SBS CyberSecurity - In The Wild 179

 

 

In The Wild - CyberSecurity Newsletter Welcome to the 179th issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [VIRTUAL CONFERENCE] CyberRiskNOW – Security Testing Edition SBS Educational Resources July 15th – 8:30AM to 4:00PM Central - This virtual conference is designed to provide interactive training on evolving cybersecurity threats and how your organization should be testing its People, Process, and Technology in today's cyber-landscape. CyberRiskNOW: Security Testing Edition will cover the numerous different ways to consider testing your Information Security Program, from a Process perspective (policy, procedure, governance), a Technology perspective (are the controls you've implemented working as intended, and are they adequate), and a People perspective (is all that Security Awareness Training effective?). Read Here »     Leaked Documents Show What TikTok User Data is Collected Business Insider Like all apps, TikTok is constantly collecting information about its users. Newly leaked documents show what happens when that information is requested by police. One leaked document sent from TikTok to police includes details on a user's handle, phone number, model of smartphone, sign-up date, and a list of IP addresses from which they logged into TikTok. It also includes details on the user's other social media accounts tied to their TikTok — in this case, the report notes that the user signed up for TikTok via Facebook, and includes a unique ID tied to their Facebook account. Read Here »   How to Protect Your Verizon Number from SIM Swapping Attacks Bleeping Computer Verizon now makes it possible for customers to defend against SIM swapping attacks by enabling the free Number Lock protection feature through the My Verizon app or the My Verizon website. SIM swapping (aka SIM hijacking, SIM splitting, or SIM jacking) is a type of account takeover (ATO) fraud that allows criminals to take control of a target's phone number by convincing their mobile phone service providers to swap the mobile number to an attacker-controlled SIM card by using social engineering or with the help of a bribed employee. Read Here »   Cybersecurity As We Know It Is About To Change Forbes Pundits across the world have set their sights on a post-pandemic future, arguing that a new normal is about to descend upon us. While I recognize much of what the future holds is ambiguous, I believe there is an area that will become our inevitable reality — continued cyberthreats as a result of rapid digitalization. The global cybersecurity market is set to increase to $270 billion by 2026. This signals the priority boardrooms have placed on cyber risk management even as digital transformation takes place en masse. Read Here »     Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »   Microsoft Warns on OAuth Attacks Against Cloud App Users threatpost Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services without entering a password — using signed-in status on another, trusted service or website. The most visible example might be the "Sign in with Google" or "Sign in with Facebook" that many websites use in lieu of asking visitors to create a new account. These "Sign in" or "Log in" prompts are called consent prompts. Read Here »   Companies Need to Rethink What Cybersecurity Leadership Is Harvard Business Review For businesses today, cyber risk is everywhere. Yet, for all the investments they've made to secure their systems and protect customers, companies are still struggling to make cybersecurity a vibrant, proactive part of strategy, operations, and culture. The root cause is twofold: (1) Cybersecurity is treated as a back-office job, and (2) most cyber leaders are ill-equipped to exert strategic influence. Given that a cyber leader's average tenure is just 18 months, it's clear that something needs to change. Read Here »   US Secret Service Creates New Cyber Fraud Task Force Bleeping Computer The US Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after the merger of its Financial Crimes Task Forces (FCTFs) and Electronic Crimes Task Forces (ECTFs) into a single unified network. CFTF's main goal is to investigate and defend American individuals and businesses from a wide range of cyber-enabled financial crimes, from business email compromise (BEC) scams and ransomware attacks to data breaches and the illegal sale of stolen personal information and credit cards on the Internet and the dark web. Read Here »   Curiosity: The Key To A Long Life Darius Foroux One of my favorite ways to learn is by studying people who have been on this planet for seven decades or more. One of those people is my grandfather, who's 87 years old, and still takes care of himself. I also met several highly successful entrepreneurs through my father, who I'm working with since 2010. I had the opportunity to start a business with my dad, and that automatically put me in the presence of great business people and investors. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       Bleeping Computer: Zoom fixes zero-day RCE bug affecting Windows 7, more updates soon       Bleeping Computer: Mozilla reduces TLS certificate lifespan to 1 year in September       Bleeping Computer: Over 1,300 phishing kits for sale on hacker forum       The Hacker News: Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products       CPO Magazine: Apple Makes a Major Privacy Move - Disable Ad Tracking and Greater Insight Into App Permissions       CPO Magazine: CCPA 2.0 Will Be On California's November 2020 Ballot: What Employers Need to Know       ZDNet: Mozilla suspends Firefox Send service while it addresses malware abuse       InfoSecurity Magazine: SurveyMonkey Phishers Go Hunting for Office 365 Credentials       Cloudflare: Mitigating a 754 Million PPS DDoS Attack Automatically       Security Affairs: Google announced that its Tsunami vulnerability scanner is going to be open-sourced