SBS CyberSecurity - In The Wild 259

 

In The Wild - CyberSecurity Newsletter Welcome to the 259th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Hacker Hour: Critical Responsibilities of an ISO SBS Educational Resources Date: Wednesday, January 26, 2022 Time: 2:00 - 3:00 PM An The past 5-10 years have brought such big changes to the roles and responsibilities of the information security officer (ISO) that many organizations struggle to define the most critical responsibilities. Guidance tells us that management should designate at least one ISO to be responsible and accountable for implementing and monitoring the information security program. But what does that mean? Join SBS as we discuss the most critical responsibilities of the information security officer and share some insight on what organizations can do to fulfill the ISO's most critical responsibilities. Read Here »   Crime Shop Sells Hacked Logins to Other Crime Shops KrebsOnSecurity Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites. Read Here »   2FA Bypassed in $34.6M Crypto.com Heist: What We Can Learn ThreatPost In a display of 2FA’s fallibility, unauthorized transactions approved without users’ authentication bled 483 accounts of funds. Read Here »   EHR Vendor Faces Legal Action Over Data Breach Infosecurity A Tennessee-based healthcare technology services company is facing legal action over a cyber-attack that occurred in August 2021. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Log4J: Attackers continue targeting VMware Horizon servers ZDNet VMware has urged customers to apply the latest guidance as a way to resolve vulnerabilities CVE-2021-44228 and CVE-2021-4504. Read Here »   CISA Adds 13 Known Exploited Vulnerabilities to Catalog CISA CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. Read Here »   SonicWall shares temp fix for firewalls stuck in reboot loop BleepingComputer Following a stream of customer reports that started yesterday evening, security hardware manufacturer SonicWall has provided a temporary workaround for reviving next-gen firewalls running SonicOS 7.0 stuck in a reboot loop. Read Here »   Lifelong learning and leadership development success EHL Insights What do Barack Obama, Warren Buffett and Bill Gates have in common? Apart from being wealthy, influential and powerful people, they've all become known for their commitment to continuous learning. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      KrebsOnSecurity: IRS Will Soon Require Selfies for Online Access      BleepingComputer: Microsoft disables Excel 4.0 macros by default to block malware      BleepingComputer: School District reports a 334% hike in cybersecurity insurance costs      NBC Boston: Nurses Demand Accurate Pay One Month After Ransomware Attack      Endpoints News: Merck wins legal battle over insurance coverage after ransomware attack      The Hacker News: Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang      ThreatPost: McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges      CSO: The emotional stages of a data breach-How to deal with panic, anger, and guilt      DARKReading: New Vulnerabilities Highlight Risks of Trust in Public Cloud      ZDNet: FBI warning- This new ransomware makes demands of up to $500,000