SBS CyberSecurity - In The Wild 145

 

In The Wild - CyberSecurity Newsletter Welcome to the 145th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [Hacker Hour] Active Directory Tiering SBS Educational Resources Servers and domain-administrator user accounts are some of our most critical assets to secure on your network. Through Active Directory (AD) tiering and the use of Privileged Access Workstations, organizations can create a network where access is allowed on an “as-needed” basis. Join us and learn more about what AD tiering is, how separating critical and non-critical assets through Active Directory can protect information, and how, when coupled with other controls, it can help secure your network from a wide array of threats. Read Here »   Cybersecurity Remains Top Concern for Middle Market Companies TechRepublic Looking ahead at the next 12 months, middle market companies are most concerned with their cybersecurity strength. As businesses become more digital, these organizations believe security risks will increase in the next year, a Chubb and National Center for the Middle Market (NCMM) report found. "The middle market is low hanging fruit for attackers," said Brad LaPorte, senior director analyst of end security and threat intelligence at Gartner. "They often do not have the budget, skillset, or ability to implement proper security best practices." Read Here »   Cybersecurity Is An Asset, Not A Nuisance Forbes We just celebrated National Cybersecurity Awareness Month, but perhaps we should rename it Cybersecurity Action Month. While most businesses know cybersecurity is important, many fall short when it comes to implementing security initiatives — even when there’s knowledge staring them in the face. According to a recent survey from Ponemon Institute, only 42% of respondents have a high level of confidence in their organization’s ability to handle IT security risks. Read Here »   5 Cybersecurity CISO Priorities for the Future Dark Reading Many chief information security officers view their responsibilities through the National Institute of Standards and Technology's (NIST) model of Identify, Protect, Detect, Respond, and Recover. There's been a focus on detecting and responding to endpoint threats over the past few years, yet new priorities are arising: migration to the cloud, new heterogeneous devices, and custom applications, all of which have greatly expanded attack surfaces. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Hospital Malware Attacks are Rising, and the Problem is Getting Worse ZDNet Trojan malware attacks targeting hospitals and the healthcare industry have risen significantly over the course of this year as hackers increasingly look to exploit a sector that is often viewed as an easy target by those with the aim of stealing sensitive personal data. Figures in The State of Healthcare Cybersecurity report from Malwarebytes state there's already been a 60% increase in trojan malware detections in the first nine months of 2019 compared with the entirety of 2018. The rise has been particularly significant in the third quarter of this year, with an 82% increase in detections when compared with the previous quarter. Read Here »   How a Turf War and a Botched Contract Landed 2 Pentesters in Jail ars technica In the early hours of September 11, a dispatcher with the sheriff’s department in Dallas County, Iowa, spotted something alarming on a surveillance camera in the county courthouse. Two men who had tripped an alarm after popping open a locked door were wandering through courtrooms on the third floor, she reported over the radio as deputies raced to the scene. The intruders wore backpacks and were crouching down next to judges’ benches. When the first deputy pulled into the parking lot, the men moved to an open area outside the courtrooms and concealed themselves. Read Here »   Two Arrested for Stealing $550K in Cryptocurrency Using Sim Swapping The Hacker News It appears that at least the United States has started taking the threat of Sim Swapping attacks very seriously. Starting with the country's first-ever conviction for 'SIM Swapping' this February, U.S. Department of Justice has since then announced charges against several individuals for involving in the scheme to siphon millions of dollars in cryptocurrency from victims. In the latest incident, the U.S. authorities on Thursday arrested two more alleged cybercriminals from Massachusetts, charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping between November 2015 and May 2018. Read Here »   10 Communication Patterns Used by Great Leaders Medium - Dave Bailey The skill of bringing others along with you, managing difficult situations, and expressing yourself clearly can take a lifetime to master. Communication goes far beyond ‘choosing the right words.’ It involves understanding your audience, actively listening, and being able to empathize with people. It also requires good facilitation skills, the ability to control your body language, and a lot of intuition too. But clearly, word choice is critically important. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       Krebs on Security: Orcus RAT Author Charged in Malware Scheme       Bleeping Computer: US Govt Recommends Vendor System Configs To Block Malware Attacks       Bleeping Computer: Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign       The Hacker News: New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks       Newsweek: The Time to Tackle Cybersecurity in Self-Driving Cars is Now       ars technica: Breach affecting 1 million was caught only after hacker maxed out target’s storage       ars technica: Why more than 168,000 Valentine’s day text messages arrived in November       ZDNet: Thousands of hacked Disney+ accounts are already for sale on hacking forums       ZDNet: Google to US Android users: We're giving you RCS messaging – here's why it's better       CPO: Cybersecurity Workforce Shortage Continues to Grow