Indian Stock Exchanges Have 6 Hours to Report Cyber Incident

Mihir Bagwe • July 1, 2022

India's stock brokers and depository participants must now report all cyberattacks and breaches to the Securities and Exchange Board of India within six hours of detection under a mandate implementing what is likely the world's tightest breach reporting timeline requirement.

Email Security & Protection

XM Cyber Buys Cyber Observer to Better Spot Cyber Exposures

Latest

Cybercrime

Evilnum Hacking Group Updates TTPs Targeting Fintech

Prajeet Nair • July 2, 2022

The Evilnum hacking group has updated its tactics, techniques and procedures, now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. First seen in 2018, the group mainly targets fintech firms in the U.K. and Europe.

Cryptocurrency Fraud

US DOJ Targets Baller Ape Rug Pull and Other Crypto Fraud

Prajeet Nair • July 1, 2022

The U.S. Department of Justice is touting a string of indictments against accused cryptocurrency and NFT fraudsters, including against a Vietnamese man who is allegedly behind the Baller Ape rug pull, the largest such NFT fraud to date. Rug pulls are the largest form of cryptocurrency-based crime.

Cyberwarfare / Nation-State Attacks

ISMG Editors: Russia's War Has Changed the Cyber Landscape

Anna Delaney • July 1, 2022

Four ISMG editors discuss important issues, including how Russia's cyber and kinetic wars in Ukraine have changed the cybersecurity landscape, what recent layoffs at cybersecurity firms mean for the industry and how cybercriminals are taking a page out of the white hat hacker playbook

3rd Party Risk Management

Malware Disrupts Multiple US State Unemployment Websites

Mihir Bagwe • July 1, 2022

Unemployment benefits websites across the United States are offline after a malware attack was detected at third-party vendor Geographic Solutions Inc. The vendor, which serves dozens of state labor departments, says no personally identifiable information has been affected by the attack.

Governance & Risk Management

The Mounting Threats to Sensitive Data After Roe v. Wade

Marianne Kolbasuk McGee • July 1, 2022

Location data, browser history, IP addresses, and appointment scheduling are among the sensitive data putting individuals' privacy at risk in the wake of the decision to overturn Roe v. Wade, says Alexandra Reeve Givens of the Center for Democracy and Technology.

Cryptocurrency Fraud

North Korea Behind $100M Harmony Theft, Say Researchers

David Perera • June 30, 2022

Cryptocurrency experts are fingering North Korea as likely responsible for the cryptocurrency theft of $100 million from the Harmony Horizon bridge. North Korea fuels its nuclear weapons program with stolen cryptocurrency used to dodge international sanctions that prevent ready access to cash.

Governance & Risk Management

HHS Tackles Data Privacy Concerns Linked to Abortion Ruling

Marianne Kolbasuk McGee • June 30, 2022

Federal regulators issued health privacy guidance for medical providers and patients and promised to make privacy violations a top HIPAA enforcement priority in the wake of the U.S. Supreme Court overturning Roe v. Wade, the five-decade precedent that guaranteed nationwide access to abortion.

Biometrics

Token Snags Ex-OneSpan Revenue Leader John Gunn as New CEO

Michael Novinson • June 30, 2022

Token selected former OneSpan CRO John Gunn as CEO to scale the organization and prepare its wearable authentication ring for large-scale production. Gunn is tasked with sourcing the critical components needed to manufacture the ring and building a base of paying clients for the biometric tool.

Cybercrime

Ukrainian Cops Arrest Phishing Gang That Stole $3.4 Million

Prajeet Nair • June 30, 2022

Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.

Governance & Risk Management

The Right Way to Change Your Identity Service Providers

Suparna Goswami • June 30, 2022

Markus Kalka, head of security authentication services at Takeda, talks about the challenges of changing identity service providers and shares the experience of consolidating three services into one at his company, a Japanese multinational pharmaceutical.

CISO Trainings

Profiles in Leadership: Rob Hornbuckle

Mathew J. Schwartz • June 30, 2022

Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.

Fraud Management & Cybercrime

Zero Trust Architecture: No Firewalls or VPNs

Anna Delaney • June 30, 2022

The latest edition of the ISMG Security Report describes why firewalls and VPNs don't belong in Zero Trust design. It also discusses cybercriminals' evolving ransomware tactics and the devastating price of responding to a ransomware attack, as experienced by Travelex in 2019.