Latest

Fraud Management & Cybercrime

Nova Scotia Health Says 100,000 Affected by MOVEit Hack

Marianne Kolbasuk McGee  •  June 8, 2023

Hackers stole personal information of up to 100,000 employees of Nova Scotia Health by exploiting the zero-day in Progress Software's MOVEit managed file transfer application. The software is widely used in the healthcare sector, warned the U.S. federal government.

Governance & Risk Management

Blackpoint Gets $190M From Bain Capital to Boost MSP Defense

Michael Novinson  •  June 8, 2023

Bain Capital led a $190 million investment into a managed detection and response provider founded by a former National Security Agency computer operations expert. The money will support development of Blackpoint's security technology and enable its MSP partners to combat a changing threat landscape.

Blockchain & Cryptocurrency

Cryptohack Roundup: Court Summons for Binance Chief

Rashmi Ramesh  •  June 8, 2023

This week: A U.S. federal court issued a summons to Binance CEO Changpeng Zhao, Lazarus may be behind the $35 million Atomic Wallet heist, and Manhattan prosecutors seized a scam crypto recovery website. Also, the Blockchain Association weighs in on Tornado Cash, and crypto security attacks decline.

Cybercrime

US Supreme Court Curtails Identity Theft Prosecutions

Marianne Kolbasuk McGee  •  June 8, 2023

The Supreme Court on Thursday narrowed federal prosecutors' ability to bring identity theft charges in an opinion holding that misuse of another person's identification must be the crux of a criminal offense "rather than merely an ancillary feature of a billing method."

Business Email Compromise (BEC)

US DOJ Indicts 6 for $6M Business Email Compromise Scam

Rashmi Ramesh  •  June 8, 2023

U.S. federal prosecutors unsealed indictments Wednesday against six Houston-area men for an alleged six-month spree of business email compromise thefts adding up to nearly $6 million. Business email compromise is a mainstay of social engineering fraud.

Cyberwarfare / Nation-State Attacks

Suspected Nation-State Actors Target US Aerospace Industry

Prajeet Nair  •  June 7, 2023

Suspected nation-state hackers are using malware that researchers say straddles the line between off-the-shelf and advanced tactics in order to target the U.S. aerospace industry. Researchers from Adlumin in May found the malware on a defense contractor's network.

Governance & Risk Management

Dragos Lays Off 9% of Workers as OT Security Spending Slows

Michael Novinson  •  June 7, 2023

Dragos has axed 50 workers after longer sales cycles and smaller initial deployment sizes caused the industrial cybersecurity vendor to miss its first quarter revenue target. Dragos revealed plans to reduce its staff by 9% to ensure the company can stay independent through an IPO or Series E round.

Cybercrime

Hospital Worker Sentenced for HIPAA Crimes in ID Theft Scam

Marianne Kolbasuk McGee  •  June 7, 2023

A former employee of an Arizona hospital has been sentenced to federal prison and ordered to pay restitution to victims after pleading guilty to criminal HIPAA violations and his participation in an identity theft scam that compromised the data of nearly 500 patients.

►

3rd Party Risk Management

Shedding New Light on Software Visibility in the Age of SBOM

Anna Delaney  •  June 7, 2023

With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.

Application Security

Snyk to Acquire App Security Posture Management Startup Enso

Michael Novinson  •  June 7, 2023

Snyk plans to purchase an Israeli startup founded by members of Wix's application security team and backed by CyberArk to help organizations govern developer security. The developer security vendor said its proposed buy of Enso Security will give clients a view of their application security posture.

Governance & Risk Management

A CISO's View: How to Handle an Insider Threat

CyberEdBoard  •  June 7, 2023

In this post of his blog "A CISO's View," security director Ian Keller discusses the importance of having mechanisms in place to report potential personal compromise or potential compromise of another person in your company and provides simple steps for making security everyone's responsibility.

Governance & Risk Management

Google Fixes Actively Exploited Chrome Zero-Day

David Perera  •  June 6, 2023

Google patched a zero-day vulnerability in Chrome, warning consumers that the vulnerability is under active exploitation. The Silicon Valley giant revealed little Monday in a Chrome advisory about the vulnerability, other than saying it is a type confusion flaw in its V8 JavaScript rendering engine.