|
In The Wild - CyberSecurity Newsletter
Welcome to the 156th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that
are relevant, new and updated guidance, and other information you may find helpful.
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants,
others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.
|
|
IT Strategic Planning. It’s been known to illicit cringes from those responsible for its development. Like many things ISP-related, most organizations document an IT Strategic Plan
because they have to, not because it’s valuable. Creating a 3-5-year IT project list does not constitute an IT Strategic Plan. Many times has a Director or senior executive come back from a conference and said “let’s do this now!” instead of aligning that
project with a true strategic plan.
|
|
|
|
On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an
Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday, Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview
with the two accused (featured below).
|
|
|
Ongoing phishing campaigns use the recent coronavirus outbreak as bait in attacks targeting individuals from the United States and the United Kingdom, impersonating the US CDC and virologists, warning of new
infection cases in their area, and providing 'safety measures.' The global scale health crisis triggered by infections with the new 2019 novel coronavirus (also known as 2019-nCOV and Wuhan coronavirus) is exploited by the attackers for their own malicious
purposes.
|
|
|
Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S. government agencies. The company in question
is U.S.-based Westat, a professional services company that provides research services to U.S. state and local governments, as well as more than 80 federal agencies. Researchers at Intezer uncovered the campaign after detecting a malicious file in January (called
survey.xls), purporting to be an employee satisfaction survey for Westat employees and customers.
|
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients.
Find Out Here! »
|
|
|
Municipal workers in New Orleans discovered on Dec. 13 that their computer systems had been rendered inoperable by a virus demanding payment, making the city yet another victim of the global ransomware scourge
that’s pestered state and local governments for the last several years. Recovery from the attack, which has since been attributed to the Ryuk strain of malware, has already cost New Orleans $7.2 million, and officials expect that figure to climb much higher
by the time their devices and networks are fully restored.
|
|
|
Avast has announced that they are shutting down their Jumpshot subsidiary that was selling user data collected by Avast's antivirus software products. In a joint investigation by PCMag and Motherboard, we learned
this week that Avast has been collecting user data through their antivirus products and then repackaging it and selling it to other companies through a subsidiary called Jumpshot. This web browsing data could include Google searches, what videos are watched,
what sites are visited, and what files are downloaded.
|
|
|
‘This is a cloud security nightmare,” Check Point’s Yaniv Balmas tells me. “It undermines the concept of cloud security. You can’t prevent it; you can’t protect yourself. The only one who can is the cloud provider.”
In this case, that’s Microsoft, provider of the hyper-scale Azure. Check Point is on a roll—a string of disclosures for vulnerabilities detected and disclosed in recent months. We’ve had WhatsApp, TikTok and Zoom. Now it’s Microsoft’s turn. “We thought it
would be good to find weak points in the integrated security in the cloud,” Balmas explains. “We chose Azure as our target.”
|
|
|
If you recently became a manager, you know how hard it is to evaluate and improve the performance of your team. Thankfully, many other managers have faced the same problem, which means you can learn from their
mistakes to speed up your learning curve. As someone who has had the opportunity to manage teams of 12, 50, and 160 people at various points in my career, I’ve made enough mistakes for both of us. In this article, I’ve attempted to distill what I’ve learned
in the past ten years about performance management.
|
|
|
10 Other Interesting Links From This Week
There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:
|
|
Comments
Post a Comment