Tuesday, January 28, 2020

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.

Greater Focus on Privacy Pays Off for Firms

Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.

How to Get the Most Out of Your Security Metrics

There's an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives.

New Social Engineering Event to Train Business Pros on Human Hacking

The DEF CON Social Engineering Capture the Flag contest inspired a new event aimed at teaching both security and non-security professionals on the fine art of hacking human behavior.

7 Steps to IoT Security in 2020

There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.

5 Resume Basics for a Budding Cybersecurity Career

You'll need to add resume tactician to your skill set in order to climb up the next rung on the security job ladder. Here's how.

Online Employment Scams on the Rise, Says FBI

Looking to change jobs? Watch out for fraudsters who use legitimate job services, slick websites, and an interview process to convince applicants to part with sensitive personal details.

The Annoying MacOS Threat That Won’t Go Away

In two years, the adware-dropping Shlayer Trojan has spread to infect one in 10 MacOS systems, Kaspersky says.

‘CardPlanet’ Operator Pleads Guilty in Federal Court

Russian national faced multiple charges in connection with operating the marketplace for stolen credit-card credentials, and a forum for VIP criminals to offer their services.

DHS Warns of Increasing Emotet Risk

Emotet is considered one of the most damaging banking Trojans, primarily through its ability to carry other malware into an organization.

NSA Offers Guidance on Mitigating Cloud Flaws

A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.

Deconstructing Web Cache Deception Attacks: They’re Bad; Now What?

Expect cache attacks to get worse before they get better. The problem is that we don't yet have a good solution.

Severe Vulnerabilities Discovered in GE Medical Devices

CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.

Weathering the Privacy Storm from GDPR to CCPA & PDPA

A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.

Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says

Attackers 'weaponized' Active Directory to spread the ransomware.

To Avoid Disruption, Ransomware Victims Continue to Pay Up

For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.

For Mismanaged SOCs, The Price Is Not Right

New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require.

Eight Flaws in MSP Software Highlight Potential Ransomware Vector

An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.

Why DPOs and CISOs Must Work Closely Together

Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.

Configuration Error Reveals 250 Million Microsoft Support Records

Some the records, found on five identically configured servers, might have contained data in clear text.
ZDNet

DEF CON China conference put on hold due to coronavirus outbreak

DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
The Register

Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates

We'll laugh at today's mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still...

Average Ransomware Payments More Than Doubled in Q4 2019

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
The Security Ledger

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S. remain...

One Small Fix Would Curb Stingray Surveillance

The technology needed to limit stingrays is clear—but good luck getting telecoms on board.