El Diario del CISO El Diario del CISO (The CISO Journal) Edición 5 | Page 8

News1.1
EL DIARIO DEL CISO
(THE CISO JOURNAL)
Pensando y Trabajando por
un Líder de Seguridad Digital
2.7M recorded medical calls, audio
files left unprotected on web | CSO
Online
Ms. Smith (not her real name) is a freelance writer and
programmer with a special and somewhat personal
interest in IT privacy and security issues.
7 cheap or free cyber security training resources
7 mobile security threats you should take seriously in 2019
Addressing Today’s Risks Requires Reliable Threat Intelligence
Are zero-day exploits the new norm?
Building a Security-first Culture Starts with Coding
Combatting drama and barriers in the infosec community
DDoS explained: How distributed denial of service attacks are evolving
Dow Jones list of high-risk businesses, people on unsecured database
Elasticsearch clusters face attacks from multiple hacker groups
Enterprises need to embrace top-down cybersecurity management
Hackers can invisibly eavesdrop on Bigscreen VR users
How much does it cost to launch a cyberattack?
How to protect intellectual property? 10 tips to keep IP safe
IoT botnets target enterprise video conferencing systems
North Korean hackers target Russian-based companies
Qbot malware resurfaces in new attack against businesses
Ransomware attacks hit Florida ISP, Australian cardiology group
The CSO and CPO role just dramatically expanded overnight
The cybersecurity legislation agenda: 5 areas to watch
Top 9 cybersecurity M&A deals of 2018 and 2019 (so far)
What is a botnet? And why they aren't going away anytime soon
What is ethical hacking? How to get paid to break into computers
Coinhive closes its doors | SC Media
The popular in browser cryptomining service Coinhive
announced it is shutting down operations next week
claiming the service isn’t economically viable anymore.
42,000 patients data compromised AdventHealth Medical Group data breach
Australian PM says parliament, political party hacks work of state actor
Breach could impact roughly 326,000 UConn Health patients
Cisco patches two code execution vulnerabilities
Cybercriminals spend like rockstars
Dow Jones database holding 2.4 million records of politically exposed persons
Drupal software update patches highly critical RCE bug
Fin6 using FrameworkPOS scraping malware in POS attacks
High Critical Drupal flaw being exploited in the wild
IoT devices attacked faster than ever, DDoS attacks up dramatically: Netscout
Misconfigured database exposes 974,000 University of Washington Medicine
patients
Monero miners combines RADMIN and MIMKATZ to spread and infect
New B0r0nt0K ransomware roughs up Linux servers
North Korean hackers allegedly pick on Russian targets for a change
Palisades Park receives $200,000 advance after cyberattack
Russian cyberattackers are in and gone in less than 20 minutes
Shifty new variant of Qbot banking trojan spreads
The road ahead in cyber
UK consumers more likely to abandon a breached company
Wendy’s to pay $50M in data breach settlement
Dow Jones Data Exposed on Public
Server
An “authorized third party” exposed a Dow Jones
database with more than 2.4 million records of risky
businesses and individuals on a public server
11 Takeaways: Targeted Ryuk Attacks Pummel Businesses
15 GDPR Probes in Ireland Target Facebook, Twitter, Others
Cohen: Trump Was Aware of WikiLeaks Planning Email Dump
Criminals, Nation-States Keep Hijacking BGP and DNS
Cryptocurrency Miners Exploit Latest Drupal Flaw
Data Breach Notification: California Targets 'Loopholes'
Dongle Danger: Operating Systems Don’t Defend Memory
Facebook Smackdown: UK Seeks ‘Digital Gangster’ Regulation
Facebook’s Leaky Data Bucket: App Stored User Data Online
Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites
Misconfiguration Leads to Major Health Data Breach
Password Managers Leave Crumbs in Memory, Researchers Warn
Report: UK Believes Risk of Using Huawei is Manageable
Sen. Warner Demands Answers on Healthcare Cybersecurity
Sunset of Windows Server 2008: Migrate with Docker
Tech Industry Pushes for Australian Encryption Law Changes
Toyota Australia, Healthcare Group Hit By Cyberattacks
UConn Health Among the Latest Phishing Victims
Wendy's Reaches $50 Million Breach Settlement With Banks
WhatsApp Flaw Could Enable iOS Message Snooping
A potential data breach at UConn
Health impacts the personal data of
about 326,000 individuals | Cyware
Hacker News
Healthcare Cybersecurity - UConn Health is notifying
about a potential data breach after the hackers gained
unauthorized access to a limited number of employee
email accounts.
A new malspam campaign distributes a malicious RAR archive exploiting the
WinRAR ACE vulnerability
Attackers compromised Bangladeshi Embassy website to distribute malicious
Word documents
Critical vulnerabilities in SHAREit app could allow attackers to download arbitrary
files in victims’ devices
Cybercriminals encrypt 15,000 medical files belonging to Australian hospital and
demand ransom
Monero-miner variant found leveraging RADMIN and MIMIKATZ tool kits to spread
across networks
More than 3000 websites hacked to steal 2.7 billion email addresses and
passwords
New Golang brute-forcing malware used to target Magento E-commerce sites
New Russian language malspam distributes Shade ransomware
New Spear Phishing campaign targets US national security think tanks with
BabyShark malware
Newly discovered MarioNet browser-based attack can allow attackers to control
your browser
Over 69,000 payment card dumps are available for sale on Joker’s Stash
underground marketplace
Retail trading industry targeted with malware attacks; stolen data being sold on
Dark Web
Toyota Australia hit by cyberattack; No customer data compromised
Turkish hackers target popular Instagram profiles in a new phishing campaign