Bank of the West Customers Hit by ATM Skimmer Attack

Mihir Bagwe • June 29, 2022

Fraudsters compromised debit card numbers and associated PINs, and possibly names and addresses, of an undisclosed number of Bank of the West customers. Unknown thieves installed skimmers in a "small number of ATMs," the bank's COO, Karl Werwath, tells ISMG.

►

Critical Infrastructure Security

Paying Ransomware Actors: 'It's a Business Decision'

Latest

Endpoint Security

CyGlass Separates From Nominet, Pursues XDR Partnerships

Michael Novinson • June 29, 2022

CyGlass completed a management buyout from Nominet just two years after being acquired and wants to build an EDR stack via partnerships. Board and management changes at Nominet in 2021 resulted in the company returning to its registry roots and gave CyGlass workers the chance to buy the company.

Cybercrime

Ransomware Groups Pursue Fresh Monetization Strategies

Mathew J. Schwartz • June 29, 2022

Ransomware-wielding criminals constantly refine their behavior and tactics to maximize the chance of a payday, and recently they have been implementing fresh strategies for monetizing stolen data, says Steve Rivers at threat intelligence firm Kela.

Events

Addressing Misconceptions About Cryptography

Anna Delaney • June 29, 2022

Organizations need to move away from spending money on perimeter security and instead focus on "protecting critical assets using encryption and key management," says Brad Beutlich, of Entrust. "At this point in time, the hackers cannot break encryption technologies," he adds.

Cyberwarfare / Nation-State Attacks

Russian Cyberattack on Ukrainian TV Channels Blocked

Mihir Bagwe • June 29, 2022

Ukraine says it has thwarted multiple Russian misinformation campaigns, including blocking attempts to penetrate the electronic systems of its TV channels on the eve of its Constitution Day holiday. It also flagged social media accounts spreading fake videos.

Cybercrime

FBI: Deepfake Fraudsters Applying for Remote Employment

Prajeet Nair • June 29, 2022

Threat actors are using deepfakes to apply for remote employment at U.S. tech companies in a bid to gain access to corporate financial and customer data, internal databases and proprietary information. Fraudsters used stolen PII to make deepfake videos for personal interviews, says the FBI.

Events

The Future of Corporate Network Security on the Internet

Anna Delaney • June 29, 2022

The emergence of remote working, the cloud, and digital transformation initiatives are prompting companies to look toward replacing traditional on-premises firewalls, say Perimeter 81 co-founder and CEO Amit Bareket and CMO Gily Netzer. They discuss the future of securing hybrid work environments.

Events

Move From a Reactive to a Proactive State With Intelligence

Michael Novinson • June 29, 2022

Building out a threat intelligence program is no easy feat for even the largest and most resource-rich organizations, and the challenges are only amplified for smaller companies that have limited budget or personnel, according to AJ Nash, ZeroFox's vice president of threat intelligence.

Governance & Risk Management

Italian Watchdog Says Google Analytics a Privacy Violation

Prajeet Nair • June 28, 2022

Italy joined France and Austria in warning domestic companies to shy away from Google Analytics. The decision by the Italian data protection authority highlights ongoing legal uncertainty concerning trans-Atlantic transfers of commercial data.

Cybercrime as-a-service

Ransomware-as-a-Service Gang LockBit Has Bug Bounty Program

Prajeet Nair • June 27, 2022

Ransomware-as-a-service gang LockBit has set up a bug bounty program for its malware and for exploitable vulnerabilities it could use to further criminal activities. Whether the program will go as planned is an open question. The gang is offering $1,000 to $1 million in remuneration.

Network Detection & Response

IronNet Lays Off 17% of Staff 10 Months After Going Public

Michael Novinson • June 27, 2022

IronNet is laying off 17% of its employees in a cost-cutting effort just 10 months after going public by merging with a special purpose acquisition company. The 55 layoffs will occur by the end of June and the company will spend the $1 million allocated for severance and other termination benefits.

Business Continuity Management / Disaster Recovery

ISMG Editors: When an Insider Threat Costs Millions

Anna Delaney • June 27, 2022

Four ISMG editors discuss important cybersecurity issues, including how Canada's Desjardins Group settled a data breach lawsuit for $155 million, how Facebook is being sued after allegedly violating patient privacy, and highlights from ISMG's Northeast Summit held in New York this week.

Access Management

Latest Blow Falls on the 'Scourge of Passwords'

Information Security Media Group • June 27, 2022

Tired of keeping track of passwords? Recent announcements by major platform vendors Google, Apple and Microsoft could have passwords down for the count in the next six years, says Andrew Shikiar, executive director of the FIDO Alliance, which has been on a 10-year mission to eliminate passwords.