- Vishing is a phone scam type of phishing attack.
- In a vishing attack, a scammer uses a phone call to target their victims and steal information, money, or both.
- Vishing can also be a type of social engineering scam — that is, the criminal uses specific or “vague enough to be real” details about the victim to get them to believe the scam caller is real and should be trusted.
BUSINESS 2 COMMUNITY - Steve Turner | August 5, 2020
- Studies shows that since the coronavirus outbreak, phishing attacks increased by 40%.
- Working remotely comes with its own challenges for organisations, such as employees using personal laptops to access work materials.
- While others might use their work machines to access personal applications, download materials from untrusted sites, or use USBs that have malware, which then creates attack vectors and additional vulnerabilities that could lead to a data breach.
- Businesses should align their cybersecurity goals with business priorities, evaluate the effectiveness of their cybersecurity and Identify and protect the most valuable processes and information assets.
MSN News | August 4, 2020
- SecOps, Security Operations, is the buzzword in the IT world now, especially after the outbreak of COVID-19.
- Security Operations engineer works on the security and performance of network infrastructure. This means he should have knowledge about both cybersecurity and cloud architecture.
- Apart from shielding networks from potential vulnerabilities such as ransomware attack or phishing, they should know social engineering aspects as well.
MSN - Swathi Moorthy | August 3, 2020
- A growing threat, SIM swapping occurs when a cybercriminal calls a wireless network provider and tells them a legitimate user’s phone was lost or stolen.
- They then ask the provider to activate a new SIM card connected to the legitimate user’s phone number on a phone owned by the fraudster.
- If successful, fraudsters will then receive the real user’s text messages, calls and data to the newly activated device under their control.
- Robert Prigge | August 3, 2020
- Enterprises who are increasing the average number of endpoint security agents from 9.8 last year to 10.2 today aren't achieving the endpoint resilience they need because more software agents create more conflicts, leaving each endpoint exposed to a potential breach.
- 1 in 3 enterprise devices is being used with a non-compliant VPN, further increasing the risk of a breach.
- Bad actors are getting very good at finding the weakest links of an enterprises’ cyber defenses fast.
- They’re able to look at the configuration of endpoints, see which software agents are installed, research known conflicts and exploit them to gain access to corporate networks.
- Louis Columbus | August 2, 2020
- The fallout continues Sunday after officials at California State University, Northridge announced it had indirectly paid ransom to hackers, who stole some of its data.
- Students are now attempting to assess just how at risk they are, now that they have been notified that ransomware criminals broke into the CSUN network to lock users out of school servers.
| August 2, 2020
- THE National Privacy Commission (NPC) is reminding employers of their responsibility under the Data Privacy Act to implement policies and processes that ensure the security and privacy of their customers and employees as telecommuting or work-from-home arrangements become widespread.
- It is the employer’s responsibility to identify the risks inherent in a telecommuting or work from home arrangement and come up with the proper policies and processes for these arrangements and ensure that there are mechanisms to monitor that they are being implemented properly.
Philippines | August 2, 2020
- The road to modern applications can be arduous as complex legacy infrastructure, inefficient manual processes and organizational silos persist as barriers to progress.
- There are four pillars to a successful modern applications strategy: cloud native applications (built with microservices), cloud native platforms, continuous integration / continuous delivery pipelines and adoption of DevOps culture and practices.
| July 30, 2020
- According to Twitter, the answer is a phone spear phishing attack that targeted a “small number” of employees who did not all have access to management tools. However, attackers then “used their credentials to access our internal systems and gain information about our processes.”
- Twitter also released more details about what the attackers did with that access — targeting 130 accounts, tweeting from 45, accessing the DM inboxes of 36 and copying account data from 7.
engadget - Richard Lawler | July 29, 2020
San Diego Cyber Incident Response Guide
Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.