SBS CyberSecurity - In The Wild 156

SBS Newsletter header
 


In The Wild - CyberSecurity Newsletter

Welcome to the 156th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Related image
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.

[Blog]: IT Strategic Planning: Meaningful Exercise or Check Mark on Compliance?

SBS Educational Resources

IT Strategic Planning. It’s been known to illicit cringes from those responsible for its development. Like many things ISP-related, most organizations document an IT Strategic Plan because they have to, not because it’s valuable. Creating a 3-5-year IT project list does not constitute an IT Strategic Plan. Many times has a Director or senior executive come back from a conference and said “let’s do this now!” instead of aligning that project with a true strategic plan.
Read Here »  

cid:image007.jpg@01D5D46F.318DE9A0

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

Krebs on Security

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday, Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview with the two accused (featured below).
Read Here »  

Coronavirus Phishing Attacks Are Actively Targeting the US

Bleeping Computer

Ongoing phishing campaigns use the recent coronavirus outbreak as bait in attacks targeting individuals from the United States and the United Kingdom, impersonating the US CDC and virologists, warning of new infection cases in their area, and providing 'safety measures.' The global scale health crisis triggered by infections with the new 2019 novel coronavirus (also known as 2019-nCOV and Wuhan coronavirus) is exploited by the attackers for their own malicious purposes.
Read Here »  

Iranian Hackers Target U.S. Gov. Vendor With Malware

threatpost

Iran-linked threat actor APT34 has been observed sending targeted, malicious email attachments to customers and employees of a company that works closely with U.S. government agencies. The company in question is U.S.-based Westat, a professional services company that provides research services to U.S. state and local governments, as well as more than 80 federal agencies. Researchers at Intezer uncovered the campaign after detecting a malicious file in January (called survey.xls), purporting to be an employee satisfaction survey for Westat employees and customers.
Read Here »  

Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »

Cybersecurity Isn't Infrastructure? 'Like hell it isn't' Warned New Orleans Mayor

State Scoop

Municipal workers in New Orleans discovered on Dec. 13 that their computer systems had been rendered inoperable by a virus demanding payment, making the city yet another victim of the global ransomware scourge that’s pestered state and local governments for the last several years. Recovery from the attack, which has since been attributed to the Ryuk strain of malware, has already cost New Orleans $7.2 million, and officials expect that figure to climb much higher by the time their devices and networks are fully restored.
Read Here »  

Avast Shuts Down Jumpshot After Getting Caught Selling User's Data

Bleeping Computer

Avast has announced that they are shutting down their Jumpshot subsidiary that was selling user data collected by Avast's antivirus software products. In a joint investigation by PCMag and Motherboard, we learned this week that Avast has been collecting user data through their antivirus products and then repackaging it and selling it to other companies through a subsidiary called Jumpshot. This web browsing data could include Google searches, what videos are watched, what sites are visited, and what files are downloaded.
Read Here »  

Severe ‘Perfect 10.0’ Microsoft Flaw Confirmed: ‘This Is A Cloud Security Nightmare’

Forbes

‘This is a cloud security nightmare,” Check Point’s Yaniv Balmas tells me. “It undermines the concept of cloud security. You can’t prevent it; you can’t protect yourself. The only one who can is the cloud provider.” In this case, that’s Microsoft, provider of the hyper-scale Azure. Check Point is on a roll—a string of disclosures for vulnerabilities detected and disclosed in recent months. We’ve had WhatsApp, TikTok and Zoom. Now it’s Microsoft’s turn. “We thought it would be good to find weak points in the integrated security in the cloud,” Balmas explains. “We chose Azure as our target.”
Read Here »  

The New Manager’s Guide to Performance Management

Medium

If you recently became a manager, you know how hard it is to evaluate and improve the performance of your team. Thankfully, many other managers have faced the same problem, which means you can learn from their mistakes to speed up your learning curve. As someone who has had the opportunity to manage teams of 12, 50, and 160 people at various points in my career, I’ve made enough mistakes for both of us. In this article, I’ve attempted to distill what I’ve learned in the past ten years about performance management.
Read Here »

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:
*      Krebs on Security: Sprint Exposed Customer Support Site to Web
*      Bleeping Computer: Microsoft Launches Xbox Bounty Program With $20K Maximum Payout
*      The Hacker News: Hackers Put 30 Million Stolen Payment Card Details from Wawa Breach for Sale
*      The Hacker News: New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave
*      ZDNet: Raytheon engineer arrested for taking US missile defense data to China
*      ZDNet: Google open-sources the firmware needed to build hardware security keys
*      Electronic Frontier Foundation: Ring Doorbell App Packed with Third-Party Trackers
*      TechRepublic: 97 of the world's 100 largest airports have massive cybersecurity risks
*      MarketWatch: Proofpoint's State of the Phish Report Stresses the Need for User Training and Email Reporting
*      The Next Web: How to use Facebook’s ‘Off-Facebook Activity’ tool

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more