SBS CyberSecurity - In the Wild 159

 

In The Wild - CyberSecurity Newsletter Welcome to the 159th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [Blog]: How to Make the Most of Your Annual IT Audit SBS Educational Resources When you hear the term “bank robber,” a leather-clad outlaw with a burlap bag in one hand and a pistol in the other likely comes to mind. However, modern bank robbers have evolved past Butch Cassidy and the Sundance Kid–style hold-ups. Instead of weapons and a get-away car, all they need is an understanding of computer network systems and a few stolen passwords to infiltrate a bank’s database and steal money. Read Here »   Hackers Were Inside Citrix for Five Months Krebs on Security Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. Read Here »   US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility The Hacker News The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days. Read Here »   Ransomware Damage Hit $11.5B in 2019 Dark Reading No one questions that a ransomware attack is a bad thing. But a new report doesn't just confirm that these encryption assaults are bad, it also quantifies the $11.5 billion in damage that ransomware did in 2019 alone. As a result of the targeted attacks' success, the average cost of a ransomware attack in 2019 was estimated at $141,000, up from $46,800 one year earlier. Sodinokibi, which appeared in the wild concurrently with the end of the GandCrab network, was the leading ransomware version of 2019, responsible for attacks such as the one that hit 22 municipalities. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Be sure to check out the Certification Calendar. Find Out Here! » The Business of Cybersecurity Starts at Home CPO Magazine Anyone who’s worked in cybersecurity for longer than a few minutes has gotten the question: “you’re in cybersecurity … what should I do to protect myself?” There’s no shortage of frameworks, advice and “best practices” out there. Even so, tales of security breaches and stolen customer data dot the headlines every day. Yet I still hear about people and organizations doing nothing about security. It’s unfortunate for businesses and their employees. So why can’t we “do” cybersecurity better? Read Here »   FBI Recommends Passphrases Over Password Complexity ZDNet For more than a decade now, security experts have had discussions about what's the best way of choosing passwords for online accounts. There's one camp that argues for password complexity by adding numbers, uppercase letters, and special characters, and then there's the other camp, arguing for password length by making passwords longer. This week, in its weekly tech advice column known as Tech Tuesday, the FBI Portland office positioned itself on the side of longer passwords. Read Here »   Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks The Hacker News Smart doorbells and cameras bring a great sense of security to your home, especially when you're away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine. Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Read Here »   Will You Choose Alive Time or Dead Time? Medium - Human Parts I was frustrated. After I ran into a brick wall multiple times, it was like learned helplessness. What could I do? What was the point? I decided to just sit there and collect my checks while I waited for my contract to end. Then I remembered a piece of advice I had gotten from the author Robert Greene many years earlier. He told me there are two types of time: alive time and dead time. One is when you sit around, when you wait until things happen to you. The other is when you are in control, when you make every second count, when you are learning and improving and growing. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       SBS CyberSecurity: Five Named as SBS/Gamewell Family Scholars       Krebs on Security: Encoding Stolen Credit Card Data on Barcodes       Bleeping Computer: Windows 10 Gets Temp Fix for Critical Security Vulnerability       ZDNet: Details of 10.6 million MGM hotel guests posted on a hacking forum       ZDNet: Adobe releases out-of-band patch for critical code execution vulnerabilities       CISO Mag: One in Three SMBs Rely on Free Cybersecurity Tools or Nothing       USA Today: How Chinese military hackers allegedly pulled off the Equifax data breach       threatpost: Cybergang Favors G Suite and Physical Checks For BEC Attacks       CPO Magazine: DoD Now Requires Defense Contractors to Obtain Cybersecurity Certification; How Difficult Will It Be?       CPO Magazine: Cyber Attack Statistics You Need to Know