Image: Shutterstock

CloudSEK Pins Blames for Hack on Other Cybersecurity Firm

Akshaya Asokan • December 7, 2022

Indian cybersecurity firm CloudSEK says another cybersecurity firm used a compromised collaboration platform credential to obtain access to its training webpages. CEO Rahul Sasi did not identify the alleged perpetrator says the hacker did not obtain access to the company code base and database.

Artificial Intelligence & Machine Learning

Brooklyn Hospitals Decried for Silence on Cyber Incident

Latest

Cyberwarfare / Nation-State Attacks

North Korean Hackers Look to Internet Explorer Zero Days

Mihir Bagwe • December 7, 2022

Microsoft Office's use of Internet Explorer to render HTML is the gift that keeps giving for North Korean hackers. Security researchers at Google say they spotted a Pyongyang threat actor using a now-patched JavaScript engine flaw via a malicious Office document.

Fraud Management & Cybercrime

CommonSpirit: Patients' Data Breached in Ransomware Attack

Marianne Kolbasuk McGee • December 7, 2022

Patients of at least seven hospitals affiliated with CommonSpirit have been affected by a data breach involving the Chicago-based hospital chain's October ransomware incident. None of the affected hospitals appear to have filed a breach report with the U.S. Department of Health and Human Services.

Encryption & Key Management

Apple to Enable End-to-End Encryption of iCloud Backups

David Perera • December 7, 2022

Smartphone giant Apple says that starting later this year, users can enable end-to-end encryption of iPhone backups stored in the company's commercial cloud. Apple took pains to frame its announcement in the context of cloud computing data breaches.

Geo Focus: The United Kingdom

Legacy Apps at UK Agency Create Cyber Risk, Warns Watchdog

Akshaya Asokan • December 7, 2022

The U.K. Department for Environment, Food and Rural Affairs relies heavily on applications no longer supported by their vendor. Current levels of modernization spending are not sufficient to "reduce cybersecurity and resilience risks to an acceptable level," warns the National Audit Office.

Endpoint Detection & Response (EDR)

SentinelOne Pushes Upmarket to Minimize Effects of Slowdown

Michael Novinson • December 6, 2022

SentinelOne plans to go after more Fortune 500 and Global 2000 organizations as the economic downturn prompts customers to shrink the size of their purchases. Over the past year, the company doubled the number of clients spending at least $100,000 and $1 million with SentinelOne annually.

Fraud Management & Cybercrime

Ransomware Attack in New Zealand Has Cascading Effects

Mihir Bagwe • December 6, 2022

A ransomware attack on a New Zealand third-party managed IT service provider affected several government agencies across the country - including the Ministry of Justice and the national health authority. Investigations are ongoing to determine the incident's full impact.

Application Security

Aqua CEO on Why Cloud-Native Apps Need Supply Chain Security

Michael Novinson • December 6, 2022

Software has increasingly relied on components developed by third parties or from open-source libraries, which Aqua Security CEO Dror Davidoff says injects additional risk. On-premises environments are still managed in more traditional ways, with the development and production phases totally siloed.

Industry Specific

How Deepfakes and Misinformation Attacks Threaten Healthcare

Marianne Kolbasuk McGee • December 6, 2022

The prospect of attackers using voice impersonation, deepfake technologies and misinformation against healthcare sector entities is a serious threat that entities need to be closely monitoring, says Dave Summit, vice president of cybersecurity at Florida Cancer Specialists and Research Institute.

Cybercrime

US Prosecutors Unspool xDedic Criminal Marketplace Cases

Prajeet Nair • December 6, 2022

The 2019 seizure by U.S. law enforcement of online criminal marketplace xDedic is paying dividends for lawyers unrolling prosecutions of accused fraudsters who allegedly obtained compromised credentials from the site. The FBI and IRS estimate that xDedic facilitated more than $68 million in fraud.

Government

Profiles in Leadership: Shannon Lawson

Michael Novinson • December 6, 2022

Governance issues for public sector CISOs tend to focus more on shifting culture rather than maximizing efficiency for shareholders, as is expected from private sector security leaders. City of Phoenix CISO Shannon Lawson shares why good communication is crucial when a city council is involved.

DevSecOps

Profiles in Leadership: Kalpesh Doshi

Mihir Bagwe • December 6, 2022

Kalpesh Doshi has come a long way in cybersecurity. When he started out, some people mistakenly thought he was a security guard. Today, he has two decades of experience in information security, security audits, risk management and data protection, regulations, global standards and compliance.

Governance & Risk Management

Zero Trust Continuous Authentication: Getting It Right

Suparna Goswami • December 6, 2022

An important aspect of zero trust is continuous adaptive authentication, in which a user is authenticated continuously throughout the session, but implementing this technology poses many practical challenges. Three experts discuss ways to overcome technical issues and user resistance to change.