Matt Moynahan, president and CEO, OneSpan (Image: OneSpan)

OneSpan to Buy ProvenDB to Securely Store, Vault Documents

Michael Novinson • January 26, 2023

OneSpan plans to purchase an Australian startup founded by a longtime Quest Software executive to securely store and vault documents based on blockchain technology. Melbourne, Victoria-based ProvenDB uses blockchain to deliver security that prevents data tampering and document alteration.

►

Cloud Security

The Art of Mapping Security Goals to Existing Investments

Latest

Geo Focus: The United Kingdom

UK Insurers Mostly Withstand Cyber Stress Test

David Perera • January 26, 2023

A periodic stress test assessment of U.K. insurers by the Bank of England found underwriters mostly withstood extreme cyber events. Still, underwriters may not be operating from the same set of assumptions when it comes to the likelihood of having to manage an actual extreme cyber event.

Critical Infrastructure Security

Uniform Infrastructure Raises Risk for Industrial Attacks

Michael Novinson • January 26, 2023

The increased physical connectivity of digital assets has expanded the attack surface and added complexity for engineers in industrial environments, says Dragos CEO Robert Lee. More industrial automation and new systems have made it tougher for plant operators to conduct root cause analysis.

Cyberwarfare / Nation-State Attacks

UK Warns of Surge in Russian, Iranian APT Phishing Threats

Akshaya Asokan • January 26, 2023

Russian and Iranian state-sponsored hackers are using advanced social engineering tactics to target journalists, defense organizations and academic and civil society organizations in the U.K. for cyberespionage campaigns, the British National Cyber Security Center warns.

Fraud Management & Cybercrime

2 Hacks Involving Mental Health Data Affected Nearly 400,000

Marianne Kolbasuk McGee • January 26, 2023

Two hacking breaches - one at a non-profit provider of foster care, mental health and substance treatment services, and the other at a provider of behavioral health services - have affected sensitive information of nearly 400,000 individuals.

Fraud Management & Cybercrime

Facebook, Instagram Blasted for 'Lame' Security Practices

Anna Delaney , Cal Harrison • January 26, 2023

Meta's popular social media platforms are increasingly being targeted by cybercriminals, and account takeover complaints rose over 1,000% last year. This social threat is spilling over into banks and government agencies, and experts criticize Meta for moving too slowly to address security issues.

Cyberwarfare / Nation-State Attacks

Ukraine's Critical Sectors Targeted in Phishing Attack Surge

Mathew J. Schwartz • January 26, 2023

While Russian military forces and allied groups continue to pummel Ukrainian targets with online attacks, security experts tracked a phishing and malware surge at the end of 2022, even as U.S. intelligence said the war was running at a "reduced tempo."

Governance & Risk Management

ISACA Survey: Privacy in Practice 2023 Highlights

Anna Delaney • January 26, 2023

ISACA's recently published Privacy in Practice 2023 survey report shares new research related to the privacy workforce, privacy skills, privacy by design and the future of privacy. Expert Safia Kazi shares ways organizations can align privacy goals with business objectives.

Fraud Management & Cybercrime

FBI Seizes Hive Ransomware Servers in Multinational Takedown

Akshaya Asokan , David Perera • January 26, 2023

The FBI penetrated the network of the Hive ransomware group, which has a history of attacking hospitals. A multinational operation seized the ransomware-as-a-service group's leak site and two servers located in Los Angeles. U.S. law enforcement said an investigation is ongoing.

Artificial Intelligence & Machine Learning

Protecting the Hidden Layer in Neural Networks

Steve King • January 26, 2023

In this episode of "Cybersecurity Unplugged," Chris "Tito" Sestito discusses technology to protect neural networks and artificial intelligence and machine-learning models, and John Kindervag explains how such technology fits into the zero trust framework.

Governance & Risk Management

Clinic Reports Tracking Pixel Breach Involving 3rd Party

Marianne Kolbasuk McGee • January 25, 2023

A Midwest specialty medical care clinic has reported to regulators a health data breach affecting 134,000 patients involving one of its critical partners' previous use of Meta Pixel and Google tracking codes embedded in its websites and patient portals.

Cybercrime

North Korean Crypto Hackers Keep Nose to the Grindstone

Mihir Bagwe • January 25, 2023

A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 in December unleashed a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind."

Government

VA: Contractors Have 1 Hour to Report a Security Incident

Marianne Kolbasuk McGee • January 24, 2023

An update to acquisition regulations within the Department of Veterans Affairs says that contractors have one hour to report a security and privacy incident. The clock starts ticking after the incident has been discovered. The department says the rule change only codifies an existing requirement.