Besides hacking hospitals and schools, Mikhail Matveev allegedly caused a cheese shortage in the Netherlands, denying residents the rich butterscotch flavor of Gouda. (Image: Shutterstock)

Gouda Hacker: Charges Tie to Ransomware Hit Affecting Cheese

Mathew J. Schwartz • May 30, 2023

How many hackers can claim to have caused a national cheese shortage, not least in the Gouda-loving Netherlands? Enter Mikhail Matveev, a Russian national who's been indicted for wielding not one but three strains of ransomware, in what experts say is a needed focus on ransomware affiliates.

Audit

Android Fingerprint Biometrics Fall to 'BrutePrint' Attack

Latest

General Data Protection Regulation (GDPR)

Microsoft Revises Bing Cookie Policy in France

Akshaya Asokan • May 30, 2023

Microsoft Ireland revised its cookie policy for the Bing search engine in France after it received a reprimand from the country's data protection agency for privacy violations. The revision ensures Microsoft will not pay an additi0oanl 60,000 euro fine for each day of noncompliance.

Endpoint Security

Apple Patched System Integrity Protection Bypass Vuln

Prajeet Nair • May 30, 2023

A now-patched macOS vulnerability allows attackers with root access to bypass a kernel-level security feature that prevents malicious software from modifying protected files. An attacker could use the exploit to load malware itself shielded by Apple's System Integrity Protection.

3rd Party Risk Management

Synopsys Extends Lead in Gartner MQ for App Security Testing

Michael Novinson • May 30, 2023

Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.

HIPAA/HITECH

Where Hospitals Are Still More Cyber Reactive Than Proactive

Marianne Kolbasuk McGee • May 30, 2023

Many hospitals are still more reactive than proactive in terms of embracing recommended best practices that can advance their cybersecurity maturity level, said Steve Low, president of KLAS Research, and Ed Gaudet, CEO of consulting firm Censinet, who discuss findings of a recent benchmarking study.

Card Not Present Fraud

Invoice and CEO Scams Dominate Fraud Affecting Businesses

Mathew J. Schwartz • May 29, 2023

Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.

Cybercrime

Check Fraud: New Approaches to Solving an Age-Old Problem

Suparna Goswami • May 29, 2023

Check fraud is back although, technically, it never went away. Today, cybercrime groups are openly hawking fraudulent check schemes on the Telegram messaging app. Check fraud is easier and more accessible, and it’s back in the headlines. Experts say banks need to adopt new solutions to curb losses.

Governance & Risk Management

Top Privacy Considerations for Website Tracking Tools

Marianne Kolbasuk McGee • May 29, 2023

Federal regulators are aiming to protect patient information shared on websites. It's increasingly important for healthcare sector entities to take a careful and proactive approach in how they are using website tracking and analytics technologies, said Lokker CEO and privacy expert Ian Cohen.

Breach Notification

Dental Health Insurer Hack Affects Nearly 9 Million

Prajeet Nair • May 27, 2023

An insurance provider that services many state Medicaid agencies and the Children's Health Insurance Program told regulators that hackers compromised the personal and protected health information of nearly 9 million patients in an incident discovered in March.

Cybercrime

Latitude Financial Attack Costs Company Up to AU$105 Million

Mihir Bagwe • May 26, 2023

Australian consumer lender Latitude Financial Services anticipates its spring cybersecurity incident will cost it up to AU$105 million, which includes a five-week period during which debt collection systems were severely affected by the attack.

Managed Detection & Response (MDR)

Expel, CrowdStrike, Red Canary Dominate MDR Forrester Wave

Michael Novinson • May 26, 2023

Expel, CrowdStrike and Red Canary held steady atop Forrester's MDR rankings, while Secureworks and Binary Defense tumbled from the leaders category. Providers have turned their attention from maximizing their efficacy at detecting ransomware to finding faster and better ways to respond to attacks.

Cyberwarfare / Nation-State Attacks

Pegasus Spyware Spotted in Nagorno-Karabakh War

Jayant Chakravarti • May 26, 2023

Digital rights organizations detected Pegasus spyware on the devices of members of Armenian civil society during the outbreak of armed conflict over a disputed region in the South Caucasus region. Access Now called the infections the first known instance of Pegasus spyware use during war.

Fraud Management & Cybercrime

Medical Specialty Practice Says Recent Hack Affects 224,500

Marianne Kolbasuk McGee • May 26, 2023

An upstate New York medical specialty practice has reported to regulators that the information of nearly 224,500 employees and patients was compromised in a hacking incident discovered in March. Ransomware group RansomHouse claims to have downloaded 2 terabytes of the entity's data.