|
In The Wild - CyberSecurity Newsletter
Welcome to the 118th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.
|
|
Think about the average user in your organization. What percentage of the time are they using a third-party vendor’s product or service? How much of your day-to-day work is performed using at least partially outsourced products and services? From the vendor that supplies our hardware and networking equipment, to the operating system on each PC, to the additional software installed on workstations and servers, to the vendor that supports the software, a third-party vendor is potentially involved every step of the way.
|
|
|
|
Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH’s software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access.
|
|
|
A malware attack on Wolters Kluwer has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company’s cloud servers. While the company did not comment on how many of its customers were impacted by the downtime, CNBC spoke to accountants and cybersecurity specialists across the U.S., from the biggest firms down to independent operations, who described significant and ongoing problems accessing their customers’ data. One accountant at a large, Midwest-based accounting firm, said that the accounting world was in a “quiet panic” over the attack.
|
|
|
Corporate espionage is on the rise as a motivation for cyberattacks, with a full quarter of all network compromises associated with reconnaissance and data exfiltration in the last 12 months. However, financially motivated attacks aren’t going anywhere; social-engineering attacks aimed at stealing funds still represented 12 percent of data-breach incidents, and most cyberattacks overall were motivated by financial gain. That’s according to Verizon’s 2019 Data Breach Investigations Report, released Wednesday, which analyzed more than 41,000 cybersecurity incidents and over 2,000 data breaches from 86 countries.
|
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »
|
|
|
A security researcher has revealed that a whole load of sensitive information has been inadvertently made accessible to the public on GitLab. Nothing so unusual about that you might think. However, the information concerned included source code, credentials and secret keys for various projects. Still nothing too out of the ordinary you say? Here's the thing, the Vandev Lab Gitlab instance in question was one used by Samsung staff to work on code for various projects including the SmartThings and Bixby platforms.
|
|
|
A hacking group or individual is advertising access to the networks of at least three antivirus companies in the U.S. and source code for their software products. The initial asking price was $250,000 for access information and $150,000 for the source code, but they were ready to sell both for at least $300,000 depending on the antivirus company the buyer is interested. This offer was for each individual company, and it is not a set price. It could go as high as $1 million for one access. A definitive offer is still being discussed with intermediaries.
|
|
|
Binance is of the world’s biggest cryptocurrency exchanges. As of Tuesday, it’s now also the scene of a major cryptocurrency theft. In what the company calls a “large-scale security breach,” hackers stole not only 7,000 bitcoin—equivalent to over $40 million—but also some user two-factor authentication codes and API tokens.
|
|
|
Focus is a "superpower" that can help you achieve extraordinary results and shave hours off of your work week. One of the lies of success that people often buy into is that you get ahead by working just a little harder and just a little longer than everybody else does. You get up at dawn or before dawn - you are the first person into work and the last to go home. When other people have stopped working, you are hunkering down and putting in tremendous hours. This is how you get ahead. This may be true for a while, but you can only drive in the express lane for so long before the wheels come off.
|
|
|
10 Other Interesting Links From This Week
There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:
|
| |
Comments
Post a Comment