ISMG Editors: Will SVB Crash Kill Cybersecurity Innovation?

Anna Delaney • March 17, 2023

In the latest weekly update, ISMG editors discuss how the Silicon Valley Bank crash will affect innovation in the cybersecurity space, why the SEC fined cloud provider Blackbaud $3 million for its "erroneous" breach details, and why the feds fined a web hosting firm in a kids' insurance site hack.

Finance & Banking

SVB Collapse Is 'Self-Inflicted Gunshot Wound' for Startups

Latest

Breach Notification

FBI Says It Arrested BreachForums Mastermind 'Pompompurin'

Prajeet Nair • March 18, 2023

Federal agents arrested the alleged administrator of criminal underground forum BreachedForums, tracing him to a small town in New York's Hudson Valley. FBI agents say Conor Brian Fitzpatrick, resident of Peekskill, confessed to being "pompompurin."

Governance & Risk Management

European Digital Identity Bill Heads to Final Negotiations

Akshaya Asokan • March 17, 2023

The European Parliament approved Thursday legislation creating a continentwide framework for digital identity that European leaders hope will diminish the role of big tech companies such as Google and Apple. Members of the European Parliament have pushed for additional privacy measures.

Attack Surface Management

Chinese Hackers Targeting Security and Network Appliances

Prajeet Nair • March 17, 2023

Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch. Mandiant researchers say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes.

Fraud Management & Cybercrime

TikTok Says US Threatens Ban Unless Chinese Owners Divest

Mathew J. Schwartz • March 17, 2023

TikTok says the Biden administration has demanded that the company's Chinese owners divest their stake in the company or risk seeing the app get banned in America. The U.S., Canada, EU, U.K. and New Zealand have all banned the use of TikTok on government devices, citing national security concerns.

Fraud Management & Cybercrime

Magniber Ransomware Group Exploiting Microsoft Zero-Day

Akshaya Asokan • March 16, 2023

A financially motivated hacking group has been exploiting a now-patched zero-day vulnerability in the Windows operating system to deliver ransomware. Google Threat Analysis Group attributed the campaign to Magniber ransomware group. Microsoft issued a patch in its March dump of fixes.

Fraud Management & Cybercrime

Breach Roundup: Med Devices, Hospitals and a Death Registry

Mihir Bagwe • March 16, 2023

In this week's data breach roundup: medical device manufacturer Zoll, CHU University hospitals, Australian company Latitude Financial, Hawaiian death registry, Los Angeles Housing Authority, Indian Railway ticketing app, updates on U.S. Marshals Service and Congress, and a new ransomware decryptor!

Endpoint Security

Microsoft, CrowdStrike Lead Endpoint Protection Gartner MQ

Michael Novinson • March 16, 2023

Microsoft and CrowdStrike once again dominate Gartner's Magic Quadrant for Endpoint Protection. Cybereason has risen to the leaders quadrant and Trellix has fallen to a niche player. The endpoint protection market has rapidly matured in recent years - 50% of organizations have already adopted EDR.

General Data Protection Regulation (GDPR)

What Does the UK Version of GDPR Mean for Businesses?

Anna Delaney • March 16, 2023

The U.K. government recently embarked on a plan to create its own version of the EU's General Data Protection Regulation, but attorney Jonathan Armstrong says he is "pretty skeptical" that this second attempt at privacy reform will successfully make it through the country's Parliament.

Geo-Specific

Australian Non-Bank Lender Discloses Hacks of Customer Data

Prajeet Nair • March 16, 2023

Australian personal lending provider Latitude Financial Services disclosed to regulators on Thursday hacking incidents affecting more than 300,000 consumers. "Sophisticated" hackers made off with nearly 103,000 driver's licenses and an additional 225,000 "customer records," the company said.

Blockchain & Cryptocurrency

Cryptohack Roundup: ChipMixer, Euler Finance, Unpatched Bugs

Rashmi Ramesh • March 16, 2023

Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. In focus between March 10 and 16: a ChipMixer takedown, Euler Finance and Poolz Finance hacks, bugs on 280 blockchains, Dero coin, and a report from the Financial Action Task Force on ransomware financing.

Cyberwarfare / Nation-State Attacks

Microsoft Fixes Russia-Exploited Zero-Day

Prajeet Nair • March 15, 2023

Microsoft's March dump of patches fixes two actively exploited zero-day vulnerabilities, including a critical issue in Outlook that Russian threat actor APT28 has used to target European companies. The vulnerability can be exploited before a user views the email in the Preview Pane.

Blockchain & Cryptocurrency

ChipMixer Shut Down for Allegedly Laundering $3 Billion

Rashmi Ramesh • March 15, 2023

U.S. and German police seized darknet cryptocurrency anonymizing service ChipMixer, which federal prosecutors say cybercriminals used to launder $3 billion including proceeds from ransomware extortion and North Korean cryptocurrency hacking. Among its alleged customers: LockBit and the Russian GRU.