How Innovative Security Tools Cut Video Piracy by 85%

Suparna Goswami • March 20, 2023

Video piracy is a major concern for security teams in the media industry. Commander Praveen Kumar, global CISO of media conglomerate Zee Entertainment and winner of ISMG's Dynamic CISO Excellence Award for ROI Champion, shares his secret for reducing piracy by 85%.

►

Governance & Risk Management

US SEC Amps Up Regulatory Proposals for Market Cybersecurity

Latest

Blockchain & Cryptocurrency

Hacker Exploits Months-Old Bug to Steal Crypto From ATMs

Rashmi Ramesh • March 20, 2023

Bitcoin ATM manufacturer General Bytes suspended its cloud services supporting more than 15,000 machines after a hacker exploited a vulnerability in its software to steal user passwords and private keys and made off with cryptocurrency worth millions of dollars.

Cybercrime

How Russia's Ukraine War Disrupted the Cybercrime Ecosystem

Mathew J. Schwartz • March 20, 2023

Russia's invasion of Ukraine in 2022 threw Russia's cybercrime ecosystem into a state of upheaval that still exists to this day. "We identified disruptions to literally every single form of commodified cybercrime," said Alexander Leslie, associate threat intelligence analyst at Recorded Future.

Healthcare

Lawsuit Against Clinic Seeks Long List of Cyber Improvements

Marianne Kolbasuk McGee • March 20, 2023

An Alabama cardiovascular clinic is facing a proposed class action lawsuit filed by one of the nearly 442,000 individuals affected by a data exfiltration breach reported last month. The lawsuit seeks a detailed list of security improvements by the clinic and 10 years of court compliance monitoring.

Incident & Breach Response

Finding the Right Strategy for Building Cybersecurity Skills

Suparna Goswami • March 20, 2023

ISMG presented the 2023 Dynamic CISO Award to Vaibhav Tole, director of global cybersecurity at Cyient, who developed skills internally and created a team to handle incident response in-house. ISMG caught up with Tole at the conference to understand how he is doing more with less these days.

Account Takeover Fraud

Fresh Vishing Campaign Targeting South Korean Users

Prajeet Nair • March 20, 2023

Criminal hackers are targeting South Koreans with an Android Trojan that dupes victims into handing over payment card data by faking phone conversations with lenders. Developers are using "several unique evasions that we had not previously seen in the wild," Check Point researchers write.

3rd Party Risk Management

Hitachi Energy Latest Victim of Clop GoAnywhere Attacks

Prajeet Nair • March 18, 2023

Hitachi Energy joined the ranks of victims hit by the Clop ransomware group, which has exploited a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT. Clop claimed responsibility for the hack, which compromised networks used by 130 different organizations.

Breach Notification

FBI Says It Arrested BreachForums Mastermind 'Pompompurin'

Prajeet Nair • March 18, 2023

Federal agents arrested the alleged administrator of the criminal underground forum BreachForums, tracing him to a small town in New York's Hudson Valley. FBI agents say Conor Brian Fitzpatrick, a resident of Peekskill, confessed to being "Pompompurin."

Governance & Risk Management

European Digital Identity Bill Heads to Final Negotiations

Akshaya Asokan • March 17, 2023

The European Parliament on Thursday approved legislation creating a continentwide framework for digital identity that European leaders hope will diminish the role of big tech companies such as Google and Apple. Members of the European Parliament have pushed for additional privacy measures.

Incident & Breach Response

Rail Yatri Chastised for Breach Affecting Over 30M Customers

Jayant Chakravarti • March 17, 2023

The union government chastised the operator of Indian Railways ticket booking website Rail Yatri for failing to prevent a December data leak that compromised the personal information of 30 million users. The breach came to light when a criminal underground forum user put the data up for sale.

Network Firewalls, Network Access Control

Chinese Hackers Targeting Security and Network Appliances

Prajeet Nair • March 17, 2023

Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch. Mandiant researchers say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes.

Governance & Risk Management

What the FTC Is Signaling in Recent Data Privacy Cases

Marianne Kolbasuk McGee • March 17, 2023

The Federal Trade Commission's recent actions against two companies in separate health data privacy cases are significant developments signaling the FTC's "aggressive push" to enforce violations involving disclosures of consumer health data to third parties, said attorney Kirk Nahra of WilmerHale.

Fraud Management & Cybercrime

TikTok Says US Threatens Ban Unless Chinese Owners Divest

Mathew J. Schwartz • March 17, 2023

TikTok says the Biden administration has demanded that the company's Chinese owners divest their stake in the company or risk seeing the app get banned in America. The U.S., Canada, EU, U.K. and New Zealand have all banned the use of TikTok on government devices, citing national security concerns.