Latest

►

Biometrics

Payments Rules Bring Customer Authentication to Forefront

Michael Novinson  •  January 27, 2023

Payment regulations in Europe have forced retailers to implement strong authentication that's phishing-resistant and facilitates more customer understanding, says FIDO Alliance's Christina Hulka. This has spurred a push for clients to confirm what they're purchasing and how much they wish to spend.

Fraud Management & Cybercrime

Targets of Opportunity: How Ransomware Groups Find Victims

Mathew J. Schwartz  •  January 27, 2023

As ransomware continues to pummel numerous sectors, and lately especially the manufacturing industry, how does any given organization end up becoming a target or victim? Cybercrime watchers say the answer involves initial access brokers, botnets, targets of opportunity and, above all, profit.

Fraud Management & Cybercrime

FBI Seizes Hive Ransomware Servers in Multinational Takedown

Akshaya Asokan , David Perera  •  January 26, 2023

The FBI penetrated the network of the Hive ransomware group, which has a history of attacking hospitals. A multinational operation seized the ransomware-as-a-service group's leak site and two servers located in Los Angeles. U.S. law enforcement said an investigation is ongoing.

Governance & Risk Management

Clinic Reports Tracking Pixel Breach Involving 3rd Party

Marianne Kolbasuk McGee  •  January 25, 2023

A Midwest specialty medical care clinic has reported to regulators a health data breach affecting 134,000 patients involving one of its critical partners' previous use of Meta Pixel and Google tracking codes embedded in its websites and patient portals.

Cybercrime

Reported Data Breaches in US Reach Near-Record Highs

Mathew J. Schwartz  •  January 25, 2023

Data breaches in 2022 hit near-record levels as U.S. organizations issued 1,802 data breach notifications and more than 400 million individuals were affected. But only 34% of breach notifications included actionable information for consumers whose information was exposed.

Blockchain & Cryptocurrency

North Korean Hackers Attacked Horizon, Confirms FBI

Rashmi Ramesh  •  January 24, 2023

North Korea's Lazarus Group was behind the $100 million theft from the Horizon blockchain bridge, the U.S. federal government confirmed. The FBI vowed "to expose and combat North Korea's use of illicit activities - including cybercrime and virtual currency theft - to generate revenue."

Incident & Breach Response

Arvind Parthasarathi Launches Cygnvs Cyber Crisis Platform

Michael Novinson  •  January 24, 2023

Serial entrepreneur Arvind Parthasarathi has started the company Cygnvs, which streamlines and secures communication between internal and external stakeholders after a cyberattack. Cygnvs emerged from stealth with 90 employees, 1,000 customers, $55 million of funding and a generally available tool.

Cybercrime

Malware Blurs Line Between Banking Trojan and Surveillance

Mihir Bagwe  •  January 23, 2023

Android malware highlighted by Dutch cybersecurity firm ThreatFabric shows the line between a banking Trojan and advanced spyware. The Trojan, dubbed Hook, can take a screenshot, simulate clicks and input swipe gesture commands. It can also take control of WhatsApp.

Fraud Management & Cybercrime

Australia Initiates Global Ransomware Task Force Operations

Mihir Bagwe  •  January 23, 2023

Australia started operating an international ransomware task force to facilitate information sharing and best practices worldwide. “Recent cyber incidents in Australia and around the globe are a stark reminder of the insidious nature of ransomware," said Minister for Home Affairs Clare O'Neil.

►

Fraud Management & Cybercrime

ISMG Editors: Why Is LockBit Ransomware Group So Prolific?

Anna Delaney  •  January 20, 2023

In the latest weekly update, ISMG editors discuss why being a CISO is like being the first family doctor in a small village, why you can't trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt from Morgan Stanley to fuel its SASE offering.

Network Firewalls, Network Access Control

Fortinet VPN Flaw Shows Pitfalls of Security Appliances

Mihir Bagwe  •  January 20, 2023

Security appliances are targets for sophisticated threat actors who take advantage of devices' limited configuration and logging features, as well as their incompatibility with endpoint detection and response. Suspected Chinese hackers took advantage of a Fortinet zero-day to implant a backdoor.

Cybercrime

Hostile Takeover: Kraken Hacks Rival Darknet Market Solaris

Mathew J. Schwartz  •  January 20, 2023

Competition between rival Russian-language darknet markets remains fierce since police shuttered Hydra last year. The latest to fall dark is Solaris, which controlled an estimated 25% of the darknet drug trade. It got hacked by newcomer rival Kraken. But that wasn't Solaris' only problem.