SBS CyberSecurity - In The Wild 148


SBS Newsletter header
 

In The Wild - CyberSecurity Newsletter

Welcome to the 148th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Related image
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.

[Hacker Hour] Managing MSP and MSSP Relationships

SBS Educational Resources

Earlier this year the Department of Homeland Security issued a warning about the growing number of cyber attacks targeted at managed service providers (MSP) and other IT services providers. Criminals target MSPs because they can get more bang for their buck. By breaching a single MSP system they can potentially gain access to all of the networks the MSP services.  
Join SBS as we discuss the benefits and risks associated with MSP and MSSP relationships.  We will highlight specific steps to take to understand and mitigate risk with your MSP relationships.  We will also walk through what to look for when selecting a new MSP.
Read Here »  

cid:image007.jpg@01D58D06.CBCBD0F0

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Krebs on Security

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services — including network security, data backup and voice-over-IP phone service.
Read Here »  

Ransomware Attack Hits Major US Data Center Provider

ZDNet

CyrusOne, one of the biggest data center providers in the US, has suffered a ransomware attack, ZDNet has learned. In an email after this article's publication, a CyrusOne spokesperson confirmed the incident and said they are currently working with law enforcement and forensics firms to investigate the attack and help customers restore systems impacted systems. "Six of our managed service customers, located primarily in our New York data center, have experienced availability issues due to a ransomware program encrypting certain devices in their network," CyrusOne told ZDNet.
Read Here »  

HackerOne Awards $20K Bug Bounty for Its Own Platform

ZDNet

HackerOne has awarded $20,000 to a researcher that disclosed a way to access private bug reports on the platform. The irony cannot be lost on the bug bounty as HackerOne is used by a variety of companies, large and small, to tap into a pool of cybersecurity researchers and enthusiasts to find and responsibly disclose vulnerabilities. Disclosed privately by a bug bounty hunter that goes under the handle haxta4ok on November 24, the hacker revealed they were able to access a security analyst's HackerOne account.
Read Here »  

Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


The Worst Hacks, Cyberattacks, and Data Breaches of 2019

ZDNet

The blight of cyberattacks, criminal hacking groups, and data breaches is not going away anytime soon. For the past few years, there has been a constant stream of data breaches that have hit the headlines, ranging from the theft of medical information, account credentials, corporate emails, and internal sensitive enterprise data. Below, we take a look at the most interesting and largest data breaches, hacks, and cyberattacks that have taken place over 2019.
Read Here »  

FBI Recommends Securing Your Smart TVs and IoT Devices

Bleeping Computer

The U.S. Federal Bureau of Investigation (FBI) recommends making sure that Internet of Things (IoT) devices and smart TVs in your home are properly configured to protect them and your other devices from potential attackers. FBI's recommendations come after a long stream of malicious campaigns targeting such devices that usually are unsecured, to either add them to large botnets or use them as a stepping stone in multi-stage attacks aiming for other devices like smartphones and personal computers.
Read Here »  

Microsoft Found 44M Accounts Using Breached Passwords

PC Magazine

Microsoft has discovered 44 million user accounts are using usernames and passwords that have been leaked through security breaches. The vulnerable account logins were discovered when Microsoft's threat research team carried out a scan of all Microsoft accounts between January and March this year. The accounts were compared to a database of over three billion sets of leaked credentials and resulted in 44 million matches.
Read Here »  

33 Things Successful Leaders Have Given Up

Medium

Here’s an article you might not expect. The advice here is harsh and it will help you understand leadership and the traps that exist. I’ve met a few leaders during my time who try so hard and then never seem to get anywhere. They scratch their heads wondering why. Let’s look at those successful leaders we all admire and what they *don’t* do. What these leaders don’t do says more than what they actually do. Leadership is a privilege and it’s time all of us divorce the bad leaders so that the true leaders can rise up.
Read Here »

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:
*      Krebs on Security: Apple Explains Mysterious iPhone 11 Location Requests
*      Bleeping Computer: BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets
*      Bleeping Computer: Microsoft to Make Office 365 Encrypted Emails Look Less Spammy
*      The Hacker News: FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware
*      The Hacker News: ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector
*      The Hacker News: Europol Shuts Down Over 30,500 Piracy Websites in Global Operation
*      threatpost: ‘Ultimate’ MiTM Attack Steals $1M from Israeli Startup
*      salon: Russian-owned company caught trying to hack Ohio voting systems on Election Day
*      ZDNet: A decade of hacking: The most notable cyber-security events of the 2010s
*      CSO: What is cybersecurity? Definition, frameworks, jobs, and salaries

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more