An artist's representation of the Horizon bridge (Source: Harmony)

North Korea Behind $100M Harmony Theft, Say Researchers

David Perera • June 30, 2022

Cryptocurrency experts are fingering North Korea as likely responsible for the cryptocurrency theft of $100 million from the Harmony Horizon bridge. North Korea fuels its nuclear weapons program with stolen cryptocurrency used to dodge international sanctions that prevent ready access to cash.

ATM / POS Fraud

Ping Identity Debuts $50M Venture Fund to Back IAM Startups

Latest

Email Security & Protection

OpenSea Customer Emails Exposed in Third-Party Breach

Mihir Bagwe • June 30, 2022

Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks. The cause was a rogue employee at a third-party email delivery vendor.

Governance & Risk Management

HHS Tackles Data Privacy Concerns Linked to Abortion Ruling

Marianne Kolbasuk McGee • June 30, 2022

Federal regulators issued health privacy guidance for medical providers and patients and promised to make privacy violations a top HIPAA enforcement priority in the wake of the U.S. Supreme Court overturning Roe v. Wade, the five-decade precedent that guaranteed nationwide access to abortion.

Biometrics

Token Snags Ex-OneSpan Revenue Leader John Gunn as New CEO

Michael Novinson • June 30, 2022

Token selected former OneSpan CRO John Gunn as CEO to scale the organization and prepare its wearable authentication ring for large-scale production. Gunn is tasked with sourcing the critical components needed to manufacture the ring and building a base of paying clients for the biometric tool.

Cybercrime

Ukrainian Cops Arrest Phishing Gang That Stole $3.4 Million

Prajeet Nair • June 30, 2022

Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.

Governance & Risk Management

The Right Way to Change Your Identity Service Providers

Suparna Goswami • June 30, 2022

Markus Kalka, head of security authentication services at Takeda, talks about the challenges of changing identity service providers and shares the experience of consolidating three services into one at his company, a Japanese multinational pharmaceutical.

Email Security & Protection

The Criticality of Reporting Cybercrimes

Anna Delaney • June 30, 2022

For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.

CISO Trainings

Profiles in Leadership: Rob Hornbuckle

Mathew J. Schwartz • June 30, 2022

Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.

Fraud Management & Cybercrime

Zero Trust Architecture: No Firewalls or VPNs

Anna Delaney • June 30, 2022

The latest edition of the ISMG Security Report describes why firewalls and VPNs don't belong in Zero Trust design. It also discusses cybercriminals' evolving ransomware tactics and the devastating price of responding to a ransomware attack, as experienced by Travelex in 2019.

Endpoint Security

CyGlass Separates From Nominet, Pursues XDR Partnerships

Michael Novinson • June 29, 2022

CyGlass completed a management buyout from Nominet just two years after being acquired and wants to build an EDR stack via partnerships. Board and management changes at Nominet in 2021 resulted in the company returning to its registry roots and gave CyGlass workers the chance to buy the company.

Cybercrime

Ransomware Groups Pursue Fresh Monetization Strategies

Mathew J. Schwartz • June 29, 2022

Ransomware-wielding criminals constantly refine their behavior and tactics to maximize the chance of a payday, and recently they have been implementing fresh strategies for monetizing stolen data, says Steve Rivers at threat intelligence firm Kela.

Cyberwarfare / Nation-State Attacks

Russian Cyberattack on Ukrainian TV Channels Blocked

Mihir Bagwe • June 29, 2022

Ukraine says it has thwarted multiple Russian misinformation campaigns, including blocking attempts to penetrate the electronic systems of its TV channels on the eve of its Constitution Day holiday. It also flagged social media accounts spreading fake videos.

Cybercrime

FBI: Deepfake Fraudsters Applying for Remote Employment

Prajeet Nair • June 29, 2022

Threat actors are using deepfakes to apply for remote employment at U.S. tech companies in a bid to gain access to corporate financial and customer data, internal databases and proprietary information. Fraudsters used stolen PII to make deepfake videos for personal interviews, says the FBI.