SBS CyberSecurity - In The Wild 156

SBS Newsletter header
 


In The Wild - CyberSecurity Newsletter

Welcome to the 156th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Related image
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.

[Blog]: IT Strategic Planning: Meaningful Exercise or Check Mark on Compliance?

SBS Educational Resources

IT Strategic Planning. It’s been known to illicit cringes from those responsible for its development. Like many things ISP-related, most organizations document an IT Strategic Plan because they have to, not because it’s valuable. Creating a 3-5-year IT project list does not constitute an IT Strategic Plan. Many times has a Director or senior executive come back from a conference and said “let’s do this now!” instead of aligning that project with a true strategic plan.

cid:image007.jpg@01D5D46F.318DE9A0

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

Krebs on Security

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday, Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview with the two accused (featured below).

Coronavirus Phishing Attacks Are Actively Targeting the US

Bleeping Computer

Ongoing phishing campaigns use the recent coronavirus outbreak as bait in attacks targeting individuals from the United States and the United Kingdom, impersonating the US CDC and virologists, warning of new infection cases in their area, and providing 'safety measures.' The global scale health crisis triggered by infections with the new 2019 novel coronavirus (also known as 2019-nCOV and Wuhan coronavirus) is exploited by the attackers for their own malicious purposes.

Iranian Hackers Target U.S. Gov. Vendor With Malware

threatpost

Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S. government agencies. The company in question is U.S.-based Westat, a professional services company that provides research services to U.S. state and local governments, as well as more than 80 federal agencies. Researchers at Intezer uncovered the campaign after detecting a malicious file in January (called survey.xls), purporting to be an employee satisfaction survey for Westat employees and customers.

Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »

Cybersecurity Isn't Infrastructure? 'Like hell it isn't' Warned New Orleans Mayor

State Scoop

Municipal workers in New Orleans discovered on Dec. 13 that their computer systems had been rendered inoperable by a virus demanding payment, making the city yet another victim of the global ransomware scourge that’s pestered state and local governments for the last several years. Recovery from the attack, which has since been attributed to the Ryuk strain of malware, has already cost New Orleans $7.2 million, and officials expect that figure to climb much higher by the time their devices and networks are fully restored.

Avast Shuts Down Jumpshot After Getting Caught Selling User's Data

Bleeping Computer

Avast has announced that they are shutting down their Jumpshot subsidiary that was selling user data collected by Avast's antivirus software products. In a joint investigation by PCMag and Motherboard, we learned this week that Avast has been collecting user data through their antivirus products and then repackaging it and selling it to other companies through a subsidiary called Jumpshot. This web browsing data could include Google searches, what videos are watched, what sites are visited, and what files are downloaded.

Severe ‘Perfect 10.0’ Microsoft Flaw Confirmed: ‘This Is A Cloud Security Nightmare’

Forbes

‘This is a cloud security nightmare,” Check Point’s Yaniv Balmas tells me. “It undermines the concept of cloud security. You can’t prevent it; you can’t protect yourself. The only one who can is the cloud provider.” In this case, that’s Microsoft, provider of the hyper-scale Azure. Check Point is on a roll—a string of disclosures for vulnerabilities detected and disclosed in recent months. We’ve had WhatsApp, TikTok and Zoom. Now it’s Microsoft’s turn. “We thought it would be good to find weak points in the integrated security in the cloud,” Balmas explains. “We chose Azure as our target.”

The New Manager’s Guide to Performance Management

Medium

If you recently became a manager, you know how hard it is to evaluate and improve the performance of your team. Thankfully, many other managers have faced the same problem, which means you can learn from their mistakes to speed up your learning curve. As someone who has had the opportunity to manage teams of 12, 50, and 160 people at various points in my career, I’ve made enough mistakes for both of us. In this article, I’ve attempted to distill what I’ve learned in the past ten years about performance management.

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"