IT Security Newsletter - 08/18/2020
World's largest cruise line operator Carnival hit by ransomware
Cruise line operator Carnival Corporation has disclosed that one of their brands suffered a ransomware attack over the past weekend. Carnival Corporation is the largest cruise operator in the world with over 150,000 employees and 13 million guests annually. The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and their ultra-luxury cruise line Seabourn. READ MORE...
Reported Breach Count for H1 2020 Lowest in Five Years
While reported breach numbers are down, a handful of "mega" breaches resulted in more data records being exposed than ever before, analysis shows. For all the concern over heightened cyberthreat activity related to the COVID-19 pandemic, the number of data breaches publicly disclosed in the first half of this year was the lowest since 2014. New research by Risk Based Security uncovered a total of 2,037 publicly reported breaches through June 30th. READ MORE...
Gym app management platform exposed info of thousands of users
Hackers could hijack user accounts in dozens of fitness and gym mobile applications, even where the two-factor authentication (2FA) mechanism was active. The common ground for all the apps is Fizikal, a management platform from Israel for gyms and sports clubs that allows customers to handle their subscription and class registration. Several vulnerabilities affecting the Fizikal platform could be chained to bypass security checks, enumerate users. READ MORE...
Windows 10 features that boost your computer's security
Microsoft has made security a major focus of the Windows 10 operating system and it shows with numerous features designed to protect you from malware, exploits, and cyberattacks. Windows 10 computer is a treasure trove of hidden security features that you can manually enable to further enhance your security. In this article, we've highlighted the best security features that you should try on Windows 10. Potentially unwanted applications (PUA) protection. READ MORE...
IcedID Trojan Rebooted with New Evasive Tactics
Juniper identifies phishing campaign targeting business customers with malware using password protection, among other techniques, to avoid detection. Threat actors have enhanced a banking trojan that has been widely used during the COVID-19 pandemic with new functionality to help it avoid detection by potential victims and standard security protections. Attackers have implemented several new features - including a password-protected attachment, keyword obfuscation and minimalist macro code. READ MORE...
The IT Backbone of Cybercrime
Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too. As organizations increasingly adopt digital platforms, criminals are snapping at their heels, slavering to breach those platforms and steal money. The "Global Risks Report 2020," published by the World Economic Forum (WEF), notes that cybercrime will be the second most-worrisome risk for global business until at least 2030. READ MORE...
How do I select a risk assessment solution for my business?
One of the cornerstones of a security leader's job is to successfully evaluate risk. A risk assessment is a thorough look at everything that can impact the security of an organization. When a CISO determines the potential issues and their severity, measures can be put in place to prevent harm from happening. To select a suitable risk assessment solution for your business, you need to think about a variety of factors. We've talked to several cybersecurity professionals to get their insight on the topic. READ MORE...
Cybersecurity Companies Among Smaller Firms Hit with Brand Spoofing
Researchers find smaller organizations, including some in the cybersecurity space, increasingly targeted with these impersonation attacks. Cybercriminals who focus on brand-spoofing attacks are setting their sights on smaller targets, including some cybersecurity companies, many of which can't afford to mitigate these attacks. Brand spoofing, or impersonation, attacks typically target large brands. Attackers send emails pretending to come from an organization. READ MORE...
Firms Still Struggle to Prioritize Security Vulnerabilities
Security debt continues to pile up, with 42% of organizations attributing remediation backlogs to a breach, a new study shows. Most businesses can't keep up with the influx of vulnerabilities affecting their software and infrastructure: every six months the average firm fails to patch 28% of the vulnerabilities in their hardware and software, leading to a backlog of more than 57,000 unfixed security issues, a new study found. Such a security "debt" leaves companies vulnerable. READ MORE...
- ...in 1587, In the Roanoke Island colony, Ellinor and Ananias Dare become parents of a baby girl, the first English child born in what would become the United States.
- ...in 1868, French astronomer Pierre Janssen discovers helium while studying the Sun's spectrum during a solar eclipse.
- ...in 1914, Germany declares war on Russia while President Woodrow Wilson issues his Proclamation of Neutrality.
- ...in 1982, Pete Rose sets a record with his 13,941st plate appearance.