacked 130 high-profile Twitter accounts as part of a cryptocurrency scam earlier this month used a telephone-based spear-phishing attack to obtain employee credentials, the social media company says

More Trending

How the Alleged Twitter Hackers Got Caught

WIRED Threat Level

Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks. Security Security / Cyberattacks and Hacks

Is Your Chip Card Secure? Much Depends on Where You Bank

Krebs on Security

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. A chip-based credit card.

Sales 180

Garmin Confirms Hackers Encrypted Several Systems

Data Breach Today

Navigation and Smartwatch Company Stops Short of Using Term 'Ransomware' Garmin acknowledged Monday that a "cyberattack" that encrypted several of its systems led to outages that affected several of the company's fitness and aviation products along with knocking its homepage and customer service centers offline. As of Monday, several affected services were again operating

MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI

The Last Watchdog

It took a global pandemic and the death of George Floyd to put deep-seated social inequities, especially systemic racism, front and center for intense public debate. Related: Will ‘blockchain’ lead to more equitable wealth distribution? We may or may not be on the cusp of a redressing social injustice by reordering our legacy political and economic systems. Only time will tell.

IT 151

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

Survey of Supply Chain Attacks

Schneier on Security

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.

Three Charged in July 15 Twitter Compromise

Krebs on Security

Three individuals have been charged for their alleged roles in the July 15 hack on Twitter , an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. Amazon CEO Jeff Bezos’s Twitter account on the afternoon of July 15. Nima “Rolex” Fazeli , a 22-year-old from Orlando, Fla.,

Dave: Mobile Banking App Breach Exposes 3 Million Accounts

Data Breach Today

Hack Blamed on Credentials Stolen via Breach of Third-Party Service Provider Waydev Mobile-only banking app Dave has suffered a data breach that exposed personal details for at least 3 million users. But the fintech startup says no account information was exposed, and there are no signs of fraud. Dave says the incident traces to credentials stolen from Waydev, a third-party service provider

3 Arrested for Massive Twitter Breach

Dark Reading

Three individuals aged 17, 19, and 22 have been charged for their alleged roles in the massive July 15 Twitter attack

80

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

REMnux 7, a Linux toolkit for malware analysts released

Security Affairs

A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware. The toolkit was first released in 2010 by SANS fellow researcher Lenny Zeltser , who is still maintaining the software.

Here’s Why Credit Card Fraud is Still a Thing

Krebs on Security

Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here’s a look at the havoc that lag has wrought, as seen through the purchasing patterns at one of the underground’s biggest stolen card shops that was hacked last year.

Sales 147

The Hacker Battle for Home Routers

Data Breach Today

Trend Micro Says Botnet Families Fight for Control of Vulnerable Routers Trend Micro says it has seen increasing attempts to infect home routers for use as proxies and for DDoS attacks. The battle is primarily being fought by three bot families - Mirai, Qbot and Kaiten - that enable low-level fraudsters to hide their activity

IT 166

Average Cost of a Data Breach: $3.86 Million

Dark Reading

New IBM study shows that security system complexity and cloud migration can amplify breach costs

Cloud 79

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. Cybersecurity researchers at Intezer spotted a new completely undetectable Linux malware , dubbed Doki , that exploits undocumented evasion techniques while targeting publicly accessible Docker servers. The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS.

AI Helped Uncover Chinese Boats Hiding in North Korean Waters

WIRED Threat Level

A combination of technologies helped scientists discover a potentially illegal fishing operation involving more than 900 vessels. Security Security / National Security

US Intelligence Warns of Foreign Election Interference

Data Breach Today

Report Describes Threats From Russia, China and Iran With less than 100 days to go before the U.S. election, intelligence officials are warning of attempted interference by Russia, China and Iran. But Congressional lawmakers are disagreeing about the severity of these threats

161
161

Dark Web Travel Fraudsters Left Hurting From Lockdowns

Dark Reading

Shadow travel businesses that depend on loyalty program fraud have been impacted just like the legitimate travel orgs they prey on

78

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Disclaimer : due to a complaint from the citizens of my native city in Italy… I had to rename #PiadinaBoard into #BurtleinaBoard. Few months ago I have presented #FocacciaBoard : a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e. UART, JTAG, SWD, SPI, I2C).

IoT 76

Children Stream on Twitch—Where Potential Predators Find Them

WIRED Threat Level

A WIRED investigation found dozens of channels belong to children apparently under 13, and anonymous chat participants sending inappropriate messages their way. Security Security / Security News

Lazarus Group Reportedly Now Wielding Ransomware

Data Breach Today

Kaspersky Discovers 2 Incidents Involving VHD Ransomware The Lazarus Group, the North Korean hacking group behind the WannaCry worm, the theft of $81 million from a Bangladesh bank and the attacks on Sony Pictures, apparently is expanding into ransomware, according to the security firm Kaspersky

Twitter: Employees Compromised in Phone Spear-Phishing Attack

Dark Reading

The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

ShinyHunters leaked over 386 million user records from 18 companies

Security Affairs

ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online. The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum. A couple of days ago, the popular digital banking app Dave.com disclosed a security breach after ShinyHunters leaked 7,516,625 user records on a crime forum.

Fake Stories in Real News Sites

Schneier on Security

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story : The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they've posted fake content on everything from social media to pro-Russian news websites.

Anatomy of a Breach: Criminal Data Brokers Hit Dave

Data Breach Today

Evidence Points to 'ShinyHunters' Hacking Team Phishing Employees of Mobile Bank Mobile banking startup Dave is just the latest victim of criminal data brokers. Extensive evidence now points to Dave having been hit by a ShinyHunters, which has been tied to the sale of millions of stolen records to fraudsters - either via a phishing attack or hack of a third-party service provider