Global Cyber News Digest

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Equifax Loses Bid to Drop Data Breach Claims Under New York Law

    • U.S. District Judge Brian Cogan on Wednesday rejected the company’s dismissal bid in the Eastern District of New York, saying plaintiff Matthew Weiss’ claim is plausible under the state’s deceptive acts and practices law.
    • Courts toss claims following class action settlements under similar facts, unless a plaintiff to the action opts out of the deal. Companies hit by a breach, however, can beat data security claims in later trial stages using standing or jurisdictional challenges.
    - Daniel L. Stoller | July 9, 2020
    hak-iq.us20.list-manage.comJuly 9, 2020
  • Cybersecurity Experts Weigh In On Best Practices for Remote Work

    • As millions of federal workers conduct their business remotely due to the ongoing coronavirus pandemic, the Chief Information Officers (CIO) Council has released their views on best practices for working remotely.
    • Included in the CIO Council posting are links to resources such as the NSIT telework tip guide, the NIST Security for Enterprise Telework, Remote Access, and Bring Your Own Device Solutions publication, and the NIST Preventing Eavesdropping and Protecting Privacy on Virtual Meetings blog post.
    | July 9, 2020
    hak-iq.us20.list-manage.comJuly 9, 2020
  • US Secret Service warns about increased cyberattacks against MSPs

    • Many organizations increasingly rely on managed service providers (MSPs) to remotely manage IT infrastructure and other resources. By outsourcing the care and feeding of their network, applications, or security, an organization can save time and money, especially if it lacks the necessary internal staffing and capabilities.
    • Since each MSP typically has access to vital resources for multiple clients, a single data breach can unlock the door to a treasure trove of sensitive data.
    - Lance Whitney | July 8, 2020
    hak-iq.us20.list-manage.comJuly 8, 2020
  • The $6 trillion heist avoiding global attention

    • Criminal hackers demanding ransom from a leading Indian financial company once more highlighted vulnerability of an Internet-dependent economy against cybercriminals – and insufficient law-enforcement infrastructure and seriousness to tackle them
    • More than vulnerable computer systems, cybercriminals exploit an individual human weakness: greed. An e-mail offer sounding too good to be true may not be true. Greed remains a lethal inner enemy and the cyber crook’s favorite weapon.
    - Raja Murthy | July 8, 2020
    hak-iq.us20.list-manage.comJuly 8, 2020
  • Cosmic Lynx cyber crime group takes BEC to new heights

    • A newly identified Russian cyber criminal group, called Cosmic Lynx by the threat researchers who have been tracking it, is developing increasingly complex and creative business email compromise (BEC) attacks that target Fortune 500 enterprises.
    • At some point, Russian cyber criminals were going to ask themselves why they were spending so much time and money on infrastructure and malware development when they can just send someone an email, ask for money, and get it. This now appears to be happening.
    - Alex Scoxton | July 8, 2020
    hak-iq.us20.list-manage.comJuly 8, 2020
  • IBM survey finds majority of organizations don’t have plans in place for common attacks

    • There is an increase in cybersecurity awareness judging by the number of security tools coming up in the market. However, this development confuses some organizations and has a negative impact across multiple categories of the threat lifecycle among those surveyed.
    • Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years compared to 62% of those who didn’t have a formal plan in place.
    | July 8, 2020
    hak-iq.us20.list-manage.comJuly 8, 2020
  • DDoS Myths in 2020

    • The nature of DDoS attacks is shifting, and while some organizations might believe that DDoS is a thing of the past, this is not the case.
    • Attackers are moving away from simple volumetric floods, and focusing on more sophisticated, harder to mitigate application-layer (L7) DDos attacks.
    • The past few months have seen two significant DDoS ransom campaigns: first against banks in South Africa in October 2019, and more recently a targeted campaign against Australian banks and financial institutions.
    - Nikhil Taneja | July 7, 2020
    hak-iq.us20.list-manage.comJuly 7, 2020
  • Intellectual Property Breaches Illustrate New Generation Of Security Threats

    • For many companies, a data breach has become almost a way of life and business as usual. Damages — from customer loyalty and reputation to financial penalties and damage to infrastructure — while sizable, seemingly have not significantly impaired the largest enterprises.
    • While many of the steps and tactics used by insiders are similar or identical to those used by outsiders, insiders may have additional knowledge that outsiders do not.
    • They may have less reliance on reconnaissance and even lateral movement — and command and control interactions would be from within the organization, as would exfiltration.
    - Albert Zhichun Li | July 7, 2020
    hak-iq.us20.list-manage.comJuly 7, 2020
  • Data of 1.29 million LimeRoad users breached, company denies claim: Report

    • Customer data of nearly 1.29 million users of online marketplace LimeRoad was allegedly breached and put up for sale on the dark web. The leaked data included personal information like the name, phone numbers, and email ID of these users.
    • The Ministry of Electronics and Information Technology recently released an advisory via the Computer Emergency Response Team (CERT) warning the public of a large-scale phishing attack against businesses.
    • The advisory states that hackers could try and steal personal and financial information under the pretext of local government authorities.
    | July 1, 2020
    hak-iq.us20.list-manage.comJuly 1, 2020
  • How to protect your organization from coronavirus-related phishing attacks

    • Cybercriminals have been all too happy to take advantage of COVID-19 to deploy virus-related malware and cyberattacks.
    • Phishing emails have been one popular method as they're designed to trap people concerned or anxious about the pandemic.
    • But the focus of these phishing campaigns has shifted as the disease and its side effects have changed over the past few months.
    TechRepublic - Lance Whitney | July 1, 2020
    hak-iq.us20.list-manage.comJuly 1, 2020