Robert M. Lee, founder and CEO, Dragos (Image: Dragos)

Uniform Infrastructure Raises Risk for Industrial Attacks

Michael Novinson • January 26, 2023

The increased physical connectivity of digital assets has expanded the attack surface and added complexity for engineers in industrial environments, says Dragos CEO Robert Lee. More industrial automation and new systems have made it tougher for plant operators to conduct root cause analysis.

Fraud Management & Cybercrime

Lessons to Learn From CircleCI's Breach Investigation

Latest

Identity & Access Management

OneSpan to Buy ProvenDB to Securely Store, Vault Documents

Michael Novinson • January 26, 2023

OneSpan plans to purchase an Australian startup founded by a longtime Quest Software executive to securely store and vault documents based on blockchain technology. Melbourne, Victoria-based ProvenDB uses blockchain to deliver security that prevents data tampering and document alteration.

Fraud Management & Cybercrime

2 Hacks Involving Mental Health Data Affected Nearly 400,000

Marianne Kolbasuk McGee • January 26, 2023

Two hacking breaches - one at a non-profit provider of foster care, mental health and substance treatment services, and the other at a provider of behavioral health services - have affected sensitive information of nearly 400,000 individuals.

Fraud Management & Cybercrime

Facebook, Instagram Blasted for 'Lame' Security Practices

Anna Delaney , Cal Harrison • January 26, 2023

Meta's popular social media platforms are increasingly being targeted by cybercriminals, and account takeover complaints rose over 1,000% last year. This social threat is spilling over into banks and government agencies, and experts criticize Meta for moving too slowly to address security issues.

Cyberwarfare / Nation-State Attacks

Ukraine's Critical Sectors Targeted in Phishing Attack Surge

Mathew J. Schwartz • January 26, 2023

While Russian military forces and allied groups continue to pummel Ukrainian targets with online attacks, security experts tracked a phishing and malware surge at the end of 2022, even as U.S. intelligence said the war was running at a "reduced tempo."

Governance & Risk Management

ISACA Survey: Privacy in Practice 2023 Highlights

Anna Delaney • January 26, 2023

ISACA's recently published Privacy in Practice 2023 survey report shares new research related to the privacy workforce, privacy skills, privacy by design and the future of privacy. Expert Safia Kazi shares ways organizations can align privacy goals with business objectives.

Next-Generation Technologies & Secure Development

Venture Capitalist: Now Is an Ideal Time to Invest in Cyber

Tom Field • January 26, 2023

Valuations are down, some companies have left the market altogether, and some even have announced deep rounds of layoffs. Yet, Alberto Yépez of Forgepoint Capital retains optimism for the cybersecurity marketplace in 2023 and says now is the ideal time to be ramping up investments in innovation.

Privileged Access Management

Delinea Snags David Castignola as CRO to Push Beyond Banking

Michael Novinson • January 25, 2023

Privileged access management vendor Delinea has hired longtime RSA sales leader David Castignola to expand beyond North America as well as in nonregulated industries. Delinea hopes to increase sales beyond verticals such as financial services, banking, healthcare, insurance and the public sector.

Governance & Risk Management

Clinic Reports Tracking Pixel Breach Involving 3rd Party

Marianne Kolbasuk McGee • January 25, 2023

A Midwest specialty medical care clinic has reported to regulators a health data breach affecting 134,000 patients involving one of its critical partners' previous use of Meta Pixel and Google tracking codes embedded in its websites and patient portals.

Cloud Security

Microsoft 365 Cloud Service Outage Disrupts Users Worldwide

Mathew J. Schwartz • January 25, 2023

Microsoft blamed an internal network configuration change for outages that disrupted access to Microsoft 365 services, including Microsoft Teams and Outlook, for users around the world. The change has been rolled back and additional infrastructure added to speed restoration, it says.

Identity & Access Management

Microsoft Security Sales Hit $20B as Consolidation Increases

Michael Novinson • January 24, 2023

The world's largest cybersecurity vendor continues to pull away from the competition. Microsoft's security sales surpassed $20 billion in 2022 after 33% annual growth. The cloud computing and software giant continues to reap the rewards of security tool consolidation.

Government

VA: Contractors Have 1 Hour to Report a Security Incident

Marianne Kolbasuk McGee • January 24, 2023

An update to acquisition regulations within the Department of Veterans Affairs says that contractors have one hour to report a security and privacy incident. The clock starts ticking after the incident has been discovered. The department says the rule change only codifies an existing requirement.

Endpoint Security

EU PEGA Committee Hears Call for Policy Overhaul on Spyware

Akshaya Asokan • January 24, 2023

The European Parliament's Pegasus spyware committee heard draft recommendations calling for a ban on the commercial buying and selling of zero-day exploits and for an immediate moratorium on the sale and use of advanced spyware. The committee expects to finalize the recommendations this spring.