Profiles in Leadership: Avinash Dharmadhikari, CISO, Persistent Systems

Suparna Goswami • September 23, 2021

Avinash Dharmadhikari, the CISO of Persistent Systems, a technology services company headquartered in India, has no complaints about managing different functions under security. He discusses building a security culture in his organization.

3rd Party Risk Management

IT-OT Convergence: Taking the Right Security Measures

Latest

Anti-Phishing, DMARC

Microsoft Analyzes Phishing-as-a-Service Operation

Doug Olenick • September 22, 2021

Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign. The gang remains operational.

Application Security

Researcher Finds Exposed Data of 106 Million Thai Visitors

Mihir Bagwe • September 22, 2021

Researcher Bob Diachenko has discovered an unsecured database containing personal information of 106 million foreign nationals who have visited Thailand in the past decade. The 200GB database, which has now been secured, has not been accessed by unauthorized personnel, Thai authorities say.

Critical Infrastructure Security

Ransomware Reportedly Hits Iowa Farm Services Cooperative

Scott Ferguson , Doug Olenick • September 20, 2021

NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports. The cooperative is working with law enforcement agencies.

Blockchain & Cryptocurrency

Hacker Makes Off With $12 Million in Latest DeFi Breach

Dan Gunderman • September 20, 2021

In the latest security incident involving a decentralized finance protocol, cross-chain project pNetwork announced Sunday it had been hacked for 277 pBTC, a form of wrapped bitcoin, with losses worth over $12 million at current value.

Application Security

No Bounty for Bug Hunters in India

Soumik Ghosh • September 20, 2021

While there is no dearth of talent among Indian bug bounty hunters, hurdles such as lack of trust, payment disputes, cost, unethical practices and lack of regulatory laws deter the growth of the bug bounty programs in the country, according to some experts.

COVID-19

DNS Security: Enhanced Visibility and Security Controls

Geetha Nandikotkur • September 20, 2021

As DNS remains a favorite target for attack vectors, organizations need to build unified security by establishing harmonized DNS traffic and communication to prevent data exfiltration, say Alvin Rodrigues and Pankaj Chawla from Infoblox.

Cybercrime as-a-service

Importance of Medical Ethics in Cybersecurity

Suparna Goswami • September 20, 2021

Medical ethics can no longer be separated from cybersecurity in healthcare as we need to think of cyberattacks in the context of clinical outcomes, says Christopher Frenz, information security officer at Mount Sinai South Nassau, a medical care provider.

Business Continuity Management / Disaster Recovery

Is White House Crackdown on Ransomware Having Any Effect?

Mathew J. Schwartz • September 17, 2021

The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits.

Business Continuity Management / Disaster Recovery

Is Grief's Threat to Wipe Decryption Key Believable?

Doug Olenick • September 16, 2021

Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom negotiator, analysts are calling this a desperate ploy to scare a target into paying the ransom demand.

CISO Trainings

Profiles in Leadership: Tim Nedyalkov, Commonwealth Bank

Jeremy Kirk • September 16, 2021

Cloud-based services are affecting governance, risk management and compliance practices in Australia, says Tim Nedyalkov, who is a technology information security officer with Commonwealth Bank. He discusses the differences between how managers and practitioners approach the problems.

Access Management

Microsoft Fully Ditches the Password

Doug Olenick • September 15, 2021

Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Access Management

Travis CI Flaw Exposed Secrets From Public Repositories

Jeremy Kirk • September 15, 2021

Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.