Webscrapers are bots that crawl public sites looking for information such as products, inventories, descriptions, pricing, anything. Research shows in some industries they can account for 40-60% of web traffic significantly skewing analytics, overloading servers and internet access. Worse is when they steal your images and logos allowing cyber criminals to clone your site and steal traffic. Even when used solely for legitimate purposes, webscrapers affect your business by rendering the analytics used for marketing and product plans inaccurate.

https://www.darkreading.com/operations/web-scrapers-have-bigger-than-perceived-impact-on-digital-businesses/d/d-id/1337890?_mc=KJH-Twitter-2019-05&fbclid=IwAR05PLP3dt8DAXJ0wtzkNfT1nMmlGA_PGUOU86EUNi7vAIHkt2YTCwHK-Uo

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

The Covid-19 pandemic has changed priorities for companies and their IT departments. Enabling work from home and other necessary shifts have been the focus of the effort and budgets. But the need for compliance has not gone away nor will it. Do not neglect compliance with all that is going on.

https://www.darkreading.com/risk/the-need-for-compliance-in-a-post-covid-19-world/a/d-id/1337840?fbclid=IwAR1edFmd3sQksimFr0AbDrp6gKauF8X1ya8BlDLAjDJ_oq1AyG9Y-VYMpBc

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

Telco networks used to use proprietary protocols and devices. But over the past few years as the technology changed, telcos switched to commercial networking providers. The networks did get hacked before, but the use of commercial networking equipment makes them more vulnerable. The intent of the hacks is to penetrate client company networks and insert phishing and other attacks. 

https://www.darkreading.com/cloud/telcos-become-richer-hacking-targets/d/d-id/1337888?_mc=KJH-Twitter-2019-05&fbclid=IwAR2eBSemd7zMLlEk2PlUZNWjjtqGKLUsPRyidy8n83y5QfhWKfmRiuIVuYk

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

A new security advisory issued by Microsoft warns of a vulnerability in the DNS Servers that would allow a denial of service attack. 

https://www.darkreading.com/threat-intelligence/microsoft-warns-of-vulnerability-affecting-windows-dns-server/d/d-id/1337872

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

Law enforcement has warned against paying in a ransomware attack. Companies did pay thinking it would be a faster path to restoring business as usual. New research shows that not only isn’t it a faster path to business as usual, it can double the costs. 

https://healthitsecurity.com/news/paying-the-ransom-can-double-ransomware-attack-recovery-costs?eid=CXTEL000000294682&elqCampaignId=14498&utm_source=nl&utm_medium=email&utm_campaign=newsletter&elqTrackId=a00740f1ad7144b1a269f0bda64d5456&elq=09e8d68219bd4385b415a611559ac463&elqaid=15212&elqat=1&elqCampaignId=14498

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

An online marketplace selling access to hacked servers is continuing to grow becoming the largest vendor of this information. Sadly some of the hacked servers belong to hospitals, state governments and financial institutions.  

https://www.zdnet.com/article/a-cybercrime-store-is-selling-access-to-more-than-43000-hacked-servers/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12833929&cid=2201587059

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

As we have mentioned earlier, cyber criminals are quick to recognize what captures peoples’ attention, and capitalize on it. Now, it is Covid-19. Many people are looking for information or advice on Covid-19. Cyber criminals know this and create realistic looking sites or send phishing emails that offer information, PPE (Personal Protective Equipment), or faster government stimulus checks or anything else to get us to click. Don’t do it! 

https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12833929&cid=2201587059

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

The widely used Thunderbolt interface has been shown to have a flaw allowing someone with access to the port to bypass passwords and other security. A feature of Thunderbolt is direct access to memory, and it is this that allows attackers access. The good news is that the attackers need physical access to the device. 

https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12828901&cid=2201587059

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

Computer services firm Cognizant has released information saying the cost of the ransomware attack that hit it in April was over $50 million.         

https://www.databreachtoday.com/cognizant-ransomware-attack-expense-at-least-50-million-a-14255?rf=2020-05-12_ENEWS_SUB_DBT__Slot9_ART14255&mkt_tok=eyJpIjoiT0dabFlURXdPRGd5TTJWbSIsInQiOiJPd2doK25oUjVUbk5xdkpBVXlSNGltTllOQ2JUaDJGOHJjZXdvVmRLcWpcL3FMVHR6bngxTEplMnRJaWJmOTVIbm9TZUVkcDBrRUJjbWpYbXNpTG1kVDdSXC9CQjRQUzQyc3NBWDJobTFaR0Z6RGxWVERXN1pQeHJIdEVNWVRrUFYyIn0%3D

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

Passwords have been a security tool for decades. But their weaknesses have been well documented. Now a Microsoft VP provides more information on getting rid of passwords.

https://www.darkreading.com/operations/microsoft-identity-vp-shares-how-and-why-to-ditch-passwords/d/d-id/1337772?_mc=NL_DR_EDT_DR_weekly_20200514&cid=NL_DR_EDT_DR_weekly_20200514&elq_mid=97272&elq_cid=27694253

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

Finding security bugs is serious but finding them in software and hardware designed to provide security is concerning. Fortunately, it appears these bugs were found by security companies who notified Cisco and who in turn, is notifying clients. The affected items are the Adaptive Security Appliance and Firepower Threat Defense system. Some of the bugs are rated as high-severity. Clients of these Cisco products are advised to apply patches as soon as possible. 

https://www.zdnet.com/article/cisco-these-12-high-severity-bugs-in-asa-and-firepower-security-software-need-patching/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12823689&cid=2201587059

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

While ransomware attacks may be down, other attacks including phishing related to Covid-19 are rising fast. Cyber criminals are adept at finding ways to grab our attention and make us click or do other dangerous actions. The high demand for Covid-19 information is one of those things we are all interested in. 

CISOs are the ones working hard to keep us safe and these are the things keeping them up at night. 

https://www.darkreading.com/vulnerabilities---threats/things-keeping-cisos-up-at-night-during-the-covid-19-pandemic/a/d-id/1337675?_mc=NL_DR_EDT_DR_weekly_20200507&cid=NL_DR_EDT_DR_weekly_20200507&elq_mid=97178&elq_cid=27694253

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

One positive aspect of the Corona-19 pandemic is that ransomware attacks are down significantly from 2019 levels. Sadly, this is not expected to continue as the pandemic declines. 

https://healthitsecurity.com/news/ransomware-success-declines-amid-covid-19-but-resurgence-is-likely

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

SAP notified a number of customers that an internal review showed that several products failed to meet security standards of contracts or legal obligations. The products affected were cloud based. The company is still working on fixes. Customers should watch for updates from Cisco and apply them as soon as possible.  

https://www.zdnet.com/article/sap-notifying-9-of-customers-about-security-bugs-in-some-cloud-products/?ftag=TRE49e8aa0&bhid=29017885593246285133005340243949&mid=12822307&cid=2201587059

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

A previously relatively quiet hacking group launched a massive attack against close to 1 million WordPress sites. The attack leveraged a number of vulnerabilities attempting to steal credentials. WordPress recommends that users apply updates to themes and plugins. WordPress suggests the use of an application firewall to block these and other attempts at compromise.  

https://www.zdnet.com/article/a-hacker-group-tried-to-hijack-900000-wordpress-sites-over-the-last-week/?ftag=TRE49e8aa0&bhid=29017885593246285133005340243949&mid=12822307&cid=2201587059

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

The global pandemic has shifted workers from the office to the home leading to a higher reliance on cloud services. But security of the cloud services remains with the client company. 

https://www.careersinfosecurity.com/how-telework-changing-cloud-security-a-14193?rf=2020-04-30_ENEWS_SUB_CAIS__Slot3_ART14193&mkt_tok=eyJpIjoiWWpKa056VTFNRFF5TVRGaSIsInQiOiJ0azl6b2wwOWRTemEwYjRGbitpOXpWOXlIZkhnYndsUlFQMnIwUHg4SXpcL2U2VkYyYWd0WEZENkdOYWp4T3JkY1wvaFBPMTk4U0FBZVhBanRkb0hnQVwvbHBIZHVoXC9aUE1UQURzUkpDNmpBY0RCcHIwWm84NTFFUlNqbFZRUzE3QWIifQ%3D%3D

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

Not surprisingly cyber-attacks on mobile platforms are increasing. Also, not surprisingly, COVID-19 is a popular theme to get people to click. 

https://www.msspalert.com/cybersecurity-research/mobile-malware-q1-2020-kaspersky/?utm_medium=email&utm_source=sendpress&utm_campaign

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

You receive a tipoff that your systems have been breached. Do you notify customers and suppliers? And if so, what information do you reveal?

https://www.careersinfosecurity.com/data-breaches-how-to-respond-to-tipoff-problem-a-14191?rf=2020-04-30_ENEWS_SUB_CAIS__Slot9_ART14191&mkt_tok=eyJpIjoiWWpKa056VTFNRFF5TVRGaSIsInQiOiJ0azl6b2wwOWRTemEwYjRGbitpOXpWOXlIZkhnYndsUlFQMnIwUHg4SXpcL2U2VkYyYWd0WEZENkdOYWp4T3JkY1wvaFBPMTk4U0FBZVhBanRkb0hnQVwvbHBIZHVoXC9aUE1UQURzUkpDNmpBY0RCcHIwWm84NTFFUlNqbFZRUzE3QWIifQ%3D%3D

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

Cyber criminals have found at least one major bank that will reveal the last three transactions if caller id matches the phone number on file. The criminals are spoofing your number to get the last three transactions which can be used in conjunction with the spoofed caller id to access the account. And the attack gets more complicated. 

https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/

If clicking the link does not take you to the proper page, copy and paste the link into your browser.

A bug discovered recently was patched by Oracle in mid-April. But now attacks on that bug have begun and Oracle issued an alert advising all Weblogic customers to install the patch.  

https://www.zdnet.com/article/oracle-warns-of-attacks-against-recently-patched-weblogic-security-bug/?ftag=TRE-03-10aaa6b&bhid=29017885593246285133005340243949&mid=12815612&cid=2201587059

If clicking the link does not take you to the proper page, copy and paste the link into your browser.