Frank Holding Jr., CEO, First Citizens Bank (Image: First Citizens)

First Citizens CEO: We'll Preserve Strong SVB Bond With VCs

Michael Novinson • March 27, 2023

Silicon Valley Bank's new owner plans to double down on business with venture capital and private equity firms and the portfolio companies they serve. VC and PE-focused business accounts form the largest segment of the combined $143 billion loan portfolio of First Citizens and Silicon Valley Bank.

Cyberwarfare / Nation-State Attacks

Russians Can Use Crypto to Evade Sanctions, Researchers Warn

Latest

Fraud Management & Cybercrime

Ransomware Groups Seek Fresh Tactics Following Hive Takedown

Mathew J. Schwartz • March 27, 2023

Stung by the FBI's infiltration and takedown of the Hive ransomware group, other ransomware operators have been retooling their approaches to make their attacks more effective and operations tougher to disrupt, says Yelisey Bohuslavskiy, chief research officer at threat intelligence firm Red Sense.

Artificial Intelligence & Machine Learning

ChatGPT Exposed Payment Card Data of Subscribers

Prajeet Nair • March 26, 2023

A now-patched bug that caused OpenAI to take down the ChatGPT chatbot for nine hours on Monday also revealed the last four digits of payment cards, the company disclosed Friday. One user said he saw the history of another account including the topics "phobia of rats" and "sexist music video clips."

Cybercrime

3-Year JS Injection Campaign Targets 51,000 Websites

Prajeet Nair • March 25, 2023

A widespread ongoing malicious JavaScript injection campaign first detected in 2020 has targeted over 51,000 websites, redirecting victims to malicious content such as adware and scam pages. Attackers are using several obfuscation tactics to bypass detection.

3rd Party Risk Management

Clop GoAnywhere Attacks Have Now Hit 130 Organizations

Prajeet Nair • March 25, 2023

So far, the Clop ransomware group campaign using a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT, has compromised networks used by 130 different organizations. The gang has so far taken responsibility for over 50 hacks.

Cybercrime

How BreachForums' 'Pompompurin' Led the FBI to His Home

David Perera • March 24, 2023

The alleged administrator of criminal online forum BreachForums may have thought he took steps to hide his real identity, but instead he left a trail of digital breadcrumbs that led to his arrest and prosecution, shows information unsealed in federal court.

Incident & Breach Response

Corelight Pursues IR Partnerships, Smaller Enterprise Deals

Michael Novinson • March 24, 2023

Corelight has cemented partnerships with incident response firms and extended its capabilities from large enterprises to midsized enterprises to further the reach of its technology. Corelight allows its product to be used by CrowdStrike's incident response team during network-based investigations.

Encryption & Key Management

GitHub Replaces Private RSA SSH Key After Public Exposure

Mathew J. Schwartz • March 24, 2023

GitHub has replaced its private RSA SSH host key after discovering it was being inadvertently exposed to the public via a GitHub repository. Used to safeguard SSH access to Git operations, a bad actor could use the key to impersonate GitHub or eavesdrop. But GitHub reported no signs of abuse.

Cyberwarfare / Nation-State Attacks

ISMG Editors: What's Next in Russia's Cyber War?

Anna Delaney • March 24, 2023

In the latest weekly update, ISMG editors discuss how Russia's invasion of Ukraine upended the cybercrime ecosystem, a lawsuit against a U.S. cardiovascular clinic that seeks a long list of security improvements, and the latest endpoint protection technology trends in the Gartner Magic Quadrant.

Cybercrime

Report: Threat Landscape Growing Scarier for Healthcare

Marianne Kolbasuk McGee • March 23, 2023

Threats that traditionally menaced other industries - including synthetic accounts and abuse of IT product platforms - are emerging worries for the healthcare sector, warns an industry report. Other experts also predict a similar evolution among criminal activities affecting the healthcare sector.

Breach Notification

Breach Roundup: Ferrari, Indian Health Ministry and the NBA

Mihir Bagwe • March 23, 2023

This week's roundup of cybersecurity incidents around the world includes attacks on luxury car manufacturer Ferrari, the Indian health system and a Dutch maritime logistics company. Other data breach incidents involve the NBA, Lionsgate, the city of Oakland, McDonald's and Samsung.

Card Not Present Fraud

Online Card Fraud Flourishes, Thanks to the Magnetic Stripe

Suparna Goswami • March 23, 2023

EMV chip technology has taken a major bite out of credit card fraud at the point of sale, but card-not-present fraud continues to flourish thanks to an age-old technology - the magnetic stripe, says Mark Solomon, international president, International Association of Financial Crimes Investigators.

Identity & Access Management

Splashtop Buys Foxpass to Bring Enterprise IAM to the Masses

Michael Novinson • March 23, 2023

Remote access provider Splashtop has bought server and network access management vendor Foxpass to get better visibility across co-managed and multi-tenant environments. The acquisition of Foxpass will simplify the onboarding experience for developers while ensuring passwords aren't being shared.