Latest

Business Continuity Management / Disaster Recovery

US, Israel Initiate Cybersecurity Collaboration Program

Mihir Bagwe  •  July 4, 2022

The U.S. and Israel have agreed a new joint cybersecurity program called BIRD Cyber to enhance the cyber resilience of both countries’ critical infrastructures. Grants of up to $1.5 million will be given to entities who jointly develop advanced cybersecurity applications under this program.

►

3rd Party Risk Management

Constant Vigilance Demanded - Cyber "Not Just Another Risk"

Tony Morbin  •  July 4, 2022

The Biden Executive Order was a catalyst for action, with tight delivery times for action, including promotion of SBOM and Zero Trust. The cyber-physical nexus and expanding threat surface mean it’s not easy to maintain vigilance, but recognizing that is the first step.

Cybercrime

Evilnum Hacking Group Updates TTPs Targeting Fintech

Prajeet Nair  •  July 2, 2022

The Evilnum hacking group has updated its tactics, techniques and procedures, now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. First seen in 2018, the group mainly targets fintech firms in the U.K. and Europe.

Cryptocurrency Fraud

US DOJ Targets Baller Ape Rug Pull and Other Crypto Fraud

Prajeet Nair  •  July 1, 2022

The U.S. Department of Justice is touting a string of indictments against accused cryptocurrency and NFT fraudsters, including against a Vietnamese man who is allegedly behind the Baller Ape rug pull, the largest such NFT fraud to date. Rug pulls are the largest form of cryptocurrency-based crime.

Critical Infrastructure Security

Indian Stock Exchanges Have 6 Hours to Report Cyber Incident

Mihir Bagwe  •  July 1, 2022

India's stock brokers and depository participants must now report all cyberattacks and breaches to the Securities and Exchange Board of India within six hours of detection under a mandate implementing what is likely the world's tightest breach reporting timeline requirement.

Cyberwarfare / Nation-State Attacks

ISMG Editors: Russia's War Has Changed the Cyber Landscape

Anna Delaney  •  July 1, 2022

Four ISMG editors discuss important issues, including how Russia's cyber and kinetic wars in Ukraine have changed the cybersecurity landscape, what recent layoffs at cybersecurity firms mean for the industry and how cybercriminals are taking a page out of the white hat hacker playbook

3rd Party Risk Management

Malware Disrupts Multiple US State Unemployment Websites

Mihir Bagwe  •  July 1, 2022

Unemployment benefits websites across the United States are offline after a malware attack was detected at third-party vendor Geographic Solutions Inc. The vendor, which serves dozens of state labor departments, says no personally identifiable information has been affected by the attack.

Governance & Risk Management

The Mounting Threats to Sensitive Data After Roe v. Wade

Marianne Kolbasuk McGee  •  July 1, 2022

Location data, browser history, IP addresses, and appointment scheduling are among the sensitive data putting individuals' privacy at risk in the wake of the decision to overturn Roe v. Wade, says Alexandra Reeve Givens of the Center for Democracy and Technology.

Cryptocurrency Fraud

North Korea Behind $100M Harmony Theft, Say Researchers

David Perera  •  June 30, 2022

Cryptocurrency experts are fingering North Korea as likely responsible for the cryptocurrency theft of $100 million from the Harmony Horizon bridge. North Korea fuels its nuclear weapons program with stolen cryptocurrency used to dodge international sanctions that prevent ready access to cash.

Governance & Risk Management

HHS Tackles Data Privacy Concerns Linked to Abortion Ruling

Marianne Kolbasuk McGee  •  June 30, 2022

Federal regulators issued health privacy guidance for medical providers and patients and promised to make privacy violations a top HIPAA enforcement priority in the wake of the U.S. Supreme Court overturning Roe v. Wade, the five-decade precedent that guaranteed nationwide access to abortion.

Biometrics

Token Snags Ex-OneSpan Revenue Leader John Gunn as New CEO

Michael Novinson  •  June 30, 2022

Token selected former OneSpan CRO John Gunn as CEO to scale the organization and prepare its wearable authentication ring for large-scale production. Gunn is tasked with sourcing the critical components needed to manufacture the ring and building a base of paying clients for the biometric tool.

Cybercrime

Ukrainian Cops Arrest Phishing Gang That Stole $3.4 Million

Prajeet Nair  •  June 30, 2022

Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.