Swimlane CEO James Brear (Image: Swimlane)

Swimlane Raises $70M to Grow Security Automation Outside US

Michael Novinson • July 6, 2022

Swimlane has raised $70 million to expand its clientele beyond the Fortune 2000 and acquire more customers in Europe and Asia-Pacific. The company plans to hire more personnel focused on sales, marketing and partnerships to make the company's low-code security automation platform accessible.

Cyberwarfare / Nation-State Attacks

The Right Way to Change Your Identity Service Providers

Latest

Leadership & Executive Communication

Profiles in Leadership: Deborah Haworth

Anna Delaney • July 6, 2022

Expectations for CISOs and their teams are at an all-time high, says Deborah Haworth, CISO of Penguin Random House UK. "Over the past two years, we've had a number of organizations pivot the way they work, which brings increased security challenges" and increases pressure on employees, she says.

Governance & Risk Management

Django Software Foundation Patches High-Severity Bug

Mihir Bagwe • July 5, 2022

The Django web framework patched a high-severity vulnerability affecting its main branch and three other versions - 3.2, 4.0 and 4.1. Developers who match inputs against safelists are unaffected. There are more than 91,000 websites using the Django framework, many of them based in the United States.

Breach Notification

Unknown Hacker Steals Data of 1 Billion Chinese Citizens

Prajeet Nair • July 5, 2022

A misconfigured Alibaba private cloud server has led to the leak of around 1 billion Chinese nationals' personal details. An unknown hacker, identified as "ChinaDan," posted an advertisement on a hacker forum selling 23 terabytes of data for 10 bitcoins, equivalent to about $200,000.

Cloud Security

RSA Conference 2022 Compendium: 150+ Interviews and More

Information Security Media Group • July 5, 2022

Welcome to ISMG's compendium of RSA Conference 2022. The 31st annual conference covered a wide range of topics including cybercrime, cyberwarfare, zero trust, supply chain risk, ransomware, OT security, cyber insurance and jobs. Access 150+ interviews with the top speakers and influencers.

3rd Party Risk Management

Vendor's Ransomware Attack Hits Over 600 Healthcare Clients

Marianne Kolbasuk McGee • July 5, 2022

A ransomware attack on an accounts receivables management firm has affected hundreds of healthcare clients - including dental practices, physician groups and hospitals, resulting in one of the largest health data breaches involving a vendor so far this year.

Anti-Money Laundering (AML)

Leveraging Interindustry Data to Discover Mule Accounts

Suparna Goswami • July 5, 2022

How can you leverage artificial intelligence and make sense of data from different industries to determine whether a customer is creditworthy or whether an account is a mule account? Guy Sheppard, general manager of financial services at Aboitiz Data Innovation, discusses a case study.

Business Continuity Management / Disaster Recovery

US, Israel Initiate Cybersecurity Collaboration Program

Mihir Bagwe • July 4, 2022

The U.S. and Israel have agreed to a new joint cybersecurity program called BIRD Cyber to enhance the cyber resilience of both countries' critical infrastructures. Grants of up to $1.5 million will be given to entities who jointly develop advanced cybersecurity applications under this program.

3rd Party Risk Management

Constant Vigilance Demanded - Cyber 'Not Just Another Risk'

Tony Morbin • July 4, 2022

The Biden executive order on cybersecurity was a catalyst for action, with tight delivery times for steps including promotion of SBOMs and zero trust. The cyber-physical nexus and expanding threat surface mean it's not easy to maintain vigilance, but recognizing that is the first step.

Cybercrime

Evilnum Hacking Group Updates TTPs Targeting Fintech

Prajeet Nair • July 2, 2022

The Evilnum hacking group has updated its tactics, techniques and procedures and now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. First seen in 2018, the group mainly targets fintech firms in the U.K. and Europe.

Cryptocurrency Fraud

US DOJ Targets Baller Ape Rug Pull and Other Crypto Fraud

Prajeet Nair • July 1, 2022

The U.S. Department of Justice is touting a string of indictments against accused cryptocurrency and NFT fraudsters, including against a Vietnamese man who is allegedly behind the Baller Ape rug pull, the largest such NFT fraud to date. Rug pulls are the largest form of cryptocurrency-based crime.

Cyberwarfare / Nation-State Attacks

ISMG Editors: Russia's War Has Changed the Cyber Landscape

Anna Delaney • July 1, 2022

Four ISMG editors discuss important issues, including how Russia's cyber and kinetic wars in Ukraine have changed the cybersecurity landscape, what recent layoffs at cybersecurity firms mean for the industry and how cybercriminals are taking a page out of the white hat hacker playbook

3rd Party Risk Management

Malware Disrupts Multiple US State Unemployment Websites

Mihir Bagwe • July 1, 2022

Unemployment benefits websites across the United States are offline after a malware attack was detected at third-party vendor Geographic Solutions Inc. The vendor, which serves dozens of state labor departments, says no personally identifiable information has been affected by the attack.