Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats

[TechWeb]( Follow Dark Reading: [RSS]( November 20, 2019 LATEST SECURITY NEWS & COMMENTARY [Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats]( Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways. [Attacker Mistake Botches Cyborg Ransomware Campaign]( Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update. [TPM-Fail: What It Means & What to Do About It]( Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs. [Most Companies Lag Behind '1-10-60' Benchmark for Breach Response]( Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey. [Disney+ Credentials Land in Dark Web Hours After Service Launch]( The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords. [Magecart Hits Macy's: Retailer Discloses Data Breach]( The retail giant discovered malicious code designed to capture customer data planted on its payment page. [A Security Strategy That Centers on Humans, Not Bugs]( The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users. [I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned]( A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself. [DDoS Attacks Up Sharply in Third Quarter of 2019]( DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly. [MORE NEWS & COMMENTARY]( HOT TOPICS [5 Cybersecurity CISO Priorities for the Future]( Seven chief information security officers share their pain points and two-year spending plans. [Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed]( Degrees, certifications, and experience are all important to career development, but mastering the people side of the equation may matter a whole lot more, CISOs say. [Windows Hello for Business Opens Door to New Attack Vectors]( Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation. [MORE]( EDITORS' CHOICE [13 Security Pros Share Their Most Valuable Experiences]( From serving as an artillery Marine to working a help desk, a baker's dozen of security pros share experiences that had the greatest influence on their careers. [DevSecOps: The Answer to the Cloud Security Skills Gap]( There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap. NEW FROM THE EDGE [How Medical Device Vendors Hold Healthcare Security for Ransom]( While being pummeled by ransomware attacks, healthcare centers also face growing IoT-related threats. Here's how they manage security amid a complex set of risks. [If You Never Cared About Security ...]( Oh, I used to feel that way. (Until a BEC attack.) Tech Resources - [Tech Digest: How to Get Started with Emerging Tech]( - [[Infographic] Are You Maximizing Value of the Cloud?]( - [2019 State of DevOps]( - [Managing SaaS and Cloud Service Performance]( - [Network Detection and Response: Cloud Security's Missing Link]( - [2019 State of the Internet / Security: Phishing - Baiting the Hook]( - [Healthcare Cyber Heists in 2019]( [ACCESS TECH LIBRARY NOW]( - [Enterprise IoT: Rise of the Unmanaged Devices]( Join the leading enterprise IoT security company, along with IBM Security Services, to see real-life scenarios of these new unmanaged devices - from enterprise to healthcare to manufacturing. - [Building a Security Culture]( In this webinar, learn the elements of a security culture, how to build one at your organization, and how to know it's working. [MORE WEBINARS]( FEATURED REPORTS - [2019 Threat Hunting Report]( - [Getting Started With Emerging Technologies]( [MORE REPORTS]( CURRENT ISSUE [Navigating the Deluge of Security Data]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Respond Software Launches First Responder Service to Automate Speed, Accuracy of MDR at Fraction of Cost]( [Research: A third of the world's largest enterprises use inadequate data sanitization to prevent data breaches at end-of-life]( [Kaspersky: More Senior Execs Making Cyber Decisions]( [NINJIO Introduces Security Awareness Training for SMBS]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:email@techwebnewsletters.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2019]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:iwkbtnnewsletters@ubm.com)