SBS CyberSecurity - In The Wild 182

 

In The Wild - CyberSecurity Newsletter Welcome to the 182nd issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. [BLOG] Board of Directors Proactive Cybersecurity Mindset SBS Educational Resources Financial institutions are economic engines that drive our communities. At the head of each financial institution is a Board of Directors, who oversee and provide direction for the institution to ensure operation and meet its customer needs. The responsibility for such oversight is massive and has evolved greatly over the last ten years to include investments in technology and cybersecurity. The Board of Directors is held accountable to the institution's shareholders, employees, depositors, the community they serve, and the regulators for the operations of an efficient, safe and sound institution. Read Here »     Is Your Chip Card Secure? Much Depends on Where You Bank Krebs on Security Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. Read Here »   What's New in the 2020 Cost of a Data Breach Report Security Intelligence This year's study analyzed 524 breaches that occurred between August 2019 and April 2020, in organizations of all sizes, across 17 geographies and 17 industries. The 2020 Cost of a Data Breach Report shows some consistency with past research, including the global total cost of a data breach, which averaged $3.86 million in the 2020 study, down about 1.5% from the 2019 study, but in line with previous years. The average time to identify and contain a data breach was 280 days in the 2020 study, nearly identical to the average of 279 days in 2019. Read Here »   Russia's GRU Hackers Hit US Government and Energy Targets Wired Russia's GRU Military intelligence agency has carried out many of the most aggressive acts of hacking in history: destructive worms, blackouts, and—closest to home for Americans—a broad hacking-and-leaking operation designed to influence the outcome of the 2016 US presidential election. Now it appears the GRU has been hitting US networks again, in a series of previously unreported intrusions that targeted organizations ranging from government agencies to critical infrastructure. Read Here »     Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »   Is "Dumpster Fire" Too Strong a Word Regarding CMMC Concerns with MSPs? LinkedIn For a lot of companies, it is not what they think it is, and the reason is primarily based on misplaced assumptions. Too many people and companies view Cybersecurity Maturity Model Certification (CMMC), including compliance with it, as strictly an IT issue. To compound this issue, for most SMBs within the Defense Industrial Base (DIB), IT is rarely staffed in-house and is usually outsourced to a local/regional Managed Service Providers (MSP) or Managed Security Service Providers (MSSP). The assumption is that these "IT experts" will handle all manners of IT and cybersecurity for them. Read Here »   Google: Eleven zero-days detected in the wild in the first half of 2020 ZDNet According to data collected by Google's Project Zero security team, there have been 11 zero-day vulnerabilities exploited in the wild in the first half of the year. The current number puts 2020 on track to have just as many zero-days as 2019 when Google security researchers said they tracked 20 zero-days all of last year. Read Here »   Hacker Leaks 386M User Records From 18 Companies for Free Bleeping Computer A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches. Since July 21st, a seller of data breaches known as ShinyHunters has begun leaking the databases for free on a hacker forum known for selling and sharing stolen data. ShinyHunters has been involved in or responsible for a wide assortment of data breaches this past year, including Wattpad, Dave, Chatbooks, Promo.com, Mathway, HomeChef, and the breach of Microsoft private GitHub repository. Read Here »   How to Be a Leader Worth Remembering Medium Take a second and think of someone who has had a significant impact on your life or your leadership. What about that person made them someone of influence? What was it about his or her life or character that gave them the leverage or influence in your life to leave such a notable impact? What if I were to ask that question to someone on your team in the next few years? What would you want his or her answer to be? Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       Krebs on Security: Three Charged in July 15 Twitter Compromise       Krebs on Security: Here's Why Credit Card Fraud is Still a Thing       Bleeping Computer: GandCrab ransomware operator arrested in Belarus       Bleeping Computer: Havenly discloses data breach after 1.3M accounts leaked online       The Hacker News: Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes       The Hacker News: Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures       ZDNet: Microsoft says it will continue discussions to buy TikTok's operations in the US       PC Gamer: Nearly 80 Netgear routers have a major security flaw and half won't be patched       Wired: The Garmin Hack Was a Warning       TechRepublic: That job offer in your inbox might be part of a North Korean cyberattack