SBS CyberSecurity - In The Wild 166

In The Wild - CyberSecurity Newsletter Welcome to the 166th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evolving cybersecurity threats and what your bank should do to build a strong Information Security Program that helps protect against these threats. We will identify components of a comprehensive Information Security Program that enables successful IT Examinations and minimizes your risk against real-world threats. This seminar will walk you through various FFIEC, FDIC, and OCC resources, as well as other industry best practices.  We will also review some timely hot-stove topics, including Pandemic Preparedness, Managed Service Providers, and creating a Culture of Security at your institution. Read Here »   New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments Krebs on Security The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return. The question is, will those non-filers have a chance to claim their payments before fraudsters do? Read Here »   Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know The Hacker News Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal. The app has skyrocketed to 200 million daily users from an average of 10 million in December — along with a 535 percent increase in daily traffic to its download page in the last month — but it's also seen a massive uptick in Zoom's problems, all of which stem from sloppy design practices and security implementations. Read Here »   FBI Anticipates Rise in COVID-19 Pandemic BEC Schemes FBI.gov Fraudsters will take advantage of any opportunity to steal your money, personal information, or both. Right now, they are using the uncertainty surrounding the COVID-19 pandemic to further their efforts. Business email compromise (BEC) is a scam that targets anyone who performs legitimate funds transfers. Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Learning From The CyrusOne Ransomware Attack Data Center Dynamics Ransomware attacks continue to plague companies of all stripes. Organizations of any size and sector can be vulnerable to attacks that encrypt files and render entire IT estates inoperable. Threat actors then demand ransom payments in return for decrypting the files and making the resources available again. Rather than go through a long recovery process or attempt to use decryption tools, many organizations will simply pay the fee, despite official advice from the FBI and many cybersecurity companies warning that this only encourages attackers and propagates the problem. Read Here »   San Francisco International Airport Discloses Data Breach After Hack Bleeping Computer San Francisco International Airport (SFO) disclosed a data breach after two of its websites, SFOConnect.com and SFOConstruction.com, were hacked during March 2020. According to a notice of data breach sent to all SFO Airport commission employees via an internal memo, the attackers may have gained access to the login credentials of users registered on the two breached sites. Read Here »   Google and Apple Plan to Turn Phones into COVID-19 Contact-Tracking Devices The Hacker News Tech giants Apple and Google have joined forces to develop an interoperable contract-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. As part of this new initiative, the companies are expected to release an API that public agencies can integrate into their apps. The next iteration will be a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to allow for contact tracing on an opt-in basis. Read Here »   9 Things the Most Productive WFH People So 30 Minutes Before Logging Off The Ladders As the world is adapting to what is now the “new normal,” Fairygodboss wants to be there for you every step of the way. Keep reading for timely advice and join our Navigating the New Normal group for continued support. One of the biggest complaints you’ll hear from people working from home? The struggle to bring their workday to a definitive close. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       Krebs on Security: Microsoft Buys Corp.com So Bad Guys Can’t       Bleeping Computer: Large email extortion campaign underway, DON'T PANIC!       Bleeping Computer: Sodinokibi Ransomware to stop taking Bitcoin to hide money trail       The Hacker News: 7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic       ZDNet: Dutch police take down 15 DDoS services in a week       ZDNet: Work from home - The best VPNs for your home office or any remote connection       MSSP Alert: Ransomware Hackers Hit Coronavirus Biotech Researchers       threatpost: Travelex Pays $2.3M in Bitcoin to Hackers Who Hijacked Network in January       PC Magazine: Google Pulls SuperVPN From the Play Store, Users Urged to Delete It       Security Boulevard: Ransomware Crooks Emboldened by More Payments, Experiments in ‘Customer’ Experience