SBS CyberSecurity - In The Wild 304

In The Wild - CyberSecurity Newsletter Welcome to the 304th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           {WEBINAR} NAUGHTY OR NICE - WHICH IS YOUR RISK ASSESSMENT? SBS Educational Resources Date: Wednesday, December 14 Time: 2:00-3:00 PM CT During this season of giving, join SBS for this free webinar. We will boil down all of the guidance surrounding the IT risk assessment to what you need to know; discuss the differences between a compliance-based and risk-based assessment, and demonstrate how our TRAC tool can help make your life easier while helping your institution understand its strengths and weaknesses and how to become more proactive when it comes to cybersecurity. Read Here »   Banks Plan to Start Reimbursing Some Victims of Zelle Scams The New York Times A rule change planned for early next year would shift liability for some losses onto the banks, not their customers. Read Here »   LastPass Suffers Another Security Breach; Exposed Some Customers Information The Hacker News Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. Read Here »   FBI: Cuba ransomware raked in $60 million from over 100 victims BleepingComputer FBI has observed Cuba ransomware actors continuing to target U.S. entities in the following five critical infrastructure sectors: Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Darknet markets generate millions in revenue selling stolen personal data ars Technica It is common to hear news reports about large data breaches, but what happens once your personal data is stolen? Our research shows that, like most legal commodities, stolen data products flow through a supply chain consisting of producers, wholesalers, and consumers. Read Here »   A Risky Business: Choosing the Right Methodology DARKReading Rather than regarding risk assessment as a negative exercise, consider it one that benefits your organization's aims, and then translate the risk level to its impact on operations, reputation, or finances. Read Here »   Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services The Register Warns recovery could take several days and pledges better support after customer complaints. Read Here »   The Four Foundational Principles of Leadership Newsweek Now that we've defined what a leader is, let's take it a step further with the four foundational principles of leadership. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      KrebsonSecurity: ConnectWise Quietly Patches Flaw That Helps Phishers      KrebsonSecurity: U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer      DARKReading: One Year After Log4Shell, Most Firms Are Still Exposed to Attack      DARKReading: How Banks Can Upgrade Security Without Affecting Client Service      Hackread: Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs      ars Technica: Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices      The New York Times: How a Cyberattack Plunged a Long Island County Into the 1990s      BleepingComputer: The Week in Ransomware - December 2nd 2022 - Disrupting Health Care      Cybernews: ZIP and RAR named most prevalent malware carrier      CybersecurityDIVE: As companies tighten tech spend, demand for cybersecurity services grows