SBS CyberSecurity - In The Wild 141


SBS Newsletter header
 

In The Wild - CyberSecurity Newsletter

Welcome to the 141st issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Related image
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.
Image result for sbs cybersecurity twitter

[Blog] What Does the Average Financial Institution Spend on Cybersecurity?

SBS Educational Resources

Chief Information Security Officers (CISOs) have found themselves at a disadvantage when directors or executive peers challenge the cost of their organization’s cybersecurity spend, since little-to-no peer information is available. Bankers have often utilized regulatory call report information for peer analysis, measuring their institution’s financial performance compared to competitors. While call reports provide key financial performance indicators, detailed information related to cybersecurity and information technology budgets is not easily attained from available call report data.
Read Here »  

When Card Shops Play Dirty, Consumers Win

Krebs on Security

The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. This PIN explains these methods and offers mitigation strategies for organizations and entities using multi-factor authentication in their security efforts. Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks.
Read Here »  

The 10 Biggest Data Breaches of the 2010s

Business Insider

With a few months left in the decade, it's safe to say that the 2010s were the worst decade on record for hacks and data breaches. Of the 15 largest data breaches in history, 10 took place in the past decade. Each involved the theft of tens or hundreds of millions of records — such as login credentials, financial information, or personal data — adding up to nearly 4 billion records stolen in total over the past 10 years.
Read Here »  

The Untold Story of the 2018 Olympics Cyberattack

Wired

Just before 8 pm on February 9, 2018, high in the northeastern mountains of South Korea, Sang-jin Oh was sitting on a plastic chair a few dozen rows up from the floor of Pyeongchang's vast, pentagonal Olympic Stadium. The 2018 Winter Olympics opening ceremony was about to start. In the middle of the countdown, Oh's phone abruptly lit up. The message shared perhaps the worst possible news Oh could have received at that exact moment: Something was shutting down every domain controller in the Seoul data centers, the servers that formed the backbone of the Olympics' IT infrastructure.
Read Here »  
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


Don't install Windows 10 1809 October 15 update; breaks Defender ATP

ZDNet

Microsoft's second monthly cumulative update on October 15 for Windows 10 version 1809 contained only non-security fixes, but it may cause a security problem for organizations that rely on Windows Defender Advanced Threat Protection (ATP). Microsoft yesterday began advising organizations running Windows 10 version 1809 PCs and Windows Server 2019 against installing the update KB4520062.
Read Here »  

Millions of Amazon Echo and Kindle Devices Affected by WiFi Bug

Bleeping Computer

Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network. Using this attack, bad actors can decrypt packets sent by clients to steal sensitive information sent over plain text. While the WPA2 wireless connection of this network has been compromised by this attack, it is important to note that any encrypted traffic sent over the wireless network will still be protected from snooping.
Read Here »  

Large-Scale Credit Card Hackers Back for the Holiday Season

Yahoo! Finance

Notorious cybercrime group FIN7 appears to be back at work about a year after the FBI arrested three of its members, which dealt a major blow to the group’s activities. Between 2015 and the arrests in August 2018, FIN7 was responsible for a very advanced malware campaign that hit 100 companies in the hospitality industry, according to the FBI. Among the names that were publicly disclosed: Chipotle Mexican Grill (CMG), Chili’s (EAT), Arby’s, Red Robin (RRGB), Sonic, and Jason’s Deli.
Read Here »  

Never Apologize for Embracing These 5 Aspects of Your Life

Inc.com

There are very few people that don't struggle with work-life balance, at least to some extent. We all want to get better at it, but we don't want to make tradeoffs in productivity. And there's a vastly unhelpful by-product that oozes out of this tension. Guilt. As if it isn't hard enough to balance our efforts to find balance, we also have to deal with this agonizing emotion. Or do we?
Read Here »

Image result for sbs cybersecurity twitter

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:
*      Bleeping Computer: Attackers Hide Backdoors and Cryptominers in WAV Audio Files
*      Bleeping Computer: Microsoft 365 Authentication Outage, Users Unable to Login
*      The Hacker News: Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin ArrestedHas Finally Been Cracked
*      The Hacker News: Chrome for Android Enables Site Isolation Security Feature for All Sites with Login
*      CNBC: In a rare move, Moody’s says it’s paying close attention to Pitney Bowes ransomware attack
*      HelpNetSecurity: MSPs face increased risks and opportunities to rethink cybersecurity
*      The New York Times: Americans Will Pay a Price for State Privacy Laws
*      ZDNet: Zappos data breach settlement: users get 10% store discount, lawyers get $1.6m
*      BankInfoSecurity: Sodinokibi Ransomware Gang Appears to Be Making a Killing
*      threatpost: Major Airport Malware Attack Shines a Light on OT Security

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more