Latest

Fraud Management & Cybercrime

Ransomware Gang Uses Log4Shell

Prajeet Nair  •  June 24, 2022

Ransomware group AvosLocker made use of unpatched VMWare Horizon applications to hack into an unidentified organization’s systems, says analysis from Cisco Talos. The race between systems administrators and hackers to patch the Log4j vulnerability is ongoing.

Cybercrime

After Conti Ransomware Brand Retires, Spinoffs Carry On

Mathew J. Schwartz  •  June 24, 2022

The Conti ransomware group officially pulled the plug on its operation in May. But experts say the group's activities have continued in the form of numerous already-launched subsidiaries or spinoffs, which appear to include Alphv/BlackCat, AvosLocker, Black Basta and HelloKitty, among others.

►

Business Continuity Management / Disaster Recovery

'When, Not If': Crafting Cyber Resilience Plans That Work

Mathew J. Schwartz  •  June 24, 2022

To excel at cybersecurity incident response, start with planning, preparation and, ideally, regular tabletop exercises, say Kevin Li, CISO for MUFG Securities Americas, and Rocco Grillo, managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice.

3rd Party Risk Management

Lawsuits in Wake of MCG Health Data Breach Start Piling Up

Marianne Kolbasuk McGee  •  June 24, 2022

Four proposed federal class action lawsuits filed in recent days against MCG Health LLC in the wake of a recently disclosed 2020 hacking incident affecting up to 1.1 million individuals allege negligence and violations of various laws by the clinical guidelines vendor.

Identity & Access Management

Ping Identity Debuts $50M Venture Fund to Back IAM Startups

Michael Novinson  •  June 23, 2022

Ping Identity is making a $50 million bet it can integrate cutting-edge technology into its own stack through a new in-house corporate venture fund to support identity and access management technology startups. "We want to have a nice overall corporate strategy portfolio," says Ping's Anton Papp.

Endpoint Security

Federal Authorities Warn of Cardio Product Security Flaws

Marianne Kolbasuk McGee  •  June 23, 2022

A popular line of portable electrocardiographs contains vulnerabilities that allow hackers to execute commands and access sensitive information, federal authorities warn. Device manufacturer Hillrom Medical has released a patch and coordinated disclosure with CISA.

Business Continuity Management / Disaster Recovery

Cybercrime: Conti Ransomware Retools After Backing Moscow

Anna Delaney  •  June 23, 2022

The latest edition of the ISMG Security Report investigates the reboot of ransomware group Conti, which supports Russia's invasion of Ukraine. It also discusses why paying ransomware actors is a "business decision" and how to respond to the talent shortage in the financial sector.

Cloud Security

Cloudflare Outage Whacks 19 Data Centers for Global Traffic

Michael Novinson  •  June 22, 2022

A massive Cloudflare outage that left many of the world's most popular websites inaccessible for 75 minutes was caused by a network configuration change gone awry. The change was meant to increase resilience in 19 of Cloudflare's busiest data centers that handle much of the global traffic.

►

Events

Why Diversity Is the Defender's Greatest Weapon

Anna Delaney  •  June 22, 2022

CISO Patricia "Patti" Titus says the cybersecurity sector is "still struggling" with the diversity and inclusion it requires. "The things we do really impact all of our end users, employees and customers," she says, so you need "the broadest skill set possible when you're making decisions."

►

3rd Party Risk Management

Techniques to Improve Supply Chain Confidence

Anna Delaney  •  June 22, 2022

Former ISACA board chair Rob Clyde shares highlights from ISACA's "Supply Chain Security Gaps: A 2022 Global Research Report," in which 25% of respondents say they experienced a supply chain attack last year, and offers recommendations for assessments and testing of software.

Cloud Security

Zscaler Posture Control Correlates, Prioritizes Cloud Risks

Michael Novinson  •  June 22, 2022

Zscaler is unveiling a posture control offering that allows customers to address everything from unpatched vulnerabilities in containers and VMs to excessive entitlements and permissions. The tool combines CSPM and CIEM with native IAC and vulnerability and patch management capabilities.

Access Management

Industrial Cybersecurity Alert: 56 Insecure-by-Design Flaws

Mathew J. Schwartz  •  June 22, 2022

The U.S. Cybersecurity and Infrastructure Security Agency has begun issuing alerts about 56 flaws across operational technology equipment built by 10 different vendors. Researchers at Forescout Technologies say the flaws trace to poor design decisions by vendors.