Harnessing the Power of Security Consolidation, Automation

Shipra Malhotra • March 27, 2023

Studies indicate that on average most enterprises use 25 to 49 security tools sourced from up to 10 different vendors. To make this environment easier to manage, CISOs should adopt an integrated approach driven by consolidation and automation, says Microsoft's Terence Gomes.

►

Endpoint Security

GitHub Replaces Private RSA SSH Key After Public Exposure

Latest

Fraud Management & Cybercrime

TikTok Faces Further Bans in Europe

Akshaya Asokan • March 27, 2023

The French government imposed a ban on TikTok and other social media apps after concluding that "recreational apps" lack sufficient "levels of cybersecurity and protection of data to be deployed on administrative equipment," said Stanislas Guerini, the minister of transformation and public service.

Fraud Management & Cybercrime

NY AG Hits Law Firm With $200K Settlement in Health Breach

Marianne Kolbasuk McGee • March 27, 2023

A New York medical malpractice law firm will pay $200,000 and implement data security improvements to settle a HIPAA enforcement action by the state attorney general's office following a 2021 ransomware attack by LockBit. Law firm Heidell, Pittoni, Murphy & Bach paid the hackers $100,000 in 2021.

Fraud Management & Cybercrime

Twitter Says Source Code Leaked on GitHub, Files Subpoena

Mihir Bagwe • March 27, 2023

Twitter says its source code was leaked by an unknown user on the popular open-source code collaboration platform GitHub. The social media giant requested a subpoena from a federal court Monday to force GitHub to provide details about the person behind the partial code leak.

Finance & Banking

First Citizens CEO: We'll Preserve Strong SVB Bond With VCs

Michael Novinson • March 27, 2023

Silicon Valley Bank's new owner plans to double down on business with venture capital and private equity firms and the portfolio companies they serve. VC and PE-focused business accounts form the largest segment of the combined $143 billion loan portfolio of First Citizens and Silicon Valley Bank.

Cyberwarfare / Nation-State Attacks

US Limits Government Use of Advanced Smartphone Spyware

David Perera • March 27, 2023

The U.S. government limited its use of advanced surveillance software such as Pegasus through an executive order prohibiting agencies from buying licenses for spyware used by foreign governments to spy on dissidents. The order does not outright stop the government from purchasing spyware.

Fraud Management & Cybercrime

Ransomware Groups Seek Fresh Tactics Following Hive Takedown

Mathew J. Schwartz • March 27, 2023

Stung by the FBI's infiltration and takedown of the Hive ransomware group, other ransomware operators have been retooling their approaches to make their attacks more effective and operations tougher to disrupt, says Yelisey Bohuslavskiy, chief research officer at threat intelligence firm Red Sense.

Cybercrime

Indian Police Charge Gang With Stealing 168M Citizens' Data

Jayant Chakravarti • March 27, 2023

Indian police busted six members of an alleged criminal gang that sold the personal data of 168 million Indian citizens, including defense personnel and government employees. Cyberabad Metropolitan Police Commissioner Stephen Raveendra called the operation a national security risk.

Business Continuity Management / Disaster Recovery

Empowering a Cyber-Resilient Enterprise

Brian Pereira • March 27, 2023

The increasing volume, frequency and sophistication of cyberattacks has made cyber resiliency a top priority for security leaders. But there are certain roadblocks to overcome before an organization can be cyber resilient, advise Samir Mishra and Navin Mehra of Cisco.

Finance & Banking

First Citizens-SVB Deal Gives Startups, VCs More Certainty

Michael Novinson • March 27, 2023

Cybersecurity startups that for decades turned to Silicon Valley Bank in a pinch will now find themselves working with a 125-year-old, North Carolina-based institution. First Citizens Bank has bought all Silicon Valley Bank deposits and loans from the FDIC, which rescued the bank after its collapse.

Cybercrime

3-Year JS Injection Campaign Targets 51,000 Websites

Prajeet Nair • March 25, 2023

A widespread ongoing malicious JavaScript injection campaign first detected in 2020 has targeted over 51,000 websites, redirecting victims to malicious content such as adware and scam pages. Attackers are using several obfuscation tactics to bypass detection.

3rd Party Risk Management

Clop GoAnywhere Attacks Have Now Hit 130 Organizations

Prajeet Nair • March 25, 2023

So far, the Clop ransomware group campaign using a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT, has compromised networks used by 130 different organizations. The gang has so far taken responsibility for over 50 hacks.

Cybercrime

How BreachForums' 'Pompompurin' Led the FBI to His Home

David Perera • March 24, 2023

The alleged administrator of criminal online forum BreachForums may have thought he took steps to hide his real identity, but instead he left a trail of digital breadcrumbs that led to his arrest and prosecution, shows information unsealed in federal court.