Source: Google

Google Unveils Service to Secure Open-Source Dependencies

Michael Novinson • May 17, 2022

Google will offer customers access to the same technology it uses to lock down developer workflows to ensure open-source dependencies are addressed. Assured Open Source Software will allow clients to ensure third-party software they're using is scanned, analyzed and fuzz-tested for vulnerabilities.

►

Cybercrime

COVID Delays Patching of Vulnerable Konica Minolta Printers

Latest

Cryptocurrency Fraud

ACFE's Report to the Nations: The Rise of Crypto Fraud

Suparna Goswami • May 17, 2022

The Association of Certified Fraud Examiners, or ACFE, has released its study titled "Report to the Nations." Mason Wilder, research manager at the ACFE, shares some important findings from the report and discusses how occupational fraud is reported and which organizations are affected by it.

Application Security

CISA Removes Windows Flaw From Exploited Catalog List

Prajeet Nair • May 17, 2022

The U.S. Cybersecurity and Infrastructure Security Agency has announced that it is temporarily removing a Windows protection defect from its Known Exploited Vulnerability Catalog because of a risk of authentication failures after the recent Microsoft patch update.

Business Continuity Management / Disaster Recovery

Conti Says It Has 'Insiders' in Costa Rican Government

Mihir Bagwe • May 17, 2022

Ransomware actor Conti, which has been targeting Costa Rican government entities since April 2022, has claimed on its leak site Conti News that it has "insiders" in the country's government, and they are working toward the compromise of "other systems."

Critical Infrastructure Security

Feds Say 'Multi-Tasking Doctor' Built Thanos Ransomware

Mathew J. Schwartz • May 17, 2022

U.S. authorities have charged a cardiologist based in Venezuela with developing and selling multiple strains of ransomware, including Jigsaw and Thanos, as well as recruiting affiliates to use the crypto-locking malware against victims in return for a cut of any ransoms paid.

Electronic Healthcare Records

An Initiative to Enhance Patient ID, Record Matching

Marianne Kolbasuk McGee • May 17, 2022

A new initiative aims to create a standards-based nationwide patient credential and matching ecosystem to ultimately improve matching patients with their electronic health information, says Scott Stuewe, CEO of DirectTrust, the nonprofit, vendor-neutral organization that is leading the effort.

3rd Party Risk Management

Trusting Our Global Supply Chain

Steve King • May 17, 2022

In this episode of "Cybersecurity Unplugged," Tim Danks of Global Risk Perspectives discusses issues around trusting our global supply chain, including the role of Huawei, the steps needed to secure critical infrastructure, and the process for determining a comfortable level of risk management.

Breach Notification

AvosLocker Claims Data Theft From Another Healthcare Entity

Marianne Kolbasuk McGee • May 16, 2022

In its most recent assault against a healthcare entity, ransomware-as-a-service operator AvosLocker claims to be behind an attack allegedly involving data theft from Texas-based CHRISTUS Health, which operates hundreds of healthcare facilities in the U.S., Mexico and South America.

Business Continuity Management / Disaster Recovery

Italian Police Repel Online Attempt to Disrupt Eurovision

Mihir Bagwe • May 16, 2022

Italian police reportedly thwarted attempts to disrupt online voting for the music competition Eurovision, allegedly perpetrated by a hacking group called Killnet in retaliation for Russia not being allowed to compete at this year's festival, due to its invasion of Ukraine.

Breach Notification

EU Parliament, Council Agree on Cybersecurity Risk Framework

Prajeet Nair • May 16, 2022

The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.

Blockchain & Cryptocurrency

Cause for Concern? Ransomware Strains Trace to North Korea

Mathew J. Schwartz • May 16, 2022

If you were a nation with legions of hackers at your disposal, seeking to sidestep crippling international sanctions, would you look to ransomware to fund your regime? That question is posed by new research that finds state-sponsored North Korean hackers haven't stopped their ransomware experiments.

Cybercrime

Post-Exploitation Framework Targets Microsoft Servers

Brian Pereira • May 13, 2022

A post-exploitation framework dubbed IceApple has been targeting global organizations that use Internet Information Services - Microsoft's extensible web server software - and Microsoft Exchange servers since at least 2021, says Falcon OverWatch, the proactive threat hunting team at CrowdStrike.

3rd Party Risk Management

Tips to Improve Medical Device Vulnerability Communications

Marianne Kolbasuk McGee • May 13, 2022

New Health Sector Coordinating Council guidance aims to help medical device makers improve their communications regarding security vulnerabilities in their products, says Matt Russo, a security leader at Medtronic and a member of the task group that developed the document.