Security daily (20-09-2021)

058| Paths to Infosec: From ER to IR

Data breaches and other security incidents have become a frequent, severe problem for organizations. But with incident responders in short supply, there are fewer professionals available to help organizations in their hour of need. We're joined this episode by F-Secure incident response consultant Eliza Bolton, who successfully transitioned to cybersecurity from the nursing profession, and F-Secure's head of incident response, Matt Lawrence. Matt and Eliza share their views on tackling the cyber skills shortage, why diverse teams are more adaptable, and why Eliza’s background as a nursing assistant is an asset in the world of incident response.  Links: Episode 58 transcript F-Secure Consulting UK Associate Scheme (Cyber Security Sauna)

Democrats urge FTC to make privacy rules while fight over a federal law drags on

Nine Senate Democrats are urging the Federal Trade Commission to make new data privacy rules that will work in parallel with the long-running effort by Congress to reach an agreement on a federal privacy law. Lawmakers are urging the agency to look at better protecting vulnerable communities from discriminatory data practices, as well as requiring companies to get consumers to explicitly opt into having their data collected. “We believe that a national standard for data privacy and security is urgently needed to protect consumers, reinforce civil rights, and safeguard our nation’s cybersecurity,” the group of Senators led by Richard Blumenthal, D-Conn., wrote. The letter comes in response to frustrations that the FTC’s current rules against unfair and deceptive practices have proven ineffective to take on major privacy violations and data breaches by technology companies. Leaning on the authority in lieu of strong national privacy protections has forced the agency to […] The post Democrats urge FTC to make privacy rules while fight over a federal law drags on appeared first on CyberScoop. (CyberScoop)

Ransomware gang strikes Iowa agriculture business New Cooperative, the latest hack on food supply chain

The BlackMatter ransomware gang has struck an Iowa agricultural business, New Cooperative, and is demanding a $5.9 million ransom. Several security researchers first called attention to the hack on Monday, and the company confirmed that it had been hit with a cyberattack and shut down its systems in response. It’s another big hit against the agriculture industry, following the May ransomware attack on JBS by REvil, a gang that researchers said has ties to BlackMatter. “Out of an abundance of caution, we have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained,” New Cooperative said in an emailed statement. “We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation.” New Cooperative is a grain collective based out of Fort Dodge. In negotiations dated Sept. 19 and posted online, a person speaking […] The post Ransomware gang strikes Iowa agriculture business New Cooperative, the latest hack on food supply chain appeared first on CyberScoop. (CyberScoop)

Police say scammers who used email fraud, SIM swapping are connected to Italian mafia

Police in Europe have arrested more than 100 people who allegedly stole more than $11 million in a years-long fraud operation that law enforcement officials have linked to an Italian mafia group. Officials in Italy and Spain arrested 106 suspects who are accused of using phishing, credit card fraud and other cybercrime techniques in conjunction with drug trafficking and property crime, according to the European law enforcement agency Europol. Thieves used business email compromise schemes and SIM swapping — in which scammers take control of a victim’s phone number to steal sensitive information — before laundering the funds via a network of shell companies and money mules, police said in a statement Monday. The bust is the latest evidence hinting at the extent to which established organized crime groups are adopting the methods typically used by hackers. While scammers are known to operate in loose crime rings in Russia, Nigeria […] The post Police say scammers who used email fraud, SIM swapping are connected to Italian mafia appeared first on CyberScoop. (CyberScoop)

Momentum builds to strengthen FTC's role as privacy enforcer, though hurdles remain

When the White House nominated Alvaro Bedoya, a Georgetown law professor known for his expertise on privacy, for a role on the Federal Trade Commission, privacy advocates interpreted the move as the latest evidence that the agency is looking to expand its work investigating and bringing cases against companies that exploit and mismanage consumer data. Bedoya, a former Senate Judiciary counsel who is known for his work addressing racial and gender bias on facial recognition technology and other surveillance of communities of color, comes with the promise of what privacy advocates envision for the future of the agency. “Just as Lina Khan really sent a strong signal about taking the FTC seriously as an antitrust regulator, I think that the nomination of Alvaro Bedoya should send us the same signal to take the agency seriously as a privacy regulator,” said Christine Bannan, senior policy counsel at the Open Technology Institute, one […] The post Momentum builds to strengthen FTC's role as privacy enforcer, though hurdles remain appeared first on CyberScoop. (CyberScoop)

“Back to basics” as courier scammers skip fake fees and missed deliveries

"Stop. Think. Connect." Say those words aloud - and please pronounce the pauses prescribed by the periods! (Naked Security)

BSidesSF Call For Papers Announced

(News ≈ Packet Storm)

FBI Says $133 Million Lost In Romance Scams In 2021

(News ≈ Packet Storm)

Epik Data Breach Affects 15 Million Users, Including Non-Customers

(News ≈ Packet Storm)

Google Announces Major Privacy Change Coming To Android

(News ≈ Packet Storm)

Police Announce Huge Bust Of Mafia's Cyber Crime Operations

(News ≈ Packet Storm)

5 Types of Hackers & Why They Hack

When considering why hackers are attacking websites, you might think that there’s a specific reason they target you as a website owner—your business, your reputation, or your information. The truth is, while it feels personal to the victim, hackers rarely single out specific targets. Most of the time, hackers perform mass searches for specific vulnerabilities, and target these sites collectively. Before we look at the psychology behind website hacks, we should first break our hackers out into groups based on their motivations. Continue reading 5 Types of Hackers & Why They Hack at Sucuri Blog. (Sucuri Blog)

Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters

Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 million) in illegal proceeds in just a year. "The suspects defrauded hundreds of victims through phishing attacks and other types of online fraud such (The Hacker News)

A New Wave of Malware Attack Targeting Organizations in South America

A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research. Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected (The Hacker News)

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety. (Threatpost)

Europol Breaks Open Extensive Mafia Cybercrime Ring

Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits. (Threatpost)

Payment API Bungling Exposes Millions of Users’ Payment Data

Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out. (Threatpost)

Bring Your APIs Out of the Shadows to Protect Your Business

APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do. (Threatpost)


/security-daily/ 21-09-2021 23:44:22