SBS CyberSecurity - In The Wild 141


SBS Newsletter header
 

In The Wild - CyberSecurity Newsletter

Welcome to the 141st issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Related image
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.
Image result for sbs cybersecurity twitter

[Blog] What Does the Average Financial Institution Spend on Cybersecurity?

SBS Educational Resources

Chief Information Security Officers (CISOs) have found themselves at a disadvantage when directors or executive peers challenge the cost of their organization’s cybersecurity spend, since little-to-no peer information is available. Bankers have often utilized regulatory call report information for peer analysis, measuring their institution’s financial performance compared to competitors. While call reports provide key financial performance indicators, detailed information related to cybersecurity and information technology budgets is not easily attained from available call report data.

When Card Shops Play Dirty, Consumers Win

Krebs on Security

The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. This PIN explains these methods and offers mitigation strategies for organizations and entities using multi-factor authentication in their security efforts. Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks.

The 10 Biggest Data Breaches of the 2010s

Business Insider

With a few months left in the decade, it's safe to say that the 2010s were the worst decade on record for hacks and data breaches. Of the 15 largest data breaches in history, 10 took place in the past decade. Each involved the theft of tens or hundreds of millions of records — such as login credentials, financial information, or personal data — adding up to nearly 4 billion records stolen in total over the past 10 years.

The Untold Story of the 2018 Olympics Cyberattack

Wired

Just before 8 pm on February 9, 2018, high in the northeastern mountains of South Korea, Sang-jin Oh was sitting on a plastic chair a few dozen rows up from the floor of Pyeongchang's vast, pentagonal Olympic Stadium. The 2018 Winter Olympics opening ceremony was about to start. In the middle of the countdown, Oh's phone abruptly lit up. The message shared perhaps the worst possible news Oh could have received at that exact moment: Something was shutting down every domain controller in the Seoul data centers, the servers that formed the backbone of the Olympics' IT infrastructure.
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


Don't install Windows 10 1809 October 15 update; breaks Defender ATP

ZDNet

Microsoft's second monthly cumulative update on October 15 for Windows 10 version 1809 contained only non-security fixes, but it may cause a security problem for organizations that rely on Windows Defender Advanced Threat Protection (ATP). Microsoft yesterday began advising organizations running Windows 10 version 1809 PCs and Windows Server 2019 against installing the update KB4520062.

Millions of Amazon Echo and Kindle Devices Affected by WiFi Bug

Bleeping Computer

Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network. Using this attack, bad actors can decrypt packets sent by clients to steal sensitive information sent over plain text. While the WPA2 wireless connection of this network has been compromised by this attack, it is important to note that any encrypted traffic sent over the wireless network will still be protected from snooping.

Large-Scale Credit Card Hackers Back for the Holiday Season

Yahoo! Finance

Notorious cybercrime group FIN7 appears to be back at work about a year after the FBI arrested three of its members, which dealt a major blow to the group’s activities. Between 2015 and the arrests in August 2018, FIN7 was responsible for a very advanced malware campaign that hit 100 companies in the hospitality industry, according to the FBI. Among the names that were publicly disclosed: Chipotle Mexican Grill (CMG), Chili’s (EAT), Arby’s, Red Robin (RRGB), Sonic, and Jason’s Deli.

Never Apologize for Embracing These 5 Aspects of Your Life

Inc.com

There are very few people that don't struggle with work-life balance, at least to some extent. We all want to get better at it, but we don't want to make tradeoffs in productivity. And there's a vastly unhelpful by-product that oozes out of this tension. Guilt. As if it isn't hard enough to balance our efforts to find balance, we also have to deal with this agonizing emotion. Or do we?

Image result for sbs cybersecurity twitter

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"