SBS CyberSecurity - In The Wild 183

 

 

In The Wild - CyberSecurity Newsletter Welcome to the 183rd issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Note from Jon: A big thank you to everyone who has received and read In The Wild over the last 3.5 years! I hope this newsletter has provided you and your organization with a ton of value. ITW Volume 183 will be my last as your content curator, with one of our best IS Consultants – Shane Daniel – taking over next week for Volume 184. In The Wild will remain a "top-secret," invite-only newsletter for the foreseeable future, but we're working on some additional improvements to come soon. I'll continue to be involved with ITW as well. Thanks again for your support and readership! Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           [VIRTUAL CONFERENCE] CyberRiskNOW: ISO Edition SBS Educational Resources Wednesday, August 26, 2020 – 8:30AM – 4:00PM Central: This virtual conference is designed to provide interactive training on evolving cybersecurity threats and the responsibilities that an Information Security Officer (ISO or CISO) has to ensure the security of the organization, customer information, and people.  CyberRiskNOW: ISO Edition will cover the numerous operational and tactical responsibilities of an ISO, including IT Risk Assessment, Vendor Management, Business Impact Analysis/Business Continuity Management, Security Awareness, IT Audit oversight/remediation, and more. Read Here »     Hacked Data Broker Fueled Phony COVID Loans, Unemployment Claims Krebs on Security A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known US consumer data broker, KrebsOnSecurity has learned. Read Here »   Two New Encryption Standards Will Soon Sweep Away Security Controls TechRepublic Transport layer security (TLS) and DNS, two of the foundational protocols of the internet, have recently undergone radical changes to protect browser user privacy. At the same time, they will reduce security on-premises in the short term, and security professionals must put tools in place in the next couple of years, a new report from Forrester Research states. Read Here »   Capital One to Pay $80M in Connection with Massive Data Breach American Banker Capital One Financial has reached settlements with two federal banking regulators in connection with a 2019 hacking incident that resulted in a massive compromise of customer data. One of the consent agreements released Thursday said the Office of the Comptroller of the Currency determined that the McLean, VA.-based lender failed to effectively assess risks in advance of its migration of information technology operations to the cloud. Read Here »     Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »   The NSA's Tips to Keep Your Phone From Tracking You Wired This week, the National Security Agency shared a three-page primer on how to limit your location data exposure (PDF). They would know! As a baseline, it's a healthy reminder that your smartphone feeds on your location and that a lot of unscrupulous, invisible parties try to sell and obtain it. But it also provides some actually useful advice, especially if this isn't a topic you've given much thought to already. Read Here »   Cyber Insurance: Seven Questions You Need to Consider Before Buying ZDNet The UK's cybersecurity agency has set out advice for companies considering taking out insurance against hacking and ransomware attacks. Cyber insurance can help businesses to recover after a ransomware attack or data breach by providing financial support to put the damage right, and can also help with legal and regulatory headaches after an incident. Read Here »   The Week in Ransomware - August 7th 2020 - Businesses Under Siege Bleeping Computer This week illustrated how pervasive ransomware has become with news of two large and well-known companies getting hit with ransomware attacks, with more surely to come. Over the weekend, BleepingComputer found a WastedLocker decryptor used by Garmin to decrypt their files, meaning that they paid the ransom to get the decryption key. Later in the week, we discovered that Canon USA was attacked by the operators of the Maze ransomware, leading to another corporate service disruption. Read Here »   Bezos Uses This Simple Leadership Trick to Overcome Toxic Mindsets Inc. Here's a simple trick that Jeff Bezos suggests using to overcome a basic business leadership problem. It stems from the fact that the most important business decisions are often also the hardest ones--and those tough decisions often result in an additional cascade of leadership challenges. It's pretty simple really. If you make a choice from among several reasonable choices in your business, some of your team members or stakeholders will likely conclude you've made the wrong choice. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:       Krebs on Security: Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker       Krebs on Security: Robocall Legal Advocate Leaks Customer Data       Bleeping Computer: Reddit hit by coordinated hack promoting Trump's reelection       Bleeping Computer: Bugs in HDL Automation expose IoT devices to remote hijacking       Bleeping Computer: Intel leak - 20GB of source code, internal docs from alleged breach       The Hacker News: How COVID-19 Has Changed Business Cybersecurity Priorities Forever       ZDNet: Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed       ZDNet: Hacker leaks passwords for 900+ enterprise VPN servers       SC Magazine: New index shows proactive cybersecurity measures outpaced reactive in Q2       iMore: A US government contractor embedded tracking software in the apps of millions of smartphone users