CoinMarketCap: No Breach Despite 3.1M Email Address Leak

Jeremy Kirk • October 25, 2021

CoinMarketCap says it has found no evidence of a data beach despite the circulation of a list of 3.1 million email addresses that correlates with accounts on its service. Regardless of the source, the list would be useful for attackers to launch phishing attacks against those interested in cryptocurrency.

Critical Infrastructure Security

Accenture: Ransomware Attack Breached Proprietary Data

Latest

Breach Notification

UK's Tesco Supermarket App and Website Disrupted

Mihir Bagwe • October 25, 2021

Grocery retailer Tesco said it faced a service disruption on its app and website. The company told ISMG that the outage was likely due to an attempt to interfere with its systems. On Monday, a company spokesperson said that both the website and app were now "back up and running."

3rd Party Risk Management

Report: SolarWinds Hackers Targeting IT Supply Chain

Dan Gunderman • October 25, 2021

The actor behind the cyberattack targeting SolarWinds customers - Nobelium - is continuing its campaign to target the global IT supply chain, according to a new advisory from Microsoft, which says 140 resellers and tech service providers have been notified that they have been targeted by the group.

Blockchain & Cryptocurrency

DarkSide Transfers $7 Million Worth of Bitcoin

Prajeet Nair • October 25, 2021

Following an outage of the REvil - aka Sodinokibi - ransomware operation due to coordinated law enforcement efforts involving the U.S. and foreign partners, the operators behind DarkSide ransomware have moved bitcoin worth almost $7 million to multiple new wallets, making it more difficult to track.

3rd Party Risk Management

Case Study: Intrusion Prevention, Detection in the Cloud

Marianne Kolbasuk McGee • October 25, 2021

Chronic disease management firm Omada Health has been changing its approach to cloud intrusion prevention and detection, which is reducing time spent on investigating false positives, says the company's information security leader, Bill Dougherty.

Artificial Intelligence & Machine Learning

New Bill Would Secure Government Contractors' Use of AI

Dan Gunderman • October 22, 2021

Two Senate leaders on Thursday introduced legislation that would form a working group charged with monitoring the security of AI data obtained by federal contractors. This body would also ensure that the data adequately protects national security and recognizes privacy rights, the lawmakers say.

Cybercrime

FIN7 Sets Up Fake Pentesting Company Site to Recruit Talent

Mihir Bagwe • October 22, 2021

Threat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure security researchers who could help the group with penetration testing-related activities to enable ransomware attacks.

Blockchain & Cryptocurrency

Malicious Packages Disguised as JavaScript Libraries Found

Prajeet Nair • October 22, 2021

Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines.

Endpoint Detection & Response (EDR)

Forrester Report: Key Questions to Ask XDR Vendors

Anna Delaney • October 22, 2021

The current state of the XDR market is a "chaotic jumble of different features," according to Forrester analyst Allie Mellon, who has authored a new study to identify the top XDR providers in the industry: The Forrester New Wave: Extended Detection And Response (XDR) Providers, Q4 2021.

Blockchain & Cryptocurrency

ISMG Editors’ Panel: Regulators Get Tough on Crypto Firms?

Anna Delaney • October 22, 2021

In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.

Leadership & Executive Communication

Profiles in Leadership: Wouter Veugelen of Oil Search Ltd

Jeremy Kirk • October 22, 2021

It's often noted that some view cybersecurity as putting the brakes on business. But it's actually the opposite, says Wouter Veugelen, CISO of Oil Search Ltd.

Critical Infrastructure Security

Pandemic Plus Ransomware Is 'Perfect Storm' for Healthcare

Marianne Kolbasuk McGee • October 22, 2021

Disturbing findings from a recent study examining the impact of ransomware attacks on patient care must serve as a wake-up call for the healthcare sector to intensify its preparedness to deal with such incidents, say Larry Ponemon of research firm Ponemon Institute and Ed Gaudet of risk management firm Censinet. The...

3rd Party Risk Management

Ransomware Warning: Are Businesses Stepping Up?

Anna Delaney • October 22, 2021

The latest edition of the ISMG Security Report features an analysis of whether businesses are stepping up their ransomware defenses in response to several warnings released by the U.S. and U.K. governments highlighting the threat posed to infrastructure. Also featured are the Thingiverse data breach and airline fraud...