April, 2020

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom.

Spear-Phishing Campaign Uses COVID-19 to Spread LokiBot

Data Breach Today

FortiGuard Labs Researchers Find WHO Images Used As Lure Again A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot. FortiGuard Labs researchers find that cybercriminals are once again using WHO images as a lure

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

The Last Watchdog

Cyber criminals who specialize in plundering local governments and school districts are in their heyday. Related : How ransomware became a scourge Ransomware attacks and email fraud have spiked to record levels across the U.S.

How to Keep Your Zoom Chats Private and Secure

WIRED Threat Level

Trolls. Prying bosses. Zoom's a great video chat platform, but a few simple steps also make it a safe one. Security Security / Security Advice

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Security and Privacy Implications of Zoom

Schneier on Security

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My My own university, Harvard, uses it for all of its classes.) Over that same period, the company has been exposed for having both lousy privacy and lousy security.

More Trending

No, I Won't Link to Your Spammy Article

Troy Hunt

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: Hi, I came across your blog on [thing] and I must admit, it was really nicely written.

Morrisons Not Liable for Breach Caused by Rogue Employee

Data Breach Today

Employees' Attempt to Receive Financial Compensation Dismissed by Supreme Court Supermarket giant Morrisons is not liable for a data breach caused by a rogue employee, Britain's Supreme Court has ruled, bringing to a close the long-running case - the first in the country to have been filed by data breach victims.

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

The Last Watchdog

Deploying the latest, greatest detection technology to deter stealthy network intruders will take companies only so far. Related: What we’ve learned from the massive breach of Capitol At RSA 2020 , I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier.

Key Ring digital wallet exposes data of 14 Million users in data leak

Security Affairs

vpnMentor researchers discovered that the popular digital wallet application Key Ring exposed data belonging to millions of users in a huge data leak. The digital wallet application Key Ring recently exposed information from its 14 million users.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Bug Bounty Programs Are Being Used to Buy Silence

Schneier on Security

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny.

Micro Focus: a solution to the skills issue

Micro Focus

IBM Mainframe COBOL, enterprise-class, core application environments are often the lifeblood of an organisation. Whether commercial or government, revenue generating or providing vital services, these trusted systems underpin many of the most critical services that IT provides.

The SOC Emergency Room Faces Malware Pandemic

Dark Reading

To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach

Washington Governor Signs Facial Recognition Law

Data Breach Today

Privacy Advocates Criticize Measure That Microsoft Supported Washington's governor has signed a new law that regulates the use of facial recognition technology. But some privacy advocates say the measure, which was backed by Microsoft, doesn't do enough to protect individuals' rights

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Thousands of Android Apps Are Silently Accessing Your Data

WIRED Threat Level

More than 4,000 Google Play apps let developers and advertisers collect a list of the user's other installed apps, no permission needed. Security Security / Cyberattacks and Hacks

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai.

Emotat Malware Causes Physical Damage

Schneier on Security

Microsoft is reporting that an Emotat malware infection shut down a network by causing computers to overheat and then crash.

Reassuring Words and Good Intentions Don't Mean Good Security

Troy Hunt

How much can you trust the assertions made by an organisation regarding their security posture? I don't mean to question whether the statements are truthful or not, but rather whether they provide any actual assurance whatsoever.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Attackers Leverage Excel File Encryption to Deliver Malware

Dark Reading

Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says

CISO Conversations: Healthcare's Unique Opportunity

Data Breach Today

ChristianaCare's Anahi Santiago on Telehealth Advances Amidst Pandemic Crisis Healthcare professionals are on the front line in the war against COVID-19, and their cybersecurity leaders bear unique pressure to support and secure their efforts.

How Marriott Customers Can Protect Themselves From The Latest Breach

Adam Levin

Marriott International announced a data breach that may have exposed the information of 5.2 million guests. Among the information potentially compromised are names, birthdates, mailing addresses, phone numbers, email addresses, and birthdates.

New COVID19 wiper overwrites MBR making computers unusable

Security Affairs

A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Dark Web Hosting Provider Hacked

Schneier on Security

Daniel's Hosting, which hosts about 7,600 dark web portals for free, has been hacked and is down. It's unclear when, or if, it will be back up. darkweb hacking

IT 89

This Map Shows the Global Spread of Zero-Day Hacking Techniques

WIRED Threat Level

The collection of countries using those secret hacking techniques has expanded far beyond the usual suspects. Security Security / Security News

Vulnerability Researchers Focus on Zoom App's Security

Dark Reading

With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses

COVID-19 Response: The Re-evaluation Phase

Data Breach Today

Crisis Management Expert Regina Phelps on the Coming Stages of Pandemic Response Planning As April begins, enterprises are starting to re-evaluate their COVID-19 response plans, says crisis management expert Regina Phelps.

191
191

List of data breaches and cyber attacks in March 2020 – 832 million records breached

IT Governance

With organisations across the globe turned upside down by the COVID-19 pandemic, there has never been a worse time to suffer a data breach or cyber attack.

Open Cloud Database Exposes 200 Million Americans

Security Affairs

Experts revealed that an unauthorized party compromised more than 200 million user records hosted somewhere within the U.S. in a Google Cloud database. .

Cloud 90

Marriott Was Hacked -- Again

Schneier on Security

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g.,

A Notorious Spyware Vendor Wants to Track Coronavirus Spread

WIRED Threat Level

Plus: An evacuated aircraft carrier, Iranian hackers, and more of the week's top security news. Security Security / Security News