LastPass Breach Exposes Customer Data

Prajeet Nair • December 1, 2022

Hackers stole customer information but not passwords when they broke into password manager LastPass' third-party cloud storage service, the company disclosed. An unauthorized party used information stolen during a dayslong incident in August to exfiltrate the data.

Cryptocurrency Fraud

Graphus' Amelia Paro on Why Phishing Has Exploded Since 2020

Latest

Cloud Security

Clumio CEO on Why AWS S3 Buckets Pose a Giant Security Risk

Michael Novinson • December 2, 2022

The need for AWS security has increased as S3 buckets have evolved from a dumping ground for data to the home for critical cloud-native applications, says Clumio co-founder and CEO Poojan Kumar. Information in S3 buckets is susceptible to both accidental deletions and cyberattacks.

Breach Notification

ISMG Editors: Twitter Breach May Be Worse Than Advertised

Anna Delaney • December 2, 2022

In the latest weekly update, ISMG editors discuss ways organizations commonly founder when implementing a zero trust strategy, what the latest version of India's digital data protection bill means for CISOs, and how a 2022 data breach confirmed by Twitter may be worse than initially thought.

Cryptocurrency Fraud

Hacked: What's the Next Step for Web3 Companies? - Part 2

Rashmi Ramesh • December 2, 2022

Web3 companies are under attack by cybercriminals all year. After a compromise occurs, how should organizations respond? In Part 2 of this interview, Martin Derka of Web3 security firm Quantstamp discusses short-term and long-term mitigation steps and how to defend against cryptocurrency theft.

Fraud Management & Cybercrime

Most Healthcare Ransomware Hits Include Patient Data Theft

Mathew J. Schwartz • December 2, 2022

Based on known ransomware attacks against the healthcare sector, here's good news: The volume of attacks seems to have declined, says Allan Liska, a principal intelligence analyst at Recorded Future. Unfortunately, most such attacks not only trigger downtime but include the theft of patient data.

Cloud Security

Zscaler CEO: 'Uncertainty Can Act as a Catalyst for Change'

Michael Novinson • December 1, 2022

Zscaler has notched large, multiyear, multipillar deals as the economic downturn prompts clients to seek replacements for expensive legacy point products, says CEO Jay Chaudhry. Clients are increasingly buying Zscaler's secure web gateway, private access and digital experience tools as one bundle.

Next-Generation Technologies & Secure Development

Elastic Lays Off Nearly 400 Employees as SMB Spend Dwindles

Michael Novinson • December 1, 2022

Security, observability and search vendor Elastic will shrink its workforce by 13% due to small and medium businesses reducing their purchases amid the economic downturn. Elastic will lay off nearly 400 of its 3,056 employees as it adopts an automated, low-touch motion for SMB customers.

Fraud Management & Cybercrime

Ransom Realpolitik: Paying for Data Deletion Is for Suckers

Mathew J. Schwartz • December 1, 2022

Ransomware-wielding attackers have myriad tactics for extorting victims, including demanding a stand-alone ransom for a promise to delete stolen data. But Coveware's Bill Siegel urges victims to never pay for such promises, in part because they rarely - if ever - get honored.

Fraud Management & Cybercrime

Why Ransomware Victims Avoid Calling It 'Ransomware'

Anna Delaney • December 1, 2022

The latest edition of the ISMG Security Report discusses why too few organizations admit to being victims of ransomware attacks, how delayed enterprise subscription start dates forced CrowdStrike to cut sales forecasts, and leveraging threat intelligence to protect critical infrastructure.

Governance & Risk Management

A Look Ahead: John Kindervag's Zero Trust Outlook for 2023

Tom Field • November 30, 2022

The foundation of a landmark presidential executive order and now a standard embraced by governments and enterprises globally, zero trust has come far in the past two years. Zero trust creator John Kindervag offers a progress report and insight into the key trends he sees shaping the new year.

Artificial Intelligence & Machine Learning

Open Systems Buys Tiberium to Automate Security on Microsoft

Michael Novinson • November 30, 2022

Open Systems has purchased an early-stage Microsoft-centric MSSP to help automate investigating, triaging and responding to basic security alerts. The Silicon Valley-based MDR provider says its acquisition of U.K.-based Tiberium will free up security analysts to focus on preventative defenses.

Cryptocurrency Fraud

How to Carry Out a Crypto Heist - Part 1

Rashmi Ramesh • November 30, 2022

Threat actors are targeting Web3 and making off with billions in stolen cryptocurrency. How do they find vulnerabilities and plan and execute attacks? How can you defend against such attacks? Martin Derka of Web3 security firm Quantstamp shares insights by walking a mile in a hacker’s shoes.

Blockchain & Cryptocurrency

UK Court Orders Crypto Firms to Share Data to Track Thieves

Rashmi Ramesh • November 30, 2022

A British judge ordered cryptocurrency trading platforms to divulge the identities of account holders accused of holding funds stolen from an English digital assets exchange. A change in civil procedure makes it easier for English judges to subpoena foreign entities in cases of financial fraud.