SBS CyberSecurity - In the Wild 187

 

 

In The Wild - CyberSecurity Newsletter Welcome to the 187th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           HACKER HOUR: VENDOR REVIEW WALK THROUGH SBS Educational Resources Wednesday, September 23, 2020 – 2:00PM – 3:00PM Central: We live in a world where nearly every business function can be outsourced to some type of service or cloud provider. Adopting a more proactive vendor management process is essential in enabling organizations to make better business and vendor related decisions. Although completing reviews and managing each vendor relationship can be a tedious task, if done properly an organization can see great benefits and are better positioned to deal with disruptions or cybersecurity issues. Join SBS as we walk through the process of conducting a vendor review and discuss how organizations can structure their overall vendor management program. Read Here »     Is Your Boardroom The Weakest Cybersecurity Link? Forbes From phishing to ransomware, one of the primary challenges with effective cybersecurity risk management is related to the weakest link theory.  The essence of this theory is the phrase "a chain is no stronger than its weakest link." This idiom reflects the fact that effective cybersecurity risk management is a complex system of related and inter-dependent parts. If one component fails, it can jeopardize the entire system.  For many companies, their weakest cybersecurity link is at the top, in their boardroom. Read Here »   Sophisticated Phishing Scam Targeting Lloyds Bank Customers Infosecurity Magazine Lloyds Bank customers are being targeted by a sophisticated email and SMS messaging phishing campaign, according to an investigation by law practice Griffin Law. An estimated 100 people have reported receiving fake communication purporting to be from Lloyds, which is one of the largest banks in England and Wales. Read Here »   Which cybersecurity failures cost companies the most and which defenses have the highest ROI? HELPNETSECURITY Massachusetts Institute of Technology (MIT) scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about revealing sensitive information to their competitors or damaging their own reputation. Read Here »     Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »   8 lessons from the Garmin ransomware attack TechBeacon In late July, a ransomware attack on Garmin brought the company's business to its knees. The attack forced the business, a major player in the GPS smartwatch and wearables market, to shut down Garmin Connect, the website used by users to sync data about activities such as runs and bike rides, as well as its aviation database services, some production lines in Asia, as well as its call centers. Read Here »   Malware gang uses .NET library to generate Excel docs that bypass security checks ZDNet A newly discovered malware gang is using a clever trick to create malicious Excel files that have low detection rates and a higher chance of evading security systems.  Discovered by security researchers from NVISO Labs, this malware gang — which they named Epic Manchego — has been active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document. Read Here »   FBI issues second alert about ProLock ransomware stealing data Bleeping Computer The FBI issued a second warning this week to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims' systems.  The 20200901-001 Private Industry Notification seen by BleepingComputer on September 1st comes after the MI-000125-MW Flash Alert on the same subject issued by the FBI four months ago, on May 4th, 2020. Read Here »   7 Keys to Effective Leadership in Our New Normal Inc. If 2020 has taught us anything, it's that leadership in today's world requires a wide range of soft skills.  Employees don't want to work for inauthentic founders, executives, or managers. Team members don't feel empowered when working with people who don't have a reasonable level of emotional intelligence. Partners, vendors, and clients don't want to be associated with companies that aren't transparent about the way they do business--and the masses don't want to support companies whose actions don't align with their mission statements.  Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      Krebs on Security: The Joys of Owning an ‘OG’ Email Account      SecurityIntelligence: Incident Response: 5 Steps to Prevent False Positives      Computer Business Review: 7 Things Not to Do When Hacked      TechRepublic: Phishing attack baits victims by promising access to quarantined emails      TechRepublic: Farewell Flash Player: Microsoft tells businesses to get ready for the end of support      ZDNet: Chilean bank shuts down all branches following ransomware attack      ZDNet: Money from bank hacks rarely gets laundered through cryptocurrencies      The Hacker News: New PIN Verification Bypass Flaw Affects Visa Contactless Payments      DARKReading: 5 Tips for Triaging Risk from Exposed Credentials      DARKReading: Why Are There Still So Many Windows 7 Devices?