SBS CyberSecurity - In The Wild 120

 

In The Wild - CyberSecurity Newsletter Welcome to the 120th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Reporting Critical Information Security Areas Upstream SBS Educational Resources One of the most critical aspects of any Information Security Program is communication and sharing information. This is especially true with Executives and Board of Directors, who need to be educated and informed on all aspects of information security so they can ask better questions and make appropriate decisions. If the top-level of the organization better understand the risks and the impact potential, it will help build a stronger information security culture throughout the organization. Read Here »   First American Financial Leaked Hundreds of Millions of Title Insurance Records Krebs on Security The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. leaked hundreds of millions of documents related to mortgage deals going back to 2003 until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. Read Here »   The 3 Cybersecurity Rules of Trust Dark Reading Do you trust me? Why wouldn't you? I'm honest, have strong credentials in cybersecurity, and helped design security solutions for top technology companies and government entities. But hold on — you don't know me from a hole in the ground. Am I fictitious? The advanced degrees in my office — are they real? My six patents — real or exaggerated? You have to trust your instincts on whether I'm trustworthy. That's the central problem everyone faces in information security today. Read Here »   Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next The New York Times More than two weeks ago, hackers seized parts of the computer systems that run Baltimore’s government. It could take months of work to get the disrupted technology back online. That or the city could give in to the hackers’ ransom demands. “Right now, I say no,” Mayor Bernard Young told local reporters on Monday. “But in order to move the city forward? I might think about it. But I have not made a decision yet.” Here’s a brief rundown of what happened. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Kaspersky Lab Sees Spike In Mobile Banking Cyberattacks PYMNTS Kaspersky Lab, a cybersecurity and anti-virus company, has reported a rise in a specific malware intended to steal money and credentials from people’s bank accounts. The company found 29,841 files of the malware in Q1 of 2019, which is up from 18,501 in Q4. Attacks on upwards of 300,000 users were detected. Kaspersky Lab released its IT threat evolution in its Q1 2019 report. Read Here »   Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours The Hacker News Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by the online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11. Just last week, while releasing a Windows 10 zero-day exploit for a local privilege escalation bug in Task Scheduler utility, SandboxEscaper claimed to have discovered four more zero-day bugs; exploits for two have now been publicly released. Read Here »   Cybersecurity Training and Awareness: Helpful Resources for Educators we live security Cybersecurity training and awareness programs need not break the budget. This article lists free resources that are readily accessible and can help you find ideas, content, and contacts to assist in your efforts. Of course, as I said last year, such programs “will not guarantee complete cyber safety for companies, but they can go a long way towards making workers more cyber-aware” (see: Cybersecurity training still neglected by many employers). When combined with good policies and controls, security education definitely improves an organization’s resistance to attack. Read Here »   The Condensed Guide to Running Meetings Harvard Business Review We love to hate meetings. And with good reason — they clog up our days, making it hard to get work done in the gaps, and so many feel like a waste of time. There’s plenty of advice out there on how to stop spending so much time in meetings or make better use of the time, but does it hold up in reality? Can you really make meetings more effective and regain control of your calendar? Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure: ·         KrebsOnSecurity: Legal Threats Make Powerful Phishing Lures ·         Bleeping Computer: U.S. Navy Creating a 350 Billion Record Social Media Archive ·         Bleeping Computer: New Bitcoin Scam Leads to Ransomware and Info-Stealing Trojans ·         The Hacker News: U.S. Charges WikiLeaks' Julian Assange With Violating Espionage Act ·         The Hacker News: Google Stored G Suite Users' Passwords in Plain-Text for 14 Years ·         BBC: Ethical Hackers Taking the Bugs to the Bank ·         c|net: Europe's GDPR has accomplished a lot in its infancy ·         Insurance Journal: Ransomware Attacks Skyrocketed in Q1: Beazley ·         Forbes: Why You Should Never Use Airport USB Charging Stations ·         ZDNet: Equifax rating outlook decimated over cybersecurity breach