SBS CyberSecurity - In the Wild Vol 128


 
 

In The Wild - CyberSecurity Newsletter

Welcome to the 128th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.

[Press Release] SBS Dedication Continues to Support Women in Cybersecurity

SBS Educational Resources

Aaron Gamewell, president, CEO, and managing partner of SBS CyberSecurity, LLC, announced on June 26 that the cybersecurity consulting and audit firm has pledged $20,000 to help send 20 female Dakota State University students to the national 2020 Women in Cyber Security (WiCyS, pronounced wee-sis) Conference. This doubles what the company sponsored for the 2019 conference.
Read Here »  

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

Krebs on Security

Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.
Read Here »  

How Cyber Weapons are Changing the Landscape of Modern Warfare

The New Yorker

On June 20th, hours after a Global Hawk surveillance drone, costing more than a hundred million dollars, was destroyed over the Strait of Hormuz by an Iranian surface-to-air missile, the United States launched a cyberattack aimed at disabling Iran’s maritime operations. Then, in a notable departure from previous Administrations’ policies, U.S. government officials, through leaks that appear to have been strategic, alerted the world, in broad terms, to what the Americans had done.
Read Here »  

An Entire Nation Just Got Hacked

CNN

Asen Genov is pretty furious. His personal data was made public this week after records of more than 5 million Bulgarians got stolen by hackers from the country's tax revenue office. In a country of just 7 million people, the scale of the hack means that just about every working adult has been affected. "We should all be angry. The information is now freely available to anyone," said Genov, a blogger and political analyst. He knows his data was compromised because, though he's not an IT expert, he managed to find the stolen files online.
Read Here »  
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


FaceApp Shows We Care About Privacy but Don’t Understand It

The New York Times

FaceApp, a mobile face-editing application, has all the necessary components for a viral privacy scandal: a catchy concept, celebrity users, a mysterious company and a stampede of public interest. Here’s the rundown of FaceApp’s 15 minutes of fame: A viral app lets us see what we might look like as a wrinkle-laden 75-year-old. Users click “yes” on the terms of service without looking, and start snapping and uploading pictures. Inevitably, just as the app reaches cultural saturation (LeBron James is doing it!), the privacy advocates, scolds, and even the conspiracy theorists come out to play buzzkill.
Read Here »  

Synthetic Identity Theft is the Fastest Growing Financial Crime in the US

cyber scoop

A new kind of identity theft that combines stolen personal data with fabricated information is on the rise, and it’s helping more digital thieves ruin Americans’ credit without fear of detection, according to a new white paper from the U.S. Federal Reserve. Known as “synthetic identity theft,” the tactic is distinct from traditional forms of identity fraud. Instead of stealing a person’s name, Social Security number and opening lines of credit, thieves combine a fake name and other fictional personal data such as a date of birth with a true Social Security number.
Read Here »  

BEC Scams Average $301 Million Per Month In Illegal Transfers

Bleeping Computer

The frequency of business email compromise (BEC) scams has increased year over year, and so did the value of attempted thefts, reaching a monthly average of more than $300 million. The number is drawn from the suspicious activity reports (SARs) received every month since 2016, which increased from 500 to more than 1,100 in 2018.
Read Here »  

7 Things All Successful Managers Do to Inspire Their Employees

Inc.com

Of all the competencies that we value in leaders, it is the ability to inspire and be inspirational that rises to the top for me. To some this is natural, to others, it is learned and practiced. To me, this is a requirement for leaders - people want to work for people they know, like, and trust. In short, people want to follow people that they can believe in - and are inspired by.
Read Here »

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:
      KrebsonSecurity: Is ‘REvil’ the New GandCrab Ransomware?
      The Hacker News: Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu
      Bleeping Computer: Ransomware Attacks Grow Rampant, Paying Still Not a Good Option
      Bleeping Computer: Mozilla Firefox Tor Mode Likely to Start as a Browser Addon
      Bleeping Computer: Fake Office 365 Site Pushes Trickbot Trojan as Browser Update
      ZDNet: Hackers breach 62 US colleges by exploiting ERP vulnerability
      Homeland Security Today: Audit Adds 14 More Deficiencies to IRS’ Cybersecurity Woes
      c|net: Equifax will pay $700 million for data breach, report says
      AP Exclusive: New election systems use vulnerable software
      The Washington Post: Goodbye, Chrome - Google’s Web browser has become spy software

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

US-CERT - SB18-169: Vulnerability Summary for the Week of June 11, 2018

Original release date: June 18, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity
Read more