Latest

►

Endpoint Detection & Response (EDR)

Forrester Report: Key Questions to Ask XDR Vendors

Anna Delaney  •  October 22, 2021

The current state of the XDR market is a "chaotic jumble of different features," according to Forrester analyst Allie Mellon, who has authored a new study to identify the top XDR providers in the industry: The Forrester New Wave: Extended Detection And Response (XDR) Providers, Q4 2021.

►

Blockchain & Cryptocurrency

ISMG Editors’ Panel: Regulators Get Tough on Crypto Firms?

Anna Delaney  •  October 22, 2021

In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.

3rd Party Risk Management

Ransomware Warning: Are Businesses Stepping Up?

Anna Delaney  •  October 22, 2021

The latest edition of the ISMG Security Report features an analysis of whether businesses are stepping up their ransomware defenses in response to several warnings released by the U.S. and U.K. governments highlighting the threat posed to infrastructure. Also featured are the Thingiverse data breach and airline fraud...

Cyberwarfare / Nation-State Attacks

US Cracks Down on Sale of Offensive Cybersecurity Tools

Mihir Bagwe  •  October 21, 2021

The U.S. Bureau of Industry and Security has issued an interim final rule to curb and control the export, reexport, or in-country transfer of certain offensive cyber tools that are used in surveillance of private citizens and other malicious activities that undermine the nation's security.

3rd Party Risk Management

Dental Alliance Reports Vendor Breach Affecting 170,000

Marianne Kolbasuk McGee  •  October 21, 2021

The Professional Dental Alliance is notifying more than 170,000 individuals in about a dozen states of a phishing breach involving an affiliated vendor that provides nonclinical management services to dental practices owned by PDA. Why is breach notification so complicated?

3rd Party Risk Management

Ransomware: Average Ransom Payment Stays Steady at $140,000

Mathew J. Schwartz  •  October 21, 2021

When a business, government agency or other organization hit by ransomware opted to pay a ransom to its attacker in Q3, the average payment was $140,000, reports ransomware incident response firm Coveware. It says the attack landscape has seen some notable shifts since the Colonial Pipeline attack.

Cybercrime

4 Bulletproof Hosting Provider Admins Getting Sentenced

Mathew J. Schwartz  •  October 21, 2021

Four extradited Eastern European men have pleaded guilty in U.S. court to one count of conspiring to serve as administrators of a bulletproof hosting service that facilitated online attacks using the Zeus, SpyEye and Citadel Trojans and the Blackhole exploit kit, says the U.S. Department of Justice.

Fraud Management & Cybercrime

Hacker in UPMC Data Theft, Fraud Case Gets Maximum Sentences

Marianne Kolbasuk McGee  •  October 20, 2021

A federal judge has imposed the maximum sentences - a total of seven years in prison - on a hacker who earlier pleaded guilty in a conspiracy case involving the hacking of University of Pittsburgh Medical Center human resources databases and the theft of personal information of 65,000 employees - some which was sold...

3rd Party Risk Management

Ransomware Soap Opera Continues With REvil’s Latest Outage

Mathew J. Schwartz  •  October 20, 2021

Is there any bigger cybercrime soap opera than the life and times of ransomware operators? Take the REvil, aka Sodinokibi, ransomware-as-a-service operation, which feels like it's disappeared and reappeared more times than the secret, identical twin of the protagonist in your favorite melodrama.

Endpoint Detection & Response (EDR)

More Attempted Cyberattacks on Israeli Healthcare Entities

Marianne Kolbasuk McGee  •  October 19, 2021

Israeli officials say they have fended off a wave of attempted cyberattacks on several hospitals and healthcare entities in recent days, as Hillel Yaffe Medical Center continues to recover from a ransomware attack last week that authorities reportedly suspect was carried out by Chinese hackers.

►

Critical Infrastructure Security

Preparing for Ransomware Attacks in the Education Sector

Anna Delaney  •  October 19, 2021

A spate of ransomware incidents affecting the education sector has led to the loss of student coursework, financial records and data relating to COVID-19 testing. Matthew Trump, senior IT security officer for the University of London, U.K., outlines incident response strategies.

Breach Notification

Sinclair TV Stations Targeted in Weekend Ransomware Attack

Dan Gunderman  •  October 18, 2021

Sinclair Broadcast Group, Inc., which owns or operates 186 television stations across 87 U.S. markets, has been hit with a ransomware attack that has disrupted operations. The company says the attack has impacted its ability to deliver advertisements and certain programming.