SBS CyberSecurity - in The Wild 186

 

 

In The Wild - CyberSecurity Newsletter Welcome to the 186th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           HACKER HOUR: VENDOR REVIEW WALK THROUGH SBS Educational Resources Wednesday, September 23, 2020 – 2:00PM – 3:00PM Central: We live in a world where nearly every business function can be outsourced to some type of service or cloud provider. Adopting a more proactive vendor management process is essential in enabling organizations to make better business and vendor related decisions. Although completing reviews and managing each vendor relationship can be a tedious task, if done properly an organization can see great benefits and are better positioned to deal with disruptions or cybersecurity issues. Join SBS as we walk through the process of conducting a vendor review and discuss how organizations can structure their overall vendor management program. Read Here »     Sendgrid Under Siege from Hacked Accounts Krebs on Security Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Read Here »   Microsoft says the pandemic has changed the future of cybersecurity in these five ways TechRepublic A new report from Microsoft suggests that cloud-based technologies and Zero Trust architecture will become mainstays of businesses' cybersecurity investments going forward. Cybersecurity has shot to the top of business agendas in recent months, as the sudden shift of workforces from the office to the home highlighted a host of new threats within remote-working setups. Add to that the explosion in opportunistic cybercriminals hoping to cash in on the situation, and businesses are faced with a security minefield as the prospect of remote work looms indefinitely Read Here »   Double extortion ransomware attacks and how to stop them ComputerWeekly As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks. Read Here »     Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »   Here's What We Can Do To Reduce The Risk Of A Ransomware Attack Forbes A ransomware attempt on Tesla, confirmed by Elon Musk, which ended with the Russian perpetrator being arrested by the FBI after a company employee rejected his million-dollar offer to help hack into the company’s computer systems, highlights the increasing level of professionalism of the crooks dedicated to this aspect of cybercrime: a carefully planned attack using social engineering — trying to obtain the collaboration of a fellow Russian employee by using another person of the same nationality — and directed at one of the world’s best-known companies of the moment. Read Here »   It’s never the data breach -- it’s always the cover-up ZDNet The felony charges levied against former Uber CSO paints him as actively masterminding and executing a plan to cover up a major data breach. This serves as a reminder that CSOs and CISOs must consider how decisions made in the moment can be interpreted, construed, or proven to be criminal after the fact. Read Here »   CenturyLink routing issue led to outages Bleeping Computer A CenturyLink BGP routing mistake has led to a ripple effect across the Internet that led to outages for numerous Internet-connected services such as Cloudflare, Amazon, Garmin, Steam, Discord, Blizzard, and many more. Read Here »   These Industries Are Thriving With A Remote Workforce Forbes The Covid-19 pandemic has turned remote work from an option into a necessity for workers who are not on the front lines. Employees who work remotely were already spending more and more time working off-site, with 31% of them doing so all the time or nearly all the time in 2016, versus 24% in 2012, according to a January 2020 report. And more than half of office workers overall said they would leave their current role for another that offers flexible work time.  Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      Krebs on Security: Confessions of an ID Theft Kingpin, Part I      Krebs on Security: Confessions of an ID Theft Kingpin, Part II      Bleeping Computer: You have two days left to purchase 2-year TLS/SSL certificates      Bleeping Computer: Elon Musk confirmed Russian's plans to extort Tesla      Bleeping Computer: Office 365 now opens attachments in a sandbox to prevent infections      Fedscoop: The CMMC’s first group of cybersecurity assessors is ready to train      DARKReading: Old Malware Tool Acquires New Tricks      ZDNet: Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme      CPO Magazine: Major Data Broker Exposes 235 Million Social Media Profiles in Data Leak      TechRepublic: North Korean hackers are actively robbing banks, US government warns