Besides hacking hospitals and schools, Mikhail Matveev allegedly caused a cheese shortage in the Netherlands, denying residents the rich butterscotch flavor of Gouda. (Image: Shutterstock)

Gouda Hacker: Charges Tie to Ransomware Hit Affecting Cheese

Mathew J. Schwartz • May 30, 2023

How many hackers can claim to have caused a national cheese shortage, not least in the Gouda-loving Netherlands? Enter Mikhail Matveev, a Russian national who's been indicted for wielding not one but three strains of ransomware, in what experts say is a needed focus on ransomware affiliates.

Audit

Android Fingerprint Biometrics Fall to 'BrutePrint' Attack

Latest

Card Not Present Fraud

Invoice and CEO Scams Dominate Fraud Affecting Businesses

Mathew J. Schwartz • May 29, 2023

Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.

Cybercrime

Check Fraud: New Approaches to Solving an Age-Old Problem

Suparna Goswami • May 29, 2023

Check fraud is back although, technically, it never went away. Today, cybercrime groups are openly hawking fraudulent check schemes on the Telegram messaging app. Check fraud is easier and more accessible, and it’s back in the headlines. Experts say banks need to adopt new solutions to curb losses.

Governance & Risk Management

Top Privacy Considerations for Website Tracking Tools

Marianne Kolbasuk McGee • May 29, 2023

Federal regulators are aiming to protect patient information shared on websites. It's increasingly important for healthcare sector entities to take a careful and proactive approach in how they are using website tracking and analytics technologies, said Lokker CEO and privacy expert Ian Cohen.

Breach Notification

Dental Health Insurer Hack Affects Nearly 9 Million

Prajeet Nair • May 27, 2023

An insurance provider that services many state Medicaid agencies and the Children's Health Insurance Program told regulators that hackers compromised the personal and protected health information of nearly 9 million patients in an incident discovered in March.

Cybercrime

Latitude Financial Attack Costs Company Up to AU$105 Million

Mihir Bagwe • May 26, 2023

Australian consumer lender Latitude Financial Services anticipates its spring cybersecurity incident will cost it up to AU$105 million, which includes a five-week period during which debt collection systems were severely affected by the attack.

Managed Detection & Response (MDR)

Expel, CrowdStrike, Red Canary Dominate MDR Forrester Wave

Michael Novinson • May 26, 2023

Expel, CrowdStrike and Red Canary held steady atop Forrester's MDR rankings, while Secureworks and Binary Defense tumbled from the leaders category. Providers have turned their attention from maximizing their efficacy at detecting ransomware to finding faster and better ways to respond to attacks.

Cyberwarfare / Nation-State Attacks

Pegasus Spyware Spotted in Nagorno-Karabakh War

Jayant Chakravarti • May 26, 2023

Digital rights organizations detected Pegasus spyware on the devices of members of Armenian civil society during the outbreak of armed conflict over a disputed region in the South Caucasus region. Access Now called the infections the first known instance of Pegasus spyware use during war.

Fraud Management & Cybercrime

Medical Specialty Practice Says Recent Hack Affects 224,500

Marianne Kolbasuk McGee • May 26, 2023

An upstate New York medical specialty practice has reported to regulators that the information of nearly 224,500 employees and patients was compromised in a hacking incident discovered in March. Ransomware group RansomHouse claims to have downloaded 2 terabytes of the entity's data.

Artificial Intelligence & Machine Learning

OpenAI CEO Altman 'Blackmails' EU Over AI Regulation

Akshaya Asokan • May 26, 2023

ChatGPT will continue to operate inside the European Union despite warnings from OpenAI CEO Sam Altman that he's prepared to pull out from the bloc if he doesn't like regulations being prepared in Brussels. European lawmakers earlier this month proposed new obligations for AI models such as GPT.

Cyberwarfare / Nation-State Attacks

ISMG Editors: How Ukraine's Cyber Defenders Prepped for War

Anna Delaney • May 26, 2023

In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.

Cyberwarfare / Nation-State Attacks

Iranian Hackers Deploy New Ransomware Against Israeli Firms

Anviksha More • May 25, 2023

Security researchers discovered an Iran-linked APT group carrying out a new chain of ransomware attacks against Israeli organizations. Check Point said attackers surprisingly carried out most of the activity manually over RDP but warned they are growing better at coding malware and using tools.

Cyberwarfare / Nation-State Attacks

German Prosecutors Indict FinFisher Spyware Executives

Akshaya Asokan • May 25, 2023

German prosecutors on Monday indicted four executives of insolvent commercial spyware firm FinFisher for illegally exporting their hacking tool to Turkey. The indictment comes as a European Parliament committee concluded an investigation of bloc members' use of commercial spyware.