Russia-Ukraine War: Over 300 Cyber Operations Seen So Far

Mathew J. Schwartz • August 9, 2022

The ongoing Russia-Ukraine war has featured cyber operations being used to target Ukraine as well as Russia. But CyberPeace Institute, which tracks cyberattacks tied to the conflict, has so far seen 27 different countries being affected by more than 300 attacks, and many have affected civilians.

3rd Party Risk Management

Tech Alone Won't Defeat Advanced Spyware, US Congress Told

Latest

Fraud Management & Cybercrime

Hardware MFA Stops Attack on Cloudflare

Mihir Bagwe • August 10, 2022

Cloudflare credits hardware multifactor authentication with preventing bad actors behind a targeted phishing campaign from gaining access to its internal systems. Although attackers siphoned employee credentials, the hard key authentication requirement stopped attackers from snatching a soft token.

Fraud Management & Cybercrime

Microsoft Patches 'DogWalk' Zero-Day in August Patch Tuesday

Prajeet Nair • August 10, 2022

More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk. The fix is part of the operating system giant's newest Patch Tuesday dump, which includes patches for 141 flaws.

Black Hat

Black Hat 2022 Opens Today With Focus on Emerging Threats

Michael Novinson • August 10, 2022

Black Hat 2022 kicks off today with security experts sharing cutting-edge research and insights through demos, technical trainings and hands-on labs. Keynote speaker Chris Krebs will discuss risk trends in cybercrime, geopolitical threats and what they mean for tomorrow's network defenders.

Black Hat

Lacework's Kate MacLean on Securing Users Across Many Clouds

Michael Novinson • August 10, 2022

Lacework has used the $1.3 billion raised to strengthen its multi-cloud support, giving customers better visibility across development and production environments. The company is able to identify elusive threats and zero-day vulnerabilities by finding spikes in anomalous activity.

Black Hat

Aparna Rayasam on How Trellix Plans to Boost XDR Protection

Michael Novinson • August 10, 2022

An open architecture, a single pane of glass and robust endpoint security are vital to fueling Trellix's growth in XDR, says Chief Product Officer Aparna Rayasam. Trellix has given customers a unified view into their security posture for configuration, reporting and forensic purposes.

Next-Generation Technologies & Secure Development

Ken Xie on Why Fortinet Is Leaning Into SD-WAN, OT Security

Michael Novinson • August 10, 2022

Fortinet has taken advantage of its ASIC chip and network security expertise to drive massive growth in both its SD-WAN and OT security businesses, CEO Ken Xie says. OT devices are difficult to secure on their own, so Fortinet uses its ability to block bad network traffic to keep them secure.

Breach Notification

2 Healthcare Hacks Affect Nearly 300,000 Patients

Marianne Kolbasuk McGee • August 10, 2022

Two hacking incidents - one reported by a Texas-based substance abuse treatment network that operates in several states and the other by a New Mexico community health center - have affected the sensitive medical information of nearly 300,000 individuals.

Black Hat

Black Hat: Web3 Defense, Open-Source Intel & Directory Hacks

Michael Novinson • August 10, 2022

ISMG caught up with 11 security executives in Las Vegas on Tuesday to discuss everything from open-source intelligence and Web3 security to training new security analysts and responding to directory attacks. Here's a look at some of the most interesting things we heard from industry leaders.

Blockchain & Cryptocurrency

North Korean Cryptocurrency Hacking Poised to Get Even Worse

Prajeet Nair • August 9, 2022

North Korean state-sponsored theft of cryptocurrency could intensify once cryptocurrency becomes accepted as a means of payment settlement, said a panelist at a think tank event in Washington. The United States and South Korea in 2021 committed to enhanced collaboration over cybercrime.

Next-Generation Technologies & Secure Development

Sophos' Kris Hagerman on Powering Cybersecurity as a Service

Michael Novinson • August 9, 2022

The rise of ransomware brokers and the continued talent shortage mean defenders increasingly need security technology managed on their behalf, Sophos' Kris Hagerman says. Customers must manage all their security products from a single platform and analyze the data these tools generate, he says.

Governance & Risk Management

OneTrust's Blake Brannon on Unifying Privacy and Governance

Michael Novinson • August 9, 2022

OneTrust has put nearly $1 billion in investment to good use, helping companies address data governance, security assurance, third-party risk and more, Chief Strategy Officer Blake Brannon says. OneTrust has taken on challenges such as monitoring the ethical use of data and verifying compliance.

Cybercrime as-a-service

Ransomware Leak Site Listings Invite Follow-On Attacks

Prajeet Nair • August 9, 2022

Cybercriminals monitor leak sites for newly listed ransomware victims in a bid to try their own hand at dropping encryption malware, says Sophos. The cybersecurity firm says it's seen an uptick in incidents involving multiple criminal gangs demanding a ransom for unencrypted victims' files.