SBS CyberSecurity - In The Wild 116


 
SBS Newsletter header
 

In The Wild - CyberSecurity Newsletter

Welcome to the 116th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Related image
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.
Image result for sbs cybersecurity twitter

[Threat Advisory] Consumer Account Takeover: Credential Stuffing

SBS Educational Resources

SBS CyberSecurity has been made aware of a credential stuffing attack affecting financial institutions. This attack targets consumer bank accounts and has resulted in financial losses. The frequency of these attacks has increased over the past couple of months, and the attack itself is difficult to detect, as it does not readily appear on SIEM, IDS, or IPS reports.

FBI's IC3 Annual Report Released

FBI.gov

The statistics gathered by the FBI’s Internet Crime Complaint Center (IC3) for 2018 show Internet-enabled theft, fraud, and exploitation remain pervasive and were responsible for a staggering $2.7 billion in financial losses in 2018. In its annual Internet Crime Report, the FBI reports the IC3 received 351,936 complaints in 2018—an average of more than 900 every day. The most frequently reported complaints were for non-payment/non-delivery scams, extortion, and personal data breaches. The most financially costly complaints involved business email compromise, romance or confidence fraud, and investment scams, which can include Ponzi and pyramid schemes.
cid:image013.jpg@01D4B68B.9C571890

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft, and remote compromise, new research has found. The security flaws involve iLnkP2P, software developed by China-based Shenzhen Yunni Technology. iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders.

Five Possible Ways You Did Not See That Data Breach Coming

ITSP Magazine

In late January, millions of financial records were leaked from Texas-based data firm Ascension because its contractor, a New York-based document management startup, had misconfigured several Elasticsearch and Amazon S3 storage servers, leaving them with no password required. Outsourcing helps organizations beat competition and optimize costs. However, outsourcing increases security risks because companies have to expand their digital ecosystems. Every company should take a risk-based approach when developing relationships with contractors to avoid making the following five mistakes.
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


If a $5 Billion Fine Is Chump Change, How Do You Punish Facebook?

The New York Times

It’s time for Facebook to pay up. Sort of. On Wednesday, The Washington Post reported that the social network was in negotiations with the Federal Trade Commission over fines relating to the company’s misuse of user data in the Cambridge Analytica scandal. Around the same time, Facebook made it public that it was setting aside between $3 billion and $5 billion for the fine.

The Anatomy of Highly Profitable Credential Stuffing Attacks

Bleeping Computer

Even though credential stuffing is a popular method used by hacking groups to attack businesses since at least late 2014, there still is a lot to be uncovered about the techniques malicious actors use to run them. Credential stuffing attacks consist of automated attempts to log into online services using user credential databases, with the success of this type of malicious campaigns being based on the unfortunately very common habit of users to use the same password for multiple accounts.

Why Shadow IT is the Next Looming Cybersecurity Threat

The Next Web

Shadow IT is an issue that just about every organization faces on some level, but when I speak to executives and IT leaders, it’s simply not a topic that comes up. When I do bring it up, it quickly becomes clear that the tech industry as a whole underestimates the size and scope of the issue. And that lack of awareness and understanding is posing an ever-increasing threat to data protection and cybersecurity. “Shadow IT” refers to systems, software, or applications that individuals in an organization use on a regular basis without the knowledge of executive leadership or the IT department.

Can Any Company Be a Tech Company? Inside the Journey of Sweetgreen

Inc.com

When they were still undergrads at Georgetown University, Jonathan Neman, Nicolas Jammet, and Nathaniel Ru weren't yet superfriends. But after they graduated, in 2007, they decided to try opening a 560-square-foot salad and frozen-yogurt shop: Sweetgreen. By the time the company had 20 locations, from D.C. to Philadelphia, and they were raising money for a national expansion, the three had become so chummy that it made their potential investors nervous. Were these brothers-in-salad for real?

Image result for sbs cybersecurity twitter

Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"