Sat.Nov 21, 2020 - Fri.Nov 27, 2020

Top 3 Black Friday 2020 scams to avoid

IT Governance

Amid the mad dash for bargains and inevitable stories of shop-floor brawls, Black Friday brings with it a spike in cyber security threats, as cyber criminals take advantage of people desperate for bargains.

Fraudsters Spoof FBI Domain

Data Breach Today

Bureau Identifies Nearly 100 Spoofed Websites Created by Cybercriminals The FBI has identified nearly 100 spoofed websites that use some incarnation of the agency's name. Fraudsters and other cybercriminals potentially could leverage the sites disinformation campaigns and credential theft

163
163

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Spotify Users Hit with Rash of Account Takeovers

Threatpost

Users of the music streaming service were targeted by attackers using credential-stuffing approaches. Breach Cloud Security Hacks Web Security account takeover Credential stuffing cyberattack elasticsearch database music streaming password reuse Spotify spotify credentials vpnMentor

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy , the world’s largest domain name registrar, KrebsOnSecurity has learned.

Digital Trends Report 2020

As part of our goal to continue helping our community during these times, we wanted to share with you this critical data on the state of digital products across industries and provide context on how businesses are responding to the changing winds.

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

WIRED Threat Level

The company is rolling out a patch today for the vulnerabilities, which allowed one researcher to break into one in 90 seconds and drive away. Security Security / Cyberattacks and Hacks

More Trending

How Ransomware Defense is Evolving With Ransomware Attacks

Dark Reading

As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

The U.S. FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The U.S.

On That Dusseldorf Hospital Ransomware Attack and the Resultant Death

Schneier on Security

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying.

Grelos Skimmer Variant Co-Opts Magecart Infrastructure

Data Breach Today

Researchers: Skimmer Compromised Website of Boom! Mobile In October Researchers have identified a fresh variant of the Grelos skimmer that has co-opted the infrastructure that MageCart uses for its own skimming attacks against e-commerce sites, according to RiskIQ.

IT 220

Testing at Every Stage of Development

Up to 80% of new products fail. The reality is harsh and the reasons why are endless. Perhaps the new product couldn’t oust a customer favorite. Maybe it looked great but was too hard to use. Or, despite being a superior product, the go-to-market strategy failed. There’s always a risk when building a new product, but you can hedge your bets by understanding exactly what your customers' expectations truly are at every step of the development process.

Security Researchers Sound Alarm on Smart Doorbells

Dark Reading

A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them

Risk 100

Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs

Security Affairs

A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs.

Indistinguishability Obfuscation

Schneier on Security

Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it had finally been achieved, based on a recently published paper.

Paper 80

Biden Reveals Picks to Head DHS, Intelligence

Data Breach Today

President-Elect Taps Former Obama Administration Officials President-elect Joe Biden on Monday announced that two former Obama-era officials are his nominees to head the U.S. Department of Homeland Security and the Office of Director of National Intelligence

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Today’s organizations are faced with the overwhelming challenge of managing, finding, and leveraging their information. This eBook discusses a newly discovered information discipline and is filled to the brim with helpful information.

3 Steps CISOs Can Take to Convey Strategy for Budget Presentations

Dark Reading

Answering these questions will help CISOs define a plan and take the organization in a positive direction

86

Researchers show how to steal a Tesla Model X in a few minutes

Security Affairs

Boffins have demonstrated how to steal a Tesla Model X in a few minutes by exploiting vulnerabilities in the car’s keyless entry system.

Secret Service Investigates 700 Cases of Covid Relief Fraud

WIRED Threat Level

Ransomware as a service, exposed SMS photos, and more of the week's top security news. Security Security / Security News

From St. Louis to France, Ransomware Victim List Expands

Data Breach Today

Among the Causes: Hit Against Managed.com Website Hosting Giant Ransomware continues to pummel many types of organizations, recently including South Korea's E-Land retail group, French newspaper Paris-Normandie and a Georgia county school system.

Retail 187

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

Baidu Apps Leaked Location Data, Machine Learning Reveals

Dark Reading

Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds

81

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Security Affairs

Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012.

More on the Security of the 2020 US Election

Schneier on Security

Last week I signed on to two joint letters about the security of the 2020 election.

Chinese Hacking Group Rebounds With Fresh Malware

Data Breach Today

Researchers: TA416 Ramping Up Phishing Emails Targeting Diplomatic Missions A Chinese advanced persistent threat group has recently begun ramping up its activities with a new phishing campaign leveraging updated malware that's targeting diplomatic missions around the world to collect data and monitor communications, according to Proofpoint.

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups

Dark Reading

APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns

IT 83

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

Group-IB , a global threat hunting and intelligence company, has presented its annual Hi-Tech Crime Trends 2020/2021 report. In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year.

Cyber Public Health

Schneier on Security

In a lecture, Adam Shostack makes the case for a discipline of cyber public health. It would relate to cybersecurity in a similar way that public health relates to medicine. Uncategorized cybersecurity infrastructure threat models video

IT 67

Bill Looks to Close Federal Cybersecurity Loopholes

Data Breach Today

Lawmakers Want to Restrict Agencies From Postponing Security Measures Sen. Ron Wyden, D-Ore., and Rep. Lauren Underwood, D-Ill.,

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas

Dark Reading

Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak

Manchester United hit by ‘sophisticated’ cyber attack

Security Affairs

The Manchester United football club has been hit by a cyber attack on their systems, it is not aware of a breach of personal data for his fans.

Google Is Testing End-to-End Encryption in Android Messages

WIRED Threat Level

For now, the security measure will be available only to people using the beta version of the app. Security Security / Security News