Marriott Confirms Data Breach, Says Core Network Unaffected

Mihir Bagwe • July 6, 2022

Hotel chain Marriott International Inc. confirmed reports of a data breach and attempted extortion incident. Unknown hackers claim to have stolen 20 gigabytes worth of data but the hospitality giant tells ISMG only one system was compromised and no critical business or customer data was exposed.

Breach Notification

OpenSea Customer Emails Exposed in Third-Party Breach

Latest

Fraud Management & Cybercrime

Feds Warn Healthcare Sector of 'Maui' Ransomware Threats

Marianne Kolbasuk McGee • July 6, 2022

Federal authorities are alerting healthcare and public health sector entities of threats involving North Korean state-sponsored "Maui" ransomware. Attackers use the malware to maliciously encrypt diagnostics procedures, medical imaging, and medical center intranet services.

Leadership & Executive Communication

Profiles in Leadership: Deborah Haworth

Anna Delaney • July 6, 2022

Expectations for CISOs and their teams are at an all-time high, says Deborah Haworth, CISO of Penguin Random House UK. "Over the past two years, we've had a number of organizations pivot the way they work, which brings increased security challenges" and increases pressure on employees, she says.

Security Information & Event Management (SIEM)

Swimlane Raises $70M to Grow Security Automation Outside US

Michael Novinson • July 6, 2022

Swimlane has raised $70 million to expand its clientele beyond the Fortune 2000 and acquire more customers in Europe and Asia-Pacific. The company plans to hire more personnel focused on sales, marketing and partnerships to make the company's low-code security automation platform accessible.

Big Data Security Analytics

IBM Buys Startup Databand.ai to Address Data Quality Issues

Michael Novinson • July 6, 2022

IBM has purchased a data observability startup to help organizations address data errors, pipeline failures and poor quality before it affects their bottom line. Databand.ai will help businesses ensure that trustworthy data is being put into the hands of the right users at the right time.

Cyberwarfare / Nation-State Attacks

US Government Picks Quantum-Resistant Encryption Algorithms

David Perera • July 5, 2022

The National Institute of Standards and Technology today announced a first group of encryption algorithms designed to withstand the assault of a future quantum computer. Selection of the four algorithms comes after six years of evaluation by the U.S. federal agency.

Governance & Risk Management

Django Software Foundation Patches High-Severity Bug

Mihir Bagwe • July 5, 2022

The Django web framework patched a high-severity vulnerability affecting its main branch and three other versions - 3.2, 4.0 and 4.1. Developers who match inputs against safelists are unaffected. There are more than 91,000 websites using the Django framework, many of them based in the United States.

Cloud Security

RSA Conference 2022 Compendium: 150+ Interviews and More

Information Security Media Group • July 5, 2022

Welcome to ISMG's compendium of RSA Conference 2022. The 31st annual conference covered a wide range of topics including cybercrime, cyberwarfare, zero trust, supply chain risk, ransomware, OT security, cyber insurance and jobs. Access 150+ interviews with the top speakers and influencers.

Business Continuity Management / Disaster Recovery

US, Israel Initiate Cybersecurity Collaboration Program

Mihir Bagwe • July 4, 2022

The U.S. and Israel have agreed to a new joint cybersecurity program called BIRD Cyber to enhance the cyber resilience of both countries' critical infrastructures. Grants of up to $1.5 million will be given to entities who jointly develop advanced cybersecurity applications under this program.

3rd Party Risk Management

Constant Vigilance Demanded - Cyber 'Not Just Another Risk'

Tony Morbin • July 4, 2022

The Biden executive order on cybersecurity was a catalyst for action, with tight delivery times for steps including promotion of SBOMs and zero trust. The cyber-physical nexus and expanding threat surface mean it's not easy to maintain vigilance, but recognizing that is the first step.

Cybercrime

Evilnum Hacking Group Updates TTPs Targeting Fintech

Prajeet Nair • July 2, 2022

The Evilnum hacking group has updated its tactics, techniques and procedures and now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. First seen in 2018, the group mainly targets fintech firms in the U.K. and Europe.

Cryptocurrency Fraud

US DOJ Targets Baller Ape Rug Pull and Other Crypto Fraud

Prajeet Nair • July 1, 2022

The U.S. Department of Justice is touting a string of indictments against accused cryptocurrency and NFT fraudsters, including against a Vietnamese man who is allegedly behind the Baller Ape rug pull, the largest such NFT fraud to date. Rug pulls are the largest form of cryptocurrency-based crime.

Cyberwarfare / Nation-State Attacks

ISMG Editors: Russia's War Has Changed the Cyber Landscape

Anna Delaney • July 1, 2022

Four ISMG editors discuss important issues, including how Russia's cyber and kinetic wars in Ukraine have changed the cybersecurity landscape, what recent layoffs at cybersecurity firms mean for the industry and how cybercriminals are taking a page out of the white hat hacker playbook