SBS CyberSecurity - In the Wild 159

 

 

In The Wild - CyberSecurity Newsletter

Welcome to the 159th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!
         
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.

[Blog]: How to Make the Most of Your Annual IT Audit

SBS Educational Resources

When you hear the term “bank robber,” a leather-clad outlaw with a burlap bag in one hand and a pistol in the other likely comes to mind. However, modern bank robbers have evolved past Butch Cassidy and the Sundance Kid–style hold-ups. Instead of weapons and a get-away car, all they need is an understanding of computer network systems and a few stolen passwords to infiltrate a bank’s database and steal money.

cid:image007.jpg@01D5D46F.318DE9A0

Hackers Were Inside Citrix for Five Months

Krebs on Security

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

The Hacker News

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) earlier today issued a warning to all industries operating critical infrastructures about a new ransomware threat that if left unaddressed could have severe consequences. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company's internal network, encrypting critical data and knocking servers out of operation for almost two days.

Ransomware Damage Hit $11.5B in 2019

Dark Reading

No one questions that a ransomware attack is a bad thing. But a new report doesn't just confirm that these encryption assaults are bad, it also quantifies the $11.5 billion in damage that ransomware did in 2019 alone. As a result of the targeted attacks' success, the average cost of a ransomware attack in 2019 was estimated at $141,000, up from $46,800 one year earlier. Sodinokibi, which appeared in the wild concurrently with the end of the GandCrab network, was the leading ransomware version of 2019, responsible for attacks such as the one that hit 22 municipalities.

Do you know which SBS Institute Certification Programs are coming up? Be sure to check out the Certification Calendar. Find Out Here! »

The Business of Cybersecurity Starts at Home

CPO Magazine

Anyone who’s worked in cybersecurity for longer than a few minutes has gotten the question: “you’re in cybersecurity … what should I do to protect myself?” There’s no shortage of frameworks, advice and “best practices” out there. Even so, tales of security breaches and stolen customer data dot the headlines every day. Yet I still hear about people and organizations doing nothing about security. It’s unfortunate for businesses and their employees. So why can’t we “do” cybersecurity better?

FBI Recommends Passphrases Over Password Complexity

ZDNet

For more than a decade now, security experts have had discussions about what's the best way of choosing passwords for online accounts. There's one camp that argues for password complexity by adding numbers, uppercase letters, and special characters, and then there's the other camp, arguing for password length by making passwords longer. This week, in its weekly tech advice column known as Tech Tuesday, the FBI Portland office positioned itself on the side of longer passwords.

Ring Makes 2-Factor Authentication Mandatory Following Recent Hacks

The Hacker News

Smart doorbells and cameras bring a great sense of security to your home, especially when you're away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine. Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users.

Will You Choose Alive Time or Dead Time?

Medium - Human Parts

I was frustrated. After I ran into a brick wall multiple times, it was like learned helplessness. What could I do? What was the point? I decided to just sit there and collect my checks while I waited for my contract to end. Then I remembered a piece of advice I had gotten from the author Robert Greene many years earlier. He told me there are two types of time: alive time and dead time. One is when you sit around, when you wait until things happen to you. The other is when you are in control, when you make every second count, when you are learning and improving and growing.

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"