Blog | Cyberday.ai

Data Protection and Privacy Officer Priorities 2020

A survey of 471 data protection and privacy officers provides valuable insights into their challenges and priorities for 2020 The Data Protection and Privacy Officer Priorities 2020 report is a comprehensive look at the current challenges DPOs are facing as they adapt their programs to a world in which data privacy is going mainstream. The report surveys 471 privacy specialists working for companies around the world, representing a mix of 16 industries to provide a broad overview of their 2020 […]

Go to article at

15.5.2020

Illegal Personal Data Processing

5 Common Cybersecurity Threats Businesses Face

The best way for businesses to protect against these 5 common threats is to have a comprehensive set of security tools in place, and to train employees and also monitor their activities.

Go to article at

15.5.2020

CyberNow

Ransomware Attack Hits Major US Data Center Provider

CyrusOne, one of the biggest data center providers in the US, has suffered a ransomware attack, ZDNet has learned. FIA Tech, a financial and brokerage firm, has informed customers today that an outage of their respective cloud services originated at their data center provider. FIA Tech did not name the data center provider, but a quick search identified it as CyrusOne. In a message to customers, FIA Tech said "the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider." A source has told ZDNet today that the incident has not impacted all of CyrusOne's data centers, but that restoring servers and customer data will be a lengthy process. The company owns 45 data centers in Europe, Asia, and the Americas, and has more than 1,000 customers.

Go to article at

15.5.2020

Ransomware

Ransomware Victim Southwire Sues Maze Operators

Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.

Go to article at

15.5.2020

Ransomware

43% of IT professionals are still tracking assets in spreadsheets

43% of IT professionals report using spreadsheets as one of their resources for tracking assets, according to Ivanti. Further, 56% currently do not manage the entire asset lifecycle, risking redundant assets, potentially creating a risk, and causing unnecessary and costly purchases. Findings from the survey demonstrate the need for greater alignment between ITSM and ITAM processes, especially when looking at the time spent reconciling inventory/assets. Nearly a quarter of respondents reported spending hours per week … More → The post 43% of IT professionals are still tracking assets in spreadsheets appeared first on Help Net Security.

Go to article at

15.5.2020

Employee Negligence

New Chrome Password Stealer Sends Stolen Data to a MongoDB Database

While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords. This trojan is called CStealer, and like many other info-stealing trojans, was created to target and steal login credentials that were saved in Google Chrome's password manager. Instead of compiling the stolen passwords into a file and sending them to a C2 under the attackers control, the malware connects directly to a remote MongoDB database and uses it to store the stolen credentials. To do this, the malware includes hardcoded MongoDB credentials and utilizes the MongoDB C Driver as a client library to connect to the database. Hardcoded MongoDB Credentials When passwords are stolen, the malware will connect to the database and store the passwords as seen by the network traffic created after it was tested by James. Anyone analyzing this malware, whether it be law enforcement, researchers, or other threat actors, can retrieve the hard coded credentials and use them to gain access to the stolen credentials.

Go to article at

15.5.2020

Malware

Netflix account freeze – don’t click, it’s a scam!

The telltale signs are all there... but if you're in a hurry, this Netflix scam passes the "visual appeal" test.

Go to article at

15.5.2020

Phishing

New Targets Found from BEC Scammers Using Phishing

A group tracked as Ancient Tortoise is targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. Aging reports (aka schedule of accounts receivable) are collections of outstanding invoices designed to help a company’s financial department to keep track of customers who […] The post New Targets Found from BEC Scammers Using Phishing appeared first on IT Security Guru.

Go to article at

15.5.2020

Business-Email-Compromise

Connecticut School District Offline After Cyberattack

Fiscal data and student data is stored remotely — not part of the school network — so that data wasn’t affected, Director of Innovation, Technology and Communications Karen Kaplan said. Schools have remained in session since the attack and staff have been allowed to use their devices offline. The administration sent a voice message to parents and posted it on the school website that schools should be contacted by phone and not email until the issue is resolved. “What’s most important to us is we have no reason to believe that any student data was stolen or that any student data was accessed in any way,” Kaplan said. The schools use many online services, which will be down until the end of next week or longer, Kaplan said, but then schools will be brought back one at a time as each device is individually cleaned. Kaplan said the district has tried to teach staff to recognize phishing emails and since the attack they’ve asked administrators to review protocol for when suspicious emails are received by staff.

Go to article at

15.5.2020

Malware

Weekly #cybersecurity digest to your inbox

🛡️ Cyberdigest: Most important documents in ISO 27001 audit 📑 Join our NIS2 & ISO 27001 webinars ➡️ Look into cyberthreat trends 👾

🛡️ Cyberdigest: 7 new frameworks! 🎉 Explore our ISO 27001 collection 📚 Malware & privacy news 📰

🛡️ Cyberdigest: Secure your passwords! 📝 DORA has come into effect 💰 News: data protection 🔐

Admin training (part 3/5): Risk management and security control implementation

Admin training (part 5/5): Operating and improving an ISMS and reporting compliance

Admin training (part 4/5): Automating employee awareness, guidance and training

ISO 27001 (part 3/5): Certification audit fundamentals

Admin training (part 2/5): Framework selection and asset identification

ISO 27001 (part 4/5): Staff training, guidelines and policy documents

Become a Cyberday partner: Features, benefits and best practices

Cyberday Community has been launched!

ISO 27001 standard updated to 2022 version - what changed?

Efficient cyber risk management with new autopilot mode

Infographic: Why is cyber security getting more and more important?

Cyberday Teams app is now available!

Content update published to Cyberday

Cyberday launched: Frameworks, Teams-integration and much more

Data Protection and Privacy Officer Priorities 2020

5 Common Cybersecurity Threats Businesses Face

Ransomware Attack Hits Major US Data Center Provider

Ransomware Victim Southwire Sues Maze Operators

43% of IT professionals are still tracking assets in spreadsheets

New Chrome Password Stealer Sends Stolen Data to a MongoDB Database

Netflix account freeze – don’t click, it’s a scam!

New Targets Found from BEC Scammers Using Phishing

Connecticut School District Offline After Cyberattack

Get started today

How it works?

Use cases

Resources

Contact us

Weekly #cybersecurity digest to your inbox

🛡️ Cyberdigest: Most important documents in ISO 27001 audit 📑 Join our NIS2 & ISO 27001 webinars ➡️ Look into cyberthreat trends 👾

🛡️ Cyberdigest: 7 new frameworks! 🎉 Explore our ISO 27001 collection 📚 Malware & privacy news 📰

🛡️ Cyberdigest: Secure your passwords! 📝 DORA has come into effect 💰 News: data protection 🔐

Admin training (part 3/5): Risk management and security control implementation

Admin training (part 5/5): Operating and improving an ISMS and reporting compliance

Admin training (part 4/5): Automating employee awareness, guidance and training

ISO 27001 (part 3/5): Certification audit fundamentals

Admin training (part 2/5): Framework selection and asset identification

ISO 27001 (part 4/5): Staff training, guidelines and policy documents

Become a Cyberday partner: Features, benefits and best practices

Cyberday Community has been launched!

ISO 27001 standard updated to 2022 version - what changed?

Efficient cyber risk management with new autopilot mode

Infographic: Why is cyber security getting more and more important?

Cyberday Teams app is now available!

Content update published to Cyberday

Cyberday launched: Frameworks, Teams-integration and much more

Data Protection and Privacy Officer Priorities 2020

5 Common Cybersecurity Threats Businesses Face

Ransomware Attack Hits Major US Data Center Provider

Ransomware Victim Southwire Sues Maze Operators

43% of IT professionals are still tracking assets in spreadsheets

New Chrome Password Stealer Sends Stolen Data to a MongoDB Database

Netflix account freeze – don’t click, it’s a scam!

New Targets Found from BEC Scammers Using Phishing

Connecticut School District Offline After Cyberattack

Stay up-to-date on cyber security

Subscribe for our free, weekly newsletter

* Your email won't be sold nor disclosed forward. Confirmation has more info. Learn more

Get started today

Pysy kärryillä digiturvasta

Tilaa Digiturvauutiset sähköpostiisi

* Osoitetta ei myydä tai luovuteta eteenpäin. Vahvistusviestissä lisätietoja. Lue lisää

How it works?

Use cases

Resources

Contact us