Latest

►

Cybercrime

ISMG Editors: The Plot to Leak US Health Records to Russia

Anna Delaney  •  October 7, 2022

In the latest weekly update, ISMG editors examine the story of a Maryland couple facing charges for giving military medical records to Russia, the sentencing of a former Seattle tech worker for her massive Capital One hack, and why David Hatfield resigned as co-CEO of cloud security vendor Lacework.

Identity & Access Management

How Adversaries Are Bypassing Weak MFA

Anna Delaney  •  October 7, 2022

The latest edition of the ISMG Security Report discusses how adversaries have a new favorite tactic to circumvent MFA, why vendor Akamai is an appealing target for private equity, and what the industry can do differently to attract more females to leadership roles.

Managed Detection & Response (MDR)

Arctic Wolf Gets $401M From Owl Rock to Pursue Acquisitions

Michael Novinson  •  October 6, 2022

Security operations stalwart Arctic Wolf has taken on more than $400 million in debt to pursue acquisitions in the cloud, SIEM, endpoint and XDR markets. The money will fuel an upcoming launch in the Asia-Pacific region and expansion in markets such as South Africa, Benelux and the Nordics.

Finance & Banking

Lloyd's of London Detects Suspicious Network Activity

Akshaya Asokan  •  October 6, 2022

Lloyd's of London is probing a possible cybersecurity incident that led it to yank some systems offline. Details are scarce at the moment, including whether the incident is malicious or involves ransomware and who may have instigated the incident.

Endpoint Security

BD, CISA Warn of Security Flaw in Cancer Testing System

Marianne Kolbasuk McGee  •  October 6, 2022

If exploited, a hard-coded credential vulnerability in certain BD medical laboratory equipment used for cancer screenings could allow an attacker to access, modify or delete sensitive patient information, the manufacturer and federal authorities warn.

Cybercrime

Australia Police Charge Teen With Extorting Optus Victims

Mihir Bagwe  •  October 6, 2022

Police arrested a teenager in his suburban Sydney home for allegedly attempting to extort AU$2,000 from victims of the Optus data breach. The unnamed 19-year-old allegedly threatened to conduct financial crimes using the information of 93 individuals unless he received a payout.

Fraud Management & Cybercrime

NetWalker Ransomware Affiliate Faces 20 Years in US Prison

David Perera  •  October 5, 2022

Canadian Sebastien Vachon-Desjardins received a 20 year prison sentence from a U.S. judge based in Florida after copping to four felonies stemming from a stint as an affiliate of the NetWalker ransomware-as-a-service gang. "This is Jesse James meets the 21st century," said Judge William F. Jung.

Breach Notification

Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up

David Perera , Mathew J. Schwartz  •  October 5, 2022

A U.S. federal jury found Joe Sullivan, former chief security officer of Uber, guilty of covering up a 2016 data breach that exposed the personal information of tens of millions of account holders. The trial was a landmark, likely marking the first time a chief security officer has faced criminal charges over an...

Attack Surface Management

Pen Test Firm NetSPI Gets $410M Boost From KKR to Fuel M&A

Michael Novinson  •  October 5, 2022

Rising offensive cyber star NetSPI has received a massive follow-up investment from KKR to pursue acquisitions and expand its technological and geographic footprint. KKR's $410 million bet comes on the heels of 50% organic sales growth for NetSPI in 2021 and 61% sales growth thus far in 2022.

Cybercrime

Patients Affected By Cybersecurity Event at Hospital Chain

Marianne Kolbasuk McGee  •  October 5, 2022

A cybersecurity incident at Chicago-based CommonSpirit Health, a system of 1,500 healthcare sites across 21 states and one of the nation’s largest nonprofit healthcare systems, is disrupting medical care after the healthcare system took offline some of its electronic health records systems.

►

Leadership & Executive Communication

Why Aren't More Women in Security Leadership Positions?

Anna Delaney  •  October 5, 2022

A man in the cybersecurity field is seven times more likely than a woman to have applied for or been offered the job of CISO, according to a new report from Accenture on the need for more inclusion in the workplace. Experts discuss strategies to close the gap and make hiring more inclusive.

Cloud Security

Lacework Co-CEO David Hatfield Out 4 Months After Layoffs

Michael Novinson  •  October 5, 2022

David "Hat" Hatfield has exited the co-CEO role at Lacework just four months after the cloud security vendor laid off 20% of its employees. The move will bring Lacework's co-CEO experiment to an end after just 14 months, with Facebook engineering head Jay Parikh moving forward as sole CEO.