Latest

Encryption & Key Management

EU Lawmaker Questions CSAM Proposal 'Conflicts of Interest'

Akshaya Asokan  •  October 2, 2023

The head of a key European Parliament committee said he's concerned about media reports suggesting that a proposal mandating that instant messenger apps scan for CSAM was crafted under the influence of an American tech foundation and a nonprofit with ties the British and U.S. government.

Governance & Risk Management

Chertoff Group Arm to Buy Trustwave From Singtel for $205M

Michael Novinson  •  October 2, 2023

The private equity arm of former Secretary of Homeland Security Michael Chertoff's advisory firm agreed to purchase MDR vendor Trustwave for $205 million. The deal will allow Singtel to refocus its business in APAC and boost shareholder value by optimizing resource allocation.

Fraud Management & Cybercrime

Some Prospect Medical Hospitals in Dire State, Post-Attack

Marianne Kolbasuk McGee  •  October 2, 2023

An August cyberattack on a national hospital chain may make medical care in underserved areas of Connecticut even harder to obtain now that a would-be buyer said it's having second thoughts about going through with the deal. The Rhysida group claimed responsibility for an attack on Prospect Medical.

Cyberwarfare / Nation-State Attacks

Hackers Impersonate Meta Recruiter to Target Aerospace Firm

Prajeet Nair  •  October 1, 2023

Researchers discovered an undocumented backdoor being used by the North Korean Lazarus Group to target a Spanish aerospace company. The attacker masqueraded as a Meta recruiter and tricked the victim into downloading and executing malicious files on a company device.

Next-Generation Technologies & Secure Development

CrowdStrike Boosts Israeli Startup Ties With AWS Partnership

Michael Novinson  •  September 29, 2023

CrowdStrike has joined forces with Amazon Web Services to familiarize itself with more Israeli cyber startups earlier in their development life cycle. The Cybersecurity Startup Accelerator will provide EMEA-based companies with mentorship, technical expertise and partnership opportunities.

Governance & Risk Management

Bugs Found in Another Progress Software File Transfer App

Prajeet Nair  •  September 29, 2023

Progress Software is again sending customers on a scramble to install emergency patches, this time for its secure FTP server software. The advisory comes months after hackers took advantage of a zero-day in the company's MOVEit file transfer software in a hacking campaign affecting tens of millions.

Artificial Intelligence & Machine Learning

NSA Stands Up New Organization to Harness AI

Rashmi Ramesh  •  September 29, 2023

The NSA has set up a new organization to oversee artificial intelligence in national security systems. Dubbed the AI Security Center, the unit will consolidate the agency's AI activities and support the government's effort to "maintain its competitive edge in AI," said Army Gen. Paul Nakasone.

Endpoint Security

Inside Look: FDA's Cyber Review Process for Medical Devices

Marianne Kolbasuk McGee  •  September 29, 2023

Medical device makers in their premarket submissions to the Food and Drug Administration under the agency's new "refuse to accept" policy for cybersecurity should pay close attention to details such as a product's software bill of materials and vulnerability management, said Jessica Wilkerson of FDA.

Governance & Risk Management

Chrome Patches 0-Day Exploited by Commercial Spyware Vendor

Mihir Bagwe  •  September 28, 2023

Google rolled out an urgent Chrome browser security update to address a zero day actively exploited by a commercial spyware vendor. The high-severity bug is the fifth zero day patched by Chrome this year. Google did not provide details, only stating that it is aware of an exploit in the wild.

Cryptocurrency Fraud

Study Reveals Conti Affiliates Money Laundering Practices

Akshaya Asokan  •  September 28, 2023

Contrary to the popular notion that ransomware hackers are sophisticated launderers of their stolen money, research shows they use straightforward mechanisms to transfer their bitcoin - allowing researchers to follow their money trail. Only a sliver transacted with a crypto mixer.

Security Operations

Nord Security Raises $100M on $3B Valuation to Go After M&A

Michael Novinson  •  September 28, 2023

The maker of the world's most popular VPN service hauled in $100 million on a $3 billion valuation to accelerate growth through mergers and acquisitions. The Warburg Pincus-led investment will allow the Lithuania-based internet privacy and security vendor to expand its product offering.

Cybercrime

Breach Roundup: Johnson Controls Suffers Ransomware Attack

Anviksha More  •  September 28, 2023

This week: Johnson Controls suffers a ransomware attack, the Philippine state health insurance program struggles to recover from a ransomware and Air Canada reports a cyberattack. Also: an APT group uses the American Red Cross as bait and new malware targets would-be users of Bitwarden.