Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Breaking down a four-step process to email security

    • Users working on any email platform must communicate effectively and securely while helping their organization fight against phishing, account takeovers, data breaches, and business email compromises. Companies can do this by creating a multi-layered approach to security that everyone understands and knows like a second language.
    • What makes an email security product effective? It revolves arounds four fundamental tenets: analyze, detect, protect, and respond.
    • The ability to analyze, detect, protect and respond at the moment of risk helps security teams follow a fact-based approach to email security.
    - Kevin O'Brien | November 9, 2020
    hak-iq.us20.list-manage.comNovember 9, 2020
  • 5 Reasons Why Web Security Is Important to Avoid Ransomware
    1. Ransomware Is a Result of Attack Escalation
    2. Web Attacks Are Used to Spread Ransomware
    3. Move to Cloud Means that More Criminals Aim for the Cloud
    4. Organizations Do Not Report Attack Details
    5. Media Focuses on the Problem, Not the Solution
    - Tomasz Andrzej Nidecki | November 9, 2020    hak-iq.us20.list-manage.comNovember 9, 2020

  • Cyber threat: Avoiding the phishing net

    • According to Verizon’s 2018 Data Breach Investigations Report, email is the number one vector used for 92.5% of malware distribution and 96% of phishing attacks.
    • Ever since the occurrence of the Covid-19, cybercriminals have been launching phishing email attacks to exploit the pandemic fear for their malicious gain. Within the span of the first four months of 2020, 18 million Covid-19 phishing emails were blocked by Gmail every day. In addition to that, in one week, 240 million Covid-19 spam emails were blocked on a daily basis.
    • According to a Threat Report, around 1.5 million new phishing websites are created every month.
    • Secure outbound mail flow with email authentication protocols like DMARC, SPF and DKIM. It further protects the email domain against spoofing and other email-based attacks.
    - Pavan Kushwaha | November 9, 2020
    hak-iq.us20.list-manage.comNovember 9, 2020

  • Case for Identity and Access Management

    • On average, five hours every week was spent just managing user passwords, a 25 per cent increase from the results gathered in a similar survey in 2019.
    • Not surprisingly many respondents (45 per cent) expressed frustration at the time spent managing passwords. Of greater concern, however, was users forgetting their passwords and using the same password across multiple applications.
    • Many businesses use Microsoft Active Directory (AD) to manage their users. It is the single source of truth about who works at a company, the things they need to access and their permission levels.
    • Many people use the same password for multiple online services. If one of these is compromised the hackers gain access to, potentially, millions of email address and password combinations that they can use try and gain access to other services, including corporate resources.
    • This article appears to be an advertisement for LastPass. My goal was/is to get us thinking about IAM, not necessarily LastPass.
    - Tony Kirkby | November 9, 2020
    hak-iq.us20.list-manage.comNovember 9, 2020

  • Data breach at BigBasket hits 20 mn users’ privacy

    • Online grocer Bigbasket may have suffered a massive data breach following which details of more than 20 million users may have been leaked on the dark web.
    • Bigbasket.com, which is run by Innovative Retail Concepts Pvt Ltd, is one of India’s largest online food and grocery store and is valued at $2 billion.
    • Bigbasket has a robust information security framework that employs best-in-class resources and technologies to manage information, it said. “We will continue to proactively engage with best-in-class information security experts to strengthen this further," it said.
    • The online retailer has more than 18,000 products and 1,000 brands in its catalogue and services customers in more than 20 cities across India.
    - Sharan Poovanna | November 9, 2020
    hak-iq.us20.list-manage.comNovember 9, 2020

  • DDoS attacks fell by 73% in Q3 of 2020, says Kaspersky

    • The analysis of commands received from command and control servers also demonstrates this decline, said a DDoS Protection report from Kaspersky, adding that despite the overall stabilization of the DDoS market during the year, the quarter still saw a year-on-year rise, and the year’s highest number of attacks in a single day, totalling 323.
    • In Q3 2020, the company said that it detected 73 per cent fewer attacks than in the previous quarter. However, compared to the same period in 2019, this figure has seen a one-and-a-half times year-on-year increase.
    • This means that the decline observed during Q3 can mostly be explained by the abnormal rise of attacks in the second quarter.
    | November 5, 2020
    hak-iq.us20.list-manage.comNovember 5, 2020

  • Cyber-attack concerns behind Norfolk canceling virtual classes on Monday

    • Worries about a potential cyber-attack forced Norfolk Public Schools to cancel virtual classes earlier this week.
    • The school district initially said that virtual classes were canceled Monday due to a "computer network outage" and that it would resume on Wednesday.
    • In a new statement, an NPS spokesperson clarified that the reason for the outage was that they recently got word from Microsoft recently about cyber-attacks in the region that could affect schools.
    • The IT department disconnected everything just as a precaution, and canceled class on Monday.
    | November 5, 2020
    hak-iq.us20.list-manage.comNovember 5, 2020

  • Capcom hacked. Resident Evil game developer discloses cyber attack

    • The maker of such well-known video games as “Resident Evil” and “Street Fighter” disclosed in a short press release that in the early hours of Monday some of its networks “experienced issues” that affected access to email and file servers.
    • In response, the company has shut down some of its systems. However, in what must be a big relief to fans of Capcom video games, the attack is said not to have affected players’ online access to the firm’s video games and websites.
    • Even if no customer information has been stolen from Capcom’s internal servers and email accounts, there might have been other sensitive data stolen – such as intellectual property from the video game developer, or details of the firm’s plans for future video game releases.
    • Presently it is unclear how long it will take Capcom to return to its normal operations.
    - Graham Clueley | November 5, 2020
    hak-iq.us20.list-manage.comNovember 5, 2020

  • How to deal with the escalating phishing threat

    • For attackers, it’s almost a no-brainer: phishing is cheap and humans are fallible, even after going through anti-phishing training.
    • When something gets through and someone clicks on a malicious URL, defenders must be able to simultaneously block the attack and show the victim what the phisher was attempting to do.
    • Most CISOs assume phishing is a corporate email problem and their current line of defense is adequate, but they are wrong.
    • “You’ve got to take a comprehensive, multi-layer phishing defense approach outside the firewall, where your biggest user population is working remotely, and inside the firewall for your internal users. You need to protect mobile devices and PC/Mac endpoints, with end-to-end encryption (E2EE) deployed.”
    • “You also have to be mindful of corporate users’ personal side as their personal and business lives have converged, and many people use the same devices and same credentials across personal and business accounts."
    - Zeljka Zorj | November 4, 2020
    hak-iq.us20.list-manage.comNovember 4, 2020

  • Polls close on Election Day with no apparent cyber interference

    • After years of planning and worry, polls closed on Election Day 2020 without the country's having seen any substantial public cyberattack.
    • It's impossible to state for sure how much the lack of an apparent cyberattack was due to successful planning, a lack of a serious attempt from a dedicated adversary or pre-emptive cyberattacks from U.S. Cyber Command.
    • While polls appeared to have closed without a major hitch, CISA cautioned that the window for hackers to affect the perception of the election's integrity could be open for weeks.
    - Kevin Collier | November 3, 2020
    hak-iq.us20.list-manage.comNovember 3, 2020

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence