SBS CyberSecurity - In The Wild 133

In The Wild - CyberSecurity Newsletter Welcome to the 133rd issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. How the Cyber Kill Chain Can Help You Protect Against Attacks SBS Educational Resources If you’ve been involved in cybersecurity for any period of time, you’ve likely heard of the concept of defense in depth security strategies. The general idea behind defense in depth is that there is no ‘silver bullet’ security measure that can fully protect our networks, so we seek to deploy a series of administrative, technical, and physical security controls that work in concert to make our security posture acceptable. Read Here »

	Forced Password Reset? Check Your Assumptions Krebs on Security Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site’s efforts to identify customers who are reusing passwords from other sites that have already been hacked. Read Here »
	Hackers Actively Trying to Steal Passwords from 2 Widely Used VPNs ars technica Hackers are actively unleashing attacks that attempt to steal encryption keys, passwords, and other sensitive data from servers that have failed to apply critical fixes for two widely used virtual private network (VPN) products, researchers said. The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters, researchers at the Black Hat security conference in Las Vegas said earlier this month. Read Here »
	The WIRED Guide to Cyberwar Wired Not so long ago, stories about cyberwar started with scary hypotheticals: What if state-sponsored hackers were to launch widespread attacks that blacked out entire cities? Crippled banks and froze ATMs across a country? Shut down shipping firms, oil refineries, and factories? Paralyzed airports and hospitals? Today, these scenarios are no longer hypotheticals: Every one of those events has now actually occurred. Incident by catastrophic incident, cyberwar has left the pages of overblown science fiction and the tabletops of Pentagon war games to become a reality. Read Here »

Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »

	14 Simple Strategies For Consumers To Avoid Cybercrime Forbes In the past, many consumers considered that only businesses would be at risk of cybercrime. However, today's cybercriminals target both businesses and individuals without restraint. Each time you log on to the internet or use some form of connected banking, you are exposing yourself to potential cybercrime. So how can an individual defend against the ever-present threat of cybercrime? What dos and don’ts should consumers follow every time they go online? Read Here »
	I Visited 47 Sites. Hundreds of Trackers Followed Me The New York Times Earlier this year, an editor working on The Times’s Privacy Project asked me whether I’d be interested in having all my digital activity tracked, examined in meticulous detail and then published — you know, for journalism. “Hahaha,” I said, and then I think I made an “at least buy me dinner first” joke, but it turned out he was serious. What could I say? I’m new here, I like to help, and, conveniently, I have nothing whatsoever at all to hide. Read Here »
	Firewall Best Practices to Protect Against Ransomware Sophos News Ransomware has recently vaulted to the top of the news again, as devastating attacks continue to impact government, education and business operations in many jurisdictions, particularly in the United States. The most famous network vulnerability exploited in a ransomware attack was EternalBlue a couple of years ago. But since then, new vulnerabilities like BlueKeep have been discovered (and patches made available), but there are still many networks out there that are vulnerable. Read Here »
	How to Hire and Retain More Cybersecurity Professionals BizTech For all the difficulties that modern threat actors throw at them, IT security leaders’ biggest challenge may be a simple human one: how to hire and retain enough qualified professionals to maintain secure networks. According to the 2017 Global Information Security Workforce Study, two-thirds of organizations said they lack the number of cybersecurity professionals needed for today’s threat climate. By another estimate, 74 percent of organizations say the cybersecurity skills shortage has impacted them to some degree. Read Here »

10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       KrebsonSecurity: Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards       KrebsonSecurity: The Rise of “Bulletproof” Residential Networks       Bleeping Computer: Instagram Phishing Emails Use Fake Login Warning Baits       Bleeping Computer: IRS Warns Taxpayers of New Scam Campaign Distributing Malware       Bleeping Computer: Google Chrome to Warn If Logins Are Found in a Data Breach       The Hacker News: Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics       TechCrunch: Web host Hostinger says data breach may affect 14 million customers       CNN: Americans lost $143 million in online romance scams last year. That's way more than any other reported fraud       NPR: Feds Charge 80 People Over Massive Online Fraud Conspiracy       HelpNetSecurity: Should you block newly registered domains? Researchers say yes