Optus CEO Kelly Bayer Rosmarin speaks on Friday to Sky News Australia.

Optus Attacker Halts AU$1.5 Million Extortion Attempt

Jeremy Kirk • September 27, 2022

The person who stole nearly 10 million customer records from Australian telco Optus withdrew their AU$1.5 million extortion attempt after suddenly releasing 10,000 customer records. Also, Optus says it has not paid a ransom as it grapples with one of the largest data breaches in the country.

►

Application Security

Darktrace's Nicole Eagan on How AI Predicts, Prevents Hacks

Latest

PCI Standards

PCI DSS 4.0: How to Comply With New Security Requirements

Suparna Goswami • September 27, 2022

Earlier this year, the PCI Security Standards Council issued version 4.0 of PCI DSS. Two experts from Verizon, Ferdinand Delos Santos and Roko Zaman, discuss the new requirements of the regulations and strategies for implementing them to reduce risk and improve an organization’s overall security.

Fraud Management & Cybercrime

LockBit Publishes Stolen Data as Hospital Rejects Extortion

Mihir Bagwe • September 26, 2022

Ransomware hackers made good on a threat to publish patient and staff data stolen from a French hospital after administrators said they refused on principal to pay out. François Braun, French minister of social affairs and health, said that the government will "not give in to these criminals."

Governance & Risk Management

OT Security Shorted by Nuclear Weapon Oversight Agency

Prajeet Nair • September 26, 2022

The U.S. federal agency responsible for the ongoing functionality of the nuclear weapons stockpile hasn't gotten its arms around how to secure operational technology, says the Government Accountability Office. More than 200,000 unique pieces of OT are deployed across nuclear weapon centers.

Cyberwarfare / Nation-State Attacks

Feds: Chinese Hacking Group Undeterred by Indictment

Marianne Kolbasuk McGee • September 26, 2022

Two federal indictments against APT41, a Chinese state-sponsored hacking group, haven't slowed down its operations, the U.S. government acknowledges in a warning telling the healthcare sector to be vigilant about the threat actor. The hackers are believed to be at large, likely in China.

Finance & Banking

Assessing Growing Cyberthreats to Africa's Financial Sector

Anna Delaney • September 26, 2022

Financial services firms in Africa are becoming bigger cyber targets as they expand into new mobile payment and financial inclusion products. Rob Dartnall of Security Alliance explains why these firms need to invest in information sharing, training and new cybersecurity practices to avoid breaches.

Cybercrime

Metador Threat Group Targets Telcos, ISPs and Universities

Prajeet Nair • September 24, 2022

Researchers uncovered a never-before-seen advanced threat actor dubbed Metador targeting telecommunications, internet service providers and universities in several countries in the Middle East and Africa for cyberespionage. They found two different Windows-based malware platforms.

Business Email Compromise (BEC)

HHS HC3 Warns Health Sector of Monkeypox Phishing Schemes

Marianne Kolbasuk McGee • September 23, 2022

Scammers are taking advantage of the monkeypox virus outbreak to launch phishing campaigns targeting healthcare providers and public health organizations to harvest credentials, the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center says.

Business Email Compromise (BEC)

Sweepstakes Spam Hackers Used Microsoft Infrastructure

Prajeet Nair • September 23, 2022

Hackers behind a campaign of deceptive sweepstakes spam hacked their way into Azure cloud accounts that lacked multifactor authentication and obtained admin privileges for Exchange servers. Microsoft advises turning on MFA and other measures such as conditional access.

Multi-factor & Risk-based Authentication

ISMG Editors: How a Teen's Hack of Uber Adds to MFA Crisis

Anna Delaney • September 23, 2022

In the latest weekly update, ISMG editors discuss the industrywide implications of a teenager hacking into Uber's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter.

Fraud Management & Cybercrime

Ransomware's Future: A Continuing Money Spinner

Jeremy Kirk • September 23, 2022

What is the future of ransomware, and is it going to continue with the same intensity of the last few years? Michael DeBolt of Intel 471 says anti-ransomware efforts, including government action and better cybersecurity practices, are working. But ransomware isn't going away soon.

Fraud Management & Cybercrime

Portuguese Airliner Vows Defiance Against Extortion Hackers

Mihir Bagwe • September 22, 2022

The chief executive of Portugal's state-owned airline said she will not negotiate with hackers even as the Ragnar Locker ransomware-as-a-service group posted online the data of 1.5 million customers. "We hope you support us in this ethical attitude," said Christine Ourmières-Widener.

Cybercrime

Capital One Moves Past 2019 Hacking Incident

David Perera • September 22, 2022

Credit card giant Capital One is moving past its 2019 hacking incident as federal regulators stop requiring quarterly updates on efforts to improve cybersecurity and a federal judge signs off on a $190 million settlement in a proposed class action lawsuit.