Articles of interest from the week of May 20, 2019

Baltimore ransomware nightmare could last weeks more, with big consequences

It's been nearly two weeks since the City of Baltimore's networks were shut down in response to a ransomware attack, and there's still no end in sight to the attack's impact. It may be weeks more before the city's services return to something resembling normal—manual workarounds are being put in place to handle some services now, but the city's water billing and other payment systems remain offline, as well as most of the city's email and much of the government's phone systems. (By Sean Gallagher, Ars Technica)

Google's Own Data Proves Two-Factor Is the Best Defense Against Most Account Hacks

Ask almost any cybersecurity professional and it'll likely rank as more important than using unique or strong passwords. Two-factor, which adds an additional step in your usual log-in process by sending a unique code to a device you own, is the greatest defense between a hacker and your online account data. (By Zack Whittaker, TechCrunch)

DDoS Attacks on the Rise After Long Period of Decline

The number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab. The global cybersecurity company's findings, detailed in its DDoS Attacks in Q1 2019 report, come in the wake of dramatically falling numbers of DDoS attacks recorded throughout 2018, suggesting that cyber-criminals are once again turning to DDoS as an attack method after a sustained period of shifting their attention to other sources of income last year, such as cryptomining. (By Michael Hill, Infosecurity Magazine)

Phishing Targeting Saas and Webmail Services Increased to 36% of All Phishing Attacks

Users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency, according to the APWG Q1 2019 Phishing Activity Trends Report. (By Help Net Security)

Effective Pen Tests Follow These 7 Steps

When an organization is getting ready to pay for an outside group to come in for a penetration test, executives might be tempted to answer the question, "What do we want them to test?" with a simple, "Everything, of course!" Giving in to that temptation, though, can be a grave mistake. (By Curtis Franklin Jr., Dark Reading)