SBS CyberSecurity - In The Wild 132

In The Wild - CyberSecurity Newsletter

Welcome to the 132nd issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Related image
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.
Image result for sbs cybersecurity twitter

[Blog] The Ransom of American Towns

SBS Educational Resources

Reports of yet another government entity being attacked by ransomware seem to appear in the news so often, it feels like reading the lyrics to Johnny Cash’s “I’ve Been Everywhere.” While the ransomware epidemic has targeted large metropolitan areas such as Atlanta (March 2018) and Baltimore (May 2019), smaller community infrastructures appear to be the latest lucrative sweet spot for cybercriminal activities.
Read Here »  

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

“Bluetana,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.
Read Here »  

23 Texas Local Governments Hit in "Coordinated Ransomware Attack"

ZDNet

Twenty-three local Texas governments have been infected with ransomware last week in what Texas officials have described as a coordinated attack. The attack took place on Friday morning, August 16, US time, when several smaller local Texas governments reported problems with accessing their data to the Texas Department of Information Resources (DIR). DIR officials did not publish a list of impacted local governments. On Friday, the agency couldn't provide an exact number of impacted entities, but a day later, DIR said the number is 23.
Read Here »  

7 Can’t-Miss Cybersecurity Lessons From Black Hat

Security Intelligence

As Black Hat USA and DEF CON 2019 draw to a close, the security industry continues to buzz over events from the annual Las Vegas security week. Black Hat and DEF CON sessions served up a shocking amount of internet of things (IoT) vulnerabilities and research on security best practices. Whether you were on the ground on the Las Vegas strip or unable to attend, the biggest stories from these conferences can offer important security takeaways for the enterprise. Here are seven can’t-miss cybersecurity lessons from Vegas security week.
Read Here »  
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


Why You Need Cybersecurity Chops In The Boardroom

Forbes

Cybersecurity is now a topic of discussion in every boardroom. A diligent director takes this risk, and their fiduciary duty around it, seriously. But the risk is complex and technical, and most boards don’t have a cybersecurity expert on the list of directors. So instead, many boards have fallen into the trap of over-reliance on audits and compliance as a determination for whether the company has done its due diligence in preventing a cyber breach. Here’s why this is a problem.
Read Here »  

I Shared My Phone Number. I Learned I Shouldn’t Have.

The New York Times

For most of our lives, we have been conditioned to share a piece of personal information without a moment’s hesitation: our phone number. We punch in our digits at the grocery store to get a member discount or at the pharmacy to pick up medication. When we sign up to use apps and websites, they often ask for our phone number to verify our identity. This column will encourage a new exercise. Before you hand over your number, ask yourself: Is it worth the risk?
Read Here »  

Hy-Vee Issues Warning to Customers After Discovering POS Breach

ZDNet

Supermarket chain Hy-Vee has published a warning to customers this week after staff discovered a security breach on some of its point-of-sale (PoS) systems. The company said that card transactions made at Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers) may have been recorded by hackers. "We believe the actions we have taken have stopped the unauthorized activity on our payment processing systems," a Hy-Vee spokesperson said.
Read Here »  

Uncomfortable Truths You Must Accept to Be Happy

Medium

Recently, I found myself stuck. You know the feeling. My attention was scattered. My energy was low. I was putting minimal effort into my work. But, as I have many times over the years, I returned to the advice a mentor gave me long ago: When you’re overwhelmed, confused, or lack drive, look for the hard truths you’re probably ignoring. Then, make a list. What do you know to be true but wish wasn’t? What do you want to change but know you have to accept?
Read Here »

Image result for sbs cybersecurity twitter

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:
*      KrebsonSecurity: SEC Investigating Data Leak at First American Financial Corp
*      Google Security Blog: New Research - Lessons from Password Checkup in action
*      Bleeping Computer: Decade-Long Bank Account Hacking Scheme Gets Fraudster 57 Months
*      Bleeping Computer: Microsoft Warns of Phishing Attacks Using Custom 404 Pages
*      The Hacker News: Cerberus - A New Android 'Banking Malware For Rent' Emerges
*      The Hacker News: 4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered
*      HelpNetSecurity: 3,813 breaches were reported through June 30, exposing over 4.1 billion records
*      CSO Online: Cybersecurity is a Team Sport
*      Forbes: Popular Windows Password Manager Flaws Revealed, Update Now Warning Issued
*      Forbes: Eight Ways To Encourage Cybersecurity Compliance Among Employees

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more