Image: FTC, Kochava

FTC Files Amended Lawsuit Against Data Broker Kochava

Marianne Kolbasuk McGee • June 6, 2023

The Federal Trade Commission has filed an amended complaint against Kochava, as allowed by a federal judge who last month dismissed the agency's first shot at a lawsuit seeking to permanently stop the data analytics firm from selling geolocation data collected from mobile devices.

Governance & Risk Management

Hackers Exploit Progress MOVEit File Transfer Vulnerability

Latest

Fraud Management & Cybercrime

Clop Ransomware Gang Asserts It Hacked MOVEit Instances

David Perera • June 6, 2023

The Clop ransomware-as-a-service gang said it's the actor behind a spate of hacks taking advantage of a vulnerability in Progress Software's MOVEit managed file transfer application. "We download alot [sic] of your data as part of exceptional exploit," the gang's dark web leak site says.

Governance & Risk Management

Google Fixes Actively Exploited Chrome Zero-Day

David Perera • June 6, 2023

Google patched a zero-day vulnerability in Chrome, warning consumers that the vulnerability is under active exploitation. The Silicon Valley giant revealed little Monday in a Chrome advisory about the vulnerability, other than saying it is a type confusion flaw in its V8 JavaScript rendering engine.

Fraud Management & Cybercrime

Ukraine Warns Against Cyberespionage Campaign

Akshaya Asokan • June 6, 2023

Ukrainian cyber defenders say they've identified a cyberespionage campaign active since mid-2022 that gained unauthorized access to "several dozen" computers. A government spokesperson said Tuesday the campaign targets government agencies and media organizations.

Fraud Management & Cybercrime

Highlights of Verizon Data Breach Investigations Report 2023

Anna Delaney • June 6, 2023

Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.

Fraud Management & Cybercrime

Verizon: When Ransomware Attacks Cost, They're Costing More

Mathew J. Schwartz • June 6, 2023

Criminals are continuing to wield stolen credentials, compromise attacks, ransomware and social engineering to earn an illicit payday, according to Verizon's latest annual analysis of data breaches and how they happened, which finds that post-ransomware cleanup costs are rising.

Artificial Intelligence & Machine Learning

Securing OT and IoT Assets in an Interconnected World

Steve King • June 6, 2023

In this episode of "Cybersecurity Insights," Antoinette Hodes of Check Point Research discusses the need to consolidate an organization's cybersecurity posture, gain visibility into OT and IT assets, and use cybersecurity education to increase worker safety.

Application Security

Cisco Doubles Down on Generative AI, SSE, Cloud App Security

Michael Novinson • June 6, 2023

Cisco took its first major step toward realizing its secure cloud vision in April with the debut of a new extended detection and response platform. The next set of enhancements around generative AI, secure access and defending applications across multiple clouds debuted Tuesday at Cisco Live 2023.

3rd Party Risk Management

Iowa Reports Third Big Vendor Breach This Year

Marianne Kolbasuk McGee • June 5, 2023

The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.

Fraud Management & Cybercrime

Microsoft Attributes MOVEit Transfer Hack to Clop Affiliate

Jayant Chakravarti , David Perera , Mathew J. Schwartz • June 5, 2023

Microsoft says an affiliate of the Russian-speaking Clop ransomware gang is behind a rash of attacks exploiting a recently patched vulnerability in Progress Software's MOVEit application. Known victims include British payroll provider Zellis, which says eight corporate customers were affected.

Business Continuity Management / Disaster Recovery

Why Rubrik Is Looking to Break Cybersecurity's IPO Dry Spell

Michael Novinson • June 5, 2023

Despite the beating new publicly traded security companies have taken during the economic downturn, Rubrik is looking to test its luck in the public market. Reuters reported Monday the firm is working with Goldman Sachs, Barclays and Citigroup in preparation for an IPO that could take place in 2024.

Cybercrime

Chinese APT Backdoor Bypasses Indonesian Antivirus

Jayant Chakravarti • June 2, 2023

A Chinese espionage threat group is using a novel backdoor to bypass popular Indonesian antivirus tool Smadav. Targets include European embassies in Southeast and East Asia. Smadav treats processes with no windows as suspect. The APT gets around that by opening a window not visible to users.

HIPAA/HITECH

Mistrial in Criminal HIPAA Case Against Army Doctor & Spouse

Marianne Kolbasuk McGee • June 2, 2023

A federal judge declared a mistrial in the criminal HIPAA conspiracy case against a married couple, both doctors, after the jury deadlocked on whether the two had been entrapped by the U.S. government into providing patient records to a supposed Russian operative. Prosecutors will seek a retrial.