Latest

Fraud Management & Cybercrime

North Korean Trojanizing Open Source Software

Mihir Bagwe  •  September 30, 2022

North Korean is using weaponized versions of open source utilities to spy on the technology, defense and entertainment sectors worldwide. Microsoft says it spotted fake profiles of supposed job recruiters who really are Pyongyang hackers manipulating victims into downloading Trojans.

Cloud Security

Cloudflare, VCs Join Forces to Give $1.25B Away to Startups

Michael Novinson  •  September 30, 2022

Cloudflare has joined forces with 26 venture capital firms to provide up to $1.25 billion in financing to startups building on the company's developer platform. The Workers Launchpad Funding Program will connect developers with investors around the world to scale their startups faster.

►

Cloud Security

Orca Security's Avi Shua on Making Cloud Safe for Government

Michael Novinson  •  September 30, 2022

Security firms must increasingly follow U.S. government security requirements even if they don't serve federal agencies themselves, says Avi Shua, Orca Security co-founder and CEO. That's because cloud vendors such as Orca often serve businesses that contract or subcontract with the U.S. government.

►

3rd Party Risk Management

ISMG Editors: Will Others Follow US Lead to Legislate SBOMs?

Anna Delaney  •  September 30, 2022

In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.

Email Threat Protection

Possible Chinese Hackers Exploit Microsoft Exchange 0-Days

Prajeet Nair  •  September 30, 2022

Hackers, possibly Chinese, are exploiting Microsoft Exchange zero-day vulnerabilities to apparently implant backdoors and steal credentials. The computing giant says it doesn't yet have a patch, telling systems administrators to instead implement workarounds.

Big Data Security Analytics

Atos Rejects $4.12B Onepoint Bid for Cybersecurity Business

Michael Novinson  •  September 29, 2022

Atos turned down an unsolicited $4.12 billion offer from rival Onepoint to acquire the French conglomerate's $4.8 billion cybersecurity, big data and digital business. Atos received a letter of intent Tuesday related to the acquisition of its Evidian business by Onepoint and private equity fund ICG.

Governance & Risk Management

VA Center's IT Legacy Flaws Common at Other Health Entities

Marianne Kolbasuk McGee  •  September 29, 2022

A watchdog security audit of a south Texas VA center identified a variety of deficiencies related to legacy systems still in use years after no longer being supported with vendor updates. The findings represent the state of security at many organizations across the healthcare sector, experts say.

Cloud Access Security Brokers (CASB)

Zscaler Buys Workflow Automation Firm ShiftRight for $25.6M

Michael Novinson  •  September 29, 2022

Zscaler has bought out of stealth a startup established by the founders of Lacework to automate security management and dramatically reduce incident resolution time. ShiftRight will give customers real-time visibility into their security posture and help them manage an influx of risks and incidents.

Cloud Security

Malware Shifting to Virtual Environments, Warns Mandiant

Prajeet Nair  •  September 29, 2022

Hackers may shift malware attacks into technical environments beyond the reach of endpoint detection and response, says Mandiant. The threat intel firm says it uncovered a novel malware family targeting VMware hypervisors and virtual machine appliances.

Cybercrime

Examining What Went Wrong for Optus

Anna Delaney  •  September 29, 2022

The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.

Critical Infrastructure Security

US Government to Study Cyber Insurance Backstop

David Perera  •  September 28, 2022

The Department of Treasury and the Cybersecurity and Infrastructure Security Agency are soliciting comments on whether risks to critical infrastructure from a catastrophic cyberattack - and the concurrent potential for ruinous financial exposure by insurers - should lead to a new federal approach.

Healthcare

Groups Urge HHS to Extend 'Information Blocking' Deadline

Marianne Kolbasuk McGee  •  September 28, 2022

Healthcare providers and their health IT vendors need more time to meet a pending federal deadline to comply with information-sharing regulations that pertain to an expanding set of electronic health information, say a slew of heavyweight lobbying groups in a letter to federal regulators.