Sat.Aug 01, 2020 - Fri.Aug 07, 2020

FBI Warns of Serious Risks Posed by Using Windows 7

Data Breach Today

Bureau Says Attackers Can Use Vulnerable RDP Connections to Access Networks The FBI is warning organizations that are still using Microsoft Windows 7 they are in danger of attackers exploiting vulnerabilities in the unsupported operating system to gain network access. The agency points to an uptick in such attack attempts

Risk 174

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry

WIRED Threat Level

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more. Security Security / Cyberattacks and Hacks

UberEats data leaked on the dark web

Security Affairs

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

How WastedLocker Evades Anti-Ransomware Tools

Data Breach Today

Sophos Says Malware Designed to Avoid Security Measures WastedLocker, a ransomware strain that reportedly shut down Garmin's operations for several days in July, is designed to avoid security tools within infected devices, according to a technical analysis from Sophos

More Trending

List of data breaches and cyber attacks in July 2020 ­– 77 million records breached

IT Governance

After mammoth amounts of personal data were leaked in May and June, we’ve seen a reversion to the mean this month. By our count, 77,775,496 records were leaked in 86 incidents. This includes the Twitter hack on 130 people, including Bill Gates, Barack Obama and Elon Musk, as well as the less flashy but equally concerning attack on dozens of universities and charities across the UK, US and Canada. You can find our full list of publicly disclosed data breaches from July in this blog.

Garmin allegedly paid for a decryptor for WastedLocker ransomware

Security Affairs

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware. BleepingComputer first revealed that Garmin has received the decryption key to recover the files encrypted with the WastedLocker Ransomware in the recent attack. On July 23, smartwatch and wearables maker Garmin has shut down several of its services due to a ransomware attack that targeted its internal network and some production systems.

Twitter Hack: Suspects Left Easy Trail for Investigators

Data Breach Today

Bitcoin Accounts Linked to Driver's Licenses, Leading to Arrests Suspects in the epic attack against Twitter were uncovered in part by the use of their real photo identification for cryptocurrency accounts they used to broker the sale of stolen usernames. The mistakes proved crucial to their identification, according to court documents

Sales 167

Dutch Hackers Found a Simple Way to Mess With Traffic Lights

WIRED Threat Level

By reverse-engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world. Security Security / Cyberattacks and Hacks

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

6 Dangerous Defaults Attackers Love (and You Should Know)

Dark Reading

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network

82

Hackers can abuse Microsoft Teams updater to deliver malicious payloads

Security Affairs

Threat actors can abuse Microsoft Teams updater to retrieve and execute malicious code from a remote location. Security experts from Trustwave detailed the Living Off the Land technique that could allow a threat actor to abuse the MS Teams Updater to download any binary or malicious payload from a remote server. The bad news is that the issue could not be easily addressed because it is a design flaw.

Garmin Reportedly Paid a Ransom

Data Breach Today

Company Says 'Temporary Limitations' on Services Continue Garmin, a fitness tracker and navigation device firm, apparently paid a ransom to recover from a July 23 security incident that encrypted several of its systems, according to two news reports as well as expert analysis. The company says it's still experiencing 'temporary limitations" on services

The Garmin Hack Was a Warning

WIRED Threat Level

As ransomware groups turn their attention to bigger game, expect more high-profile targets to fall. Security Security / Cyberattacks and Hacks

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

How Ransomware Threats Are Evolving & How to Spot Them

Dark Reading

A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals

How to Talk Technology When You’re Not Technical

AIIM

Some people are hyper-technical, and they can be intimidating if you don’t feel technically minded. It can feel like you’re not even speaking the same language as they seem to bury you in TLAs and FLAs (Three-Letter Acronyms and Four-Letter Acronyms). Information professionals can communicate with their technical colleagues – even when they’re not that technical. Driving Forces. How many people really understand what’s going on in their car as they drive down the road?

Twitter Rushes to Fix Flaw in Android Version

Data Breach Today

Vulnerability Could Enable Hackers to Access User Data, Including Direct Messages Twitter rushed out a fix for a flaw in the Android version of its social media platform that could have allowed hackers to access user data, including within the direct message feature. The news comes as more details have emerged about a recent Twitter hacking incident

Access 161

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. and foreign government organizations. The feds are recommending victims, not to pay the ransom and reporting incidents to their local FBI field offices. The flash alert also includes indicators of compromise for the Netwalker ransomware along with mitigations.

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

IoT Security During COVID-19: What We've Learned & Where We're Going

Dark Reading

Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists

IoT 80

The NSA on the Risks of Exposing Location Data

Schneier on Security

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance.

Risk 74

FBI Warns of Surge in Fraudulent Shopping Websites

Data Breach Today

Victims Drawn to Malicious Sites Advertising Low Prices The FBI has issued an alert warning that cybercriminals are creating fraudulent websites that mimic popular e-commerce sites

162
162

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data.

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

Why Data Ethics Is a Growing CISO Priority

Dark Reading

With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential

The Quest to Liberate $300,000 of Bitcoin From an Old Zip File

WIRED Threat Level

The story of a guy who wouldn't let a few quintillion possible decryption keys stand between him and his cryptocurrency. Security Security / Security News

Exploring the Forgotten Roots of 'Cyber'

Data Breach Today

Cyber Always Points to the Future, But It Has a Past One day, you may drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job, backed by a cyber insurance policy as you safeguard cyberspace against the threat of cyberwar. Or cyber whatever, since we've obviously entered the era of "maximum cyber." But what does cyber even mean

A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account

Security Affairs

A critical flaw in the wpDiscuz WordPress plugin could be exploited by remote attackers to execute arbitrary code and take over the hosting account. Security experts from Wordfence discovered a critical vulnerability impacting the wpDiscuz WordPress plugin that is installed on over 80,000 sites. The vulnerability could be exploited by attackers to execute arbitrary code remotely after uploading arbitrary files on servers hosting the vulnerable WordPress sites.

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Hacking the PLC via Its Engineering Software

Dark Reading

Researcher will demonstrate at DEF CON an emerging threat to industrial control networks

IT 79

Rite Aid Used Facial Recognition in Stores for Nearly a Decade

WIRED Threat Level

A SubStack email mess, a Nintendo leak, and more of the week's top security news. Security Security / Security News

North Korean Hackers Targeted US Aerospace, Defense Firms

Data Breach Today

McAfee: Operation North Star Used Fake Job Offers to Plant Malware Hackers with suspected ties to North Korea targeted U.S. aerospace and defense firms with fake job offer emails sent to employees, according to security firm McAfee. The messages contained malware designed to gain a foothold in networks and gather data