Latest

Events

'Stronger Together' - Preview of RSA Conference 2023

Tom Field  •  March 28, 2023

"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.

Blockchain & Cryptocurrency

North Korean Threat Groups Steal Crypto to Pay for Hacking

Rashmi Ramesh  •  March 28, 2023

North Korean hackers are stealing cryptocurrency to fund operations under an apparent mandate from Pyongyang to be self-sufficient, threat intel firm Mandiant says. The regime probably expected its hackers to pay their own way before 2020, but the novel coronavirus pandemic exacerbated its demands.

Cybercrime

Latitude Financial Admits 14M Customer Details Breached

Prajeet Nair  •  March 27, 2023

A hacking incident at Australian non-bank lender Latitude Financial affected a far greater number of individuals than initially disclosed, the company said Monday. It now estimates that its mid-March cybersecurity incident affected 14 million people although it has just over 2.8 million customers.

Fraud Management & Cybercrime

TikTok Faces Further Bans in Europe

Akshaya Asokan  •  March 27, 2023

The French government imposed a ban on TikTok and other social media apps after concluding that "recreational apps" lack sufficient "levels of cybersecurity and protection of data to be deployed on administrative equipment," said Stanislas Guerini, the minister of transformation and public service.

Fraud Management & Cybercrime

NY AG Hits Law Firm With $200K Settlement in Health Breach

Marianne Kolbasuk McGee  •  March 27, 2023

A New York medical malpractice law firm will pay $200,000 and implement data security improvements to settle a HIPAA enforcement action by the state attorney general's office following a 2021 ransomware attack by LockBit. Law firm Heidell, Pittoni, Murphy & Bach paid the hackers $100,000 in 2021.

Fraud Management & Cybercrime

Twitter Says Source Code Leaked on GitHub, Files Subpoena

Mihir Bagwe  •  March 27, 2023

Twitter says its source code was leaked by an unknown user on the popular open-source code collaboration platform GitHub. The social media giant requested a subpoena from a federal court Monday to force GitHub to provide details about the person behind the partial code leak.

Cyberwarfare / Nation-State Attacks

US Limits Government Use of Advanced Smartphone Spyware

David Perera  •  March 27, 2023

The U.S. government limited its use of advanced surveillance software such as Pegasus through an executive order prohibiting agencies from buying licenses for spyware used by foreign governments to spy on dissidents. The order does not outright stop the government from purchasing spyware.

►

Fraud Management & Cybercrime

Ransomware Groups Seek Fresh Tactics Following Hive Takedown

Mathew J. Schwartz  •  March 27, 2023

Stung by the FBI's infiltration and takedown of the Hive ransomware group, other ransomware operators have been retooling their approaches to make their attacks more effective and operations tougher to disrupt, says Yelisey Bohuslavskiy, chief research officer at threat intelligence firm Red Sense.

Cybercrime

Indian Police Charge Gang With Stealing 168M Citizens' Data

Jayant Chakravarti  •  March 27, 2023

Indian police busted six members of an alleged criminal gang that sold the personal data of 168 million Indian citizens, including defense personnel and government employees. Cyberabad Metropolitan Police Commissioner Stephen Raveendra called the operation a national security risk.

►

Governance & Risk Management

Harnessing the Power of Security Consolidation, Automation

Shipra Malhotra  •  March 27, 2023

Studies indicate that on average most enterprises use 25 to 49 security tools sourced from up to 10 different vendors. To make this environment easier to manage, CISOs should adopt an integrated approach driven by consolidation and automation, says Microsoft's Terence Gomes.

►

Governance & Risk Management

Finding the Right Strategy for Implementing OT Security

Prajeet Nair  •  March 27, 2023

OT and SCADA security must be designed around protecting system availability, understanding OT-specific protocols and blocking attacks that target legacy systems commonly used in OT environments. CISO Hitesh Mulani of Mahindra & Mahindra shares advice on implementing OT security.

►

Governance & Risk Management

A Business-Centric Approach to Cybersecurity Strategy

Brian Pereira  •  March 27, 2023

The business world is going through a phase of hyper transformation and hyper digitalization. So, the building blocks of a cybersecurity strategy are quite different from what they were a few years ago. CISOs now need to prioritize threats in the context of their businesses.