SBS CyberSecurity - In The Wild 180

 

In The Wild - CyberSecurity Newsletter Welcome to the 180th issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [HACKER HOUR] Getting Your People to Pay Attention to Cybersecurity Training SBS Educational Resources July 90th – 2:00PM to 3:00PM Central - Organizations are spending increasingly more time and resources on cybersecurity. Despite the additional focus and investment, creating a "Culture of Security" continues to be an organization's greatest challenge. Our frustration builds when we push out more training, and our people continue to get caught by phishing, scams, and hacks. Join SBS and special guest Honey Shelton, training expert, as we discuss what you can do to ensure your training efforts result in better security awareness and make your "Culture of Security" meaningful! Read Here »     Who's Behind Wednesday's Epic Twitter Hack? Krebs on Security Twitter was thrown into chaos on Wednesday after accounts for some of the world's most recognizable public figures, executives, and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of the attack, and point to clues about who may have been behind it. Read Here »   Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers The Hacker News Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019. The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization's IT infrastructure. Read Here »   Ransomware Accounts For 1/3 of All Cyberattacks Against Organizations TechRepublic Pundits across the world have set their sights on a post-pandemic future, arguing that a new normal is about to descend upon us. While I recognize much of what the future holds is ambiguous, I believe there is an area that will become our inevitable reality — continued cyberthreats as a result of rapid digitalization. The global cybersecurity market is set to increase to $270 billion by 2026. This signals the priority boardrooms have placed on cyber risk management even as digital transformation takes place en masse. Read Here »     Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »   8 Signs of a Smartphone Hack DarkReading The more we depend on smartphones, the more attractive an attack vector they become. Android and iOS and devices have become common targets for cybercriminals, as people use them for work, communications, social media, travel, and important services like finance and healthcare. "From an attack perspective … there's a lot of different ways malware gets onto a mobile device," says Adam Meyers, vice president of intelligence at CrowdStrike, who says the company has seen "every manner of actor" going after smartphones. Read Here »   Hackers Look to Steal COVID-19 Vaccine Research threatpost The advanced threat actor known as APT29 has been hard at work attempting to pilfer COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world, including the US That's according to a joint alert from the US Department of Homeland Security (DHS), the UK's National Cyber Security Centre (NCSC) and Canada's Communications Security Establishment (CSE),  issued Thursday. Read Here »   Emotet Spam Trojan Surges Back to Life After 5 Months of Silence Bleeping Computer After months of inactivity, the notorious Emotet spamming trojan has come alive again as it spews out a massive campaign of malicious emails targeting users worldwide. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim's computer, which installs other malware over time and using the infected computer to send further spam emails. Read Here »   7 Traits of A Leader Worth Following Medium When I started my first job, my dad gave me an extremely valuable gift: the leadership notes he had logged over the course of his 50-year military career, during which time he managed organizations and trained today's leaders. These notes served him and his students well. Years later, they've done the same for me and my clients. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       Krebs on Security: 'Wormable' Flaw Leads July Microsoft Patches       Krebs on Security: Breached Data Indexer 'Data Viper' Hacked       Bleeping Computer: Twitter: Hackers targeted 130 accounts, no passwords accessed       The Hacker News: Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online       Tom's Guide: Nasty Android malware attacks Facebook, Gmail and more -- what to do       DarkReading: Cybersecurity Leaders - Invest In Your People       ZDNet: BadPower attack corrupts fast chargers to melt or set your device on fire       ZDNet: Cybersecurity basics more important then ever in the new normal of remote work says Salesforce CTO       CIO Dive: Are businesses covered if their service provider is hit by ransomware?       Forbes: Big Leak Reveals Iran Targeting US Military With Super Speedy Google Account Hacks