Photo: Cisco

Cisco Hacked: Firm Traces Intrusion to Initial Access Broker

Mathew J. Schwartz • August 11, 2022

Cisco says it fell victim to a successful hack attack and data breach in May. While an attacker wielding Yanluowang ransomware claimed to have exfiltrated data and crypto-locked systems, Cisco says nothing sensitive was stolen and no systems were infected by ransomware.

Anti-Money Laundering (AML)

Tracking Ransomware: Here's Everything We Still Don’t Know

Latest

Business Email Compromise (BEC)

Alleged Business Email Compromise Fraudsters Extradited

Prajeet Nair • August 11, 2022

Three Nigerian nationals accused of participating in multimillion-dollar business email compromise fraud with a fixation on universities arrived in the United States after extradition from the United Kingdom. They allegedly attempted to steal more than $5 million.

Blockchain & Cryptocurrency

FTC Probes BitMart After $200M Theft at Crypto Exchange

Rashmi Ramesh • August 11, 2022

A newly disclosed probe shows the Federal Trade Commission is investigating operators of BitMart, a cryptocurrency platform that lost $200 million of investor funds in one of the biggest crypto cyberattacks of 2021. The agency is scrutinizing the companies to see if they misled consumers.

Training & Security Leadership

Profiles in Leadership: Bruce Phillips

Tom Field • August 11, 2022

As CISO of West, a Williston Financial Group company, Bruce Phillips recognizes that cybersecurity is not the enterprise's core business. But what, then, is the right level of cybersecurity to bring to a nonsecurity business? He discusses this and other leadership challenges.

Governance & Risk Management

FTC Initiates Privacy and Data Security Rule-Making

David Perera • August 11, 2022

U.S. companies could see new cybersecurity rules and restrictions on consumer data collection under a rule-making process initiated by the FTC. No regulatory outcome is guaranteed, but today's advanced notice of proposed rule-making is a first step to new data security and privacy regulations.

Cyberwarfare / Nation-State Attacks

Cyber Operations Keep Affecting Civilians as War Continues

Anna Delaney • August 11, 2022

The ISMG Security Report discusses how cyberattacks and operations tied to the Russia-Ukraine war have been affecting civilians since the start of Russia's invasion, whether a practicing cardiologist living in Venezuela is also a ransomware mastermind and effective bot management tooling strategies.

Application Security

Secrets in the Code: Open-Source API Security Risks

Steve King • August 11, 2022

In this episode of "Cybersecurity Unplugged," Apiiro's Moshe Zioni, vice president of security research, discusses the company's "Secrets Insights 2022" report on the real-world risks of hardcoded secrets across the software supply chain and how to mitigate the potential damage they can cause.

Black Hat

Krebs to Vendors at Black Hat: No More 'Band-Aid' Approach

Michael Novinson • August 11, 2022

Black Hat USA 2022 opened with somber warnings from Chris Krebs about why application developers, vendors and the government need to solve major industry challenges. Key security executives also discussed DNS visibility, cloud security, patch management, APT strategies and supply chain woes.

Fraud Management & Cybercrime

Hardware MFA Stops Attack on Cloudflare

Mihir Bagwe • August 10, 2022

Cloudflare credits hardware multifactor authentication with preventing bad actors behind a targeted phishing campaign from gaining access to its internal systems. Although attackers siphoned employee credentials, the hard key authentication requirement stopped attackers from snatching a soft token.

Fraud Management & Cybercrime

Microsoft Patches 'DogWalk' Zero-Day in August Patch Tuesday

Prajeet Nair • August 10, 2022

More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk. The fix is part of the operating system giant's newest Patch Tuesday dump, which includes patches for 141 flaws.

Black Hat

Black Hat 2022 Opens Today With Focus on Emerging Threats

Michael Novinson • August 10, 2022

Black Hat 2022 kicks off today with security experts sharing cutting-edge research and insights through demos, technical trainings and hands-on labs. Keynote speaker Chris Krebs will discuss risk trends in cybercrime, geopolitical threats and what they mean for tomorrow's network defenders.

Black Hat

Lacework's Kate MacLean on Securing Users Across Many Clouds

Michael Novinson • August 10, 2022

Lacework has used the $1.3 billion raised to strengthen its multi-cloud support, giving customers better visibility across development and production environments. The company is able to identify elusive threats and zero-day vulnerabilities by finding spikes in anomalous activity.

Black Hat

Aparna Rayasam on How Trellix Plans to Boost XDR Protection

Michael Novinson • August 10, 2022

An open architecture, a single pane of glass and robust endpoint security are vital to fueling Trellix's growth in XDR, says Chief Product Officer Aparna Rayasam. Trellix has given customers a unified view into their security posture for configuration, reporting and forensic purposes.