Sat.Nov 21, 2020 - Fri.Nov 27, 2020

Top 3 Black Friday 2020 scams to avoid

IT Governance

Amid the mad dash for bargains and inevitable stories of shop-floor brawls, Black Friday brings with it a spike in cyber security threats, as cyber criminals take advantage of people desperate for bargains.

Fraudsters Spoof FBI Domain

Data Breach Today

Bureau Identifies Nearly 100 Spoofed Websites Created by Cybercriminals The FBI has identified nearly 100 spoofed websites that use some incarnation of the agency's name. Fraudsters and other cybercriminals potentially could leverage the sites disinformation campaigns and credential theft

179
179
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Spotify Users Hit with Rash of Account Takeovers

Threatpost

Users of the music streaming service were targeted by attackers using credential-stuffing approaches. Breach Cloud Security Hacks Web Security account takeover Credential stuffing cyberattack elasticsearch database music streaming password reuse Spotify spotify credentials vpnMentor

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned.

The Best Data Retention Policy & Template To Get You Started

In this whitepaper from Onna, we will walk you through data retention best practices and provide you with a downloadable template to help you get organized and gain better visibility into your data’s lifecycle.

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

WIRED Threat Level

The company is rolling out a patch today for the vulnerabilities, which allowed one researcher to break into one in 90 seconds and drive away. Security Security / Cyberattacks and Hacks

More Trending

How Ransomware Defense is Evolving With Ransomware Attacks

Dark Reading

As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online.

Secret Service Investigates 700 Cases of Covid Relief Fraud

WIRED Threat Level

Ransomware as a service, exposed SMS photos, and more of the week's top security news. Security Security / Security News

Home Depot Settles 2014 Breach Lawsuit for $17.5 Million

Data Breach Today

Home Supply Retailer Must Also Implement Several Cybersecurity Protocols The Home Depot reached a $17.5 million settlement in a class-action lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million of the retailer's customers.

Retail 230

How to Measure DevSecOps Progress and Ensure Success

Speaker: Shannon Lietz, Director of DevSecOps Team, Intuit

You've finally done it: You've won over C-Suite and your DevSecOps team is up and running. But how do you monitor your new program? Join Shannon Lietz, Leader and Director of DevsecOps at Intuit, and learn to lead your DevSecOps team to the top.

Security Researchers Sound Alarm on Smart Doorbells

Dark Reading

A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them

Risk 110

Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs

Security Affairs

A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs.

On That Dusseldorf Hospital Ransomware Attack and the Resultant Death

Schneier on Security

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying.

Grelos Skimmer Variant Co-Opts Magecart Infrastructure

Data Breach Today

Researchers: Skimmer Compromised Website of Boom! Mobile In October Researchers have identified a fresh variant of the Grelos skimmer that has co-opted the infrastructure that MageCart uses for its own skimming attacks against e-commerce sites, according to RiskIQ.

IT 221

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

5 Signs Someone Might be Taking Advantage of Your Security Goodness

Dark Reading

Not everyone in a security department is acting in good faith, and they'll do what they can to bypass those who do. Here's how to spot them

SSH-backdoor Botnet With ‘Research’ Infection Technique

Security Affairs

Security expert Tolijan Trajanovski analyzed an SSH-backdoor Botnet that implements an interesting ‘Research’ infection technique. In a recent tweet , the malware researcher @ 0xrb shared a list containing URLs of recently captured IoT botnet samples.

IoT 107

Google Is Testing End-to-End Encryption in Android Messages

WIRED Threat Level

For now, the security measure will be available only to people using the beta version of the app. Security Security / Security News

FBI Warns of Uptick in Ragnar Locker Ransomware Activity

Data Breach Today

Bureau Says the Attacks Are Hitting Many Sectors The FBI has sent out a private industry alert warning about increasing attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Do You Know Who's Lurking in Your Cloud Environment?

Dark Reading

A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform

Cloud 102

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

The U.S. FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The U.S.

IoT Unravelled Part 1: It's a Mess. But Then There's Home Assistant

Troy Hunt

With the benefit of hindsight, this was a naïve question: Alright clever IoT folks, I've got two of these garage door openers, what do you reckon the best way of connecting them with Apple HomeKit is?

IoT 113

Productivity Tools May Be Monitoring Workers' Productivity

Data Breach Today

Regulatory and Employee Litigation Risks Face Businesses That Violate Privacy Rules Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it.

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Failing Toward Zero: Why Your Security Needs to Fail to Get Better

Dark Reading

Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes

2FA bypass in cPanel potentially exposes tens of millions of websites to hack

Security Affairs

2FA bypass discovered in web hosting software cPanel. More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts.

GreenLight Group’s GITOpS – what is it and why does it matter?

Micro Focus

What is GITOpS (and why does it matter)? Operations is the lifeblood of every IT department, and for most IT managers it’s also the bane of their existence. IT Operations can be costly, and it consumes vast amounts of resources in the form of time and labor. If it weren’t such a critical part of.

IT 77

Gone in 120 Seconds: Flaws Enable Theft of Tesla Model X

Data Breach Today

Electric Car Manufacturer is Pushing Over-the-Air Updates to Patch Software Flaws Two vulnerabilities in Tesla's keyless entry system allowed researchers to clone a key fob and drive away with a Model X.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

3 Steps CISOs Can Take to Convey Strategy for Budget Presentations

Dark Reading

Answering these questions will help CISOs define a plan and take the organization in a positive direction

96

Researchers show how to steal a Tesla Model X in a few minutes

Security Affairs

Boffins have demonstrated how to steal a Tesla Model X in a few minutes by exploiting vulnerabilities in the car’s keyless entry system.

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

Threatpost

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.

IT 111