Lloyd's of London Detects Suspicious Network Activity

Akshaya Asokan • October 6, 2022

Lloyd's of London is probing a possible cybersecurity incident that led it to yank some systems offline. Details are scarce at the moment, including whether the incident is malicious or involves ransomware and who may have instigated the incident.

Breach Notification

Optus Attacker Halts AU$1.5 Million Extortion Attempt

Latest

Blockchain & Cryptocurrency

Hacker Exploits Bug to Steal Millions from Binance Bridge

Rashmi Ramesh • October 7, 2022

Crypto exchange Binance paused its smart contract platform Binance Smart Chain after a hacker exploited an internal verification vulnerability to steal cryptocurrency from its cross-chain bridge. Binance has acknowledged a theft of at least $100 million; PeckShield says hackers stole $586 million.

Critical Infrastructure Security

Should Public Utilities Get Paid to Secure the Power Grid?

Cal Harrison • October 6, 2022

Made up of 3,000 public utilities, the U.S. power grid has many weak links in its cyber defenses. Regulators can fine utilities for service outages, but a proposed federal program and recent Purdue University study say financial incentives will help firms make the right security investments.

Managed Detection & Response (MDR)

Arctic Wolf Gets $401M From Owl Rock to Pursue Acquisitions

Michael Novinson • October 6, 2022

Security operations stalwart Arctic Wolf has taken on more than $400 million in debt to pursue acquisitions in the cloud, SIEM, endpoint and XDR markets. The money will fuel an upcoming launch in the Asia-Pacific region and expansion in markets such as South Africa, Benelux and the Nordics.

Cybercrime

Australia Police Charge Teen With Extorting Optus Victims

Mihir Bagwe • October 6, 2022

Police arrested a teenager in his suburban Sydney home for allegedly attempting to extort AU$2,000 from victims of the Optus data breach. The unnamed 19-year-old allegedly threatened to conduct financial crimes using the information of 93 individuals unless he received a payout.

Fraud Management & Cybercrime

NetWalker Ransomware Affiliate Faces 20 Years in US Prison

David Perera • October 5, 2022

Canadian Sebastien Vachon-Desjardins received a 20 year prison sentence from a U.S. judge based in Florida after copping to four felonies stemming from a stint as an affiliate of the NetWalker ransomware-as-a-service gang. "This is Jesse James meets the 21st century," said Judge William F. Jung.

Attack Surface Management

Pen Test Firm NetSPI Gets $410M Boost From KKR to Fuel M&A

Michael Novinson • October 5, 2022

Rising offensive cyber star NetSPI has received a massive follow-up investment from KKR to pursue acquisitions and expand its technological and geographic footprint. KKR's $410 million bet comes on the heels of 50% organic sales growth for NetSPI in 2021 and 61% sales growth thus far in 2022.

Leadership & Executive Communication

Why Aren't More Women in Security Leadership Positions?

Anna Delaney • October 5, 2022

A man in the cybersecurity field is seven times more likely than a woman to have applied for or been offered the job of CISO, according to a new report from Accenture on the need for more inclusion in the workplace. Experts discuss strategies to close the gap and make hiring more inclusive.

Cloud Security

Lacework Co-CEO David Hatfield Out 4 Months After Layoffs

Michael Novinson • October 5, 2022

David "Hat" Hatfield has exited the co-CEO role at Lacework just four months after the cloud security vendor laid off 20% of its employees. The move will bring Lacework's co-CEO experiment to an end after just 14 months, with Facebook engineering head Jay Parikh moving forward as sole CEO.

3rd Party Risk Management

How to Deal With Endemic Software Vulnerabilities

Steve King • October 5, 2022

In this episode of "Cybersecurity Unplugged," Amit Shah, director of product marketing at Dynatrace, discusses the implications of the Log4Shell software vulnerability and the need for organizations to take an observability-led approach to software development and security going forward.

3rd Party Risk Management

Another Telco Breach Rocks Australia

Mihir Bagwe • October 4, 2022

Australia's largest telecom provider acknowledged Tuesday a data breach, but said the data came from a now-defunct employee rewards program from 2017. A company executive accused the hacker behind the breach of seeking to profit from a tense climate created by a much larger breach at rival Optus.

Blockchain & Cryptocurrency

Scammers Get Scammed, Crypto Worth Thousands Stolen

Rashmi Ramesh • October 4, 2022

A cryptocurrency thief is hacking into other scammers' fraudulent liquidity mining websites to reach directly into the digital wallets of victims. The threat actor, dubbed "Water Labbu" by Trend Micro, has so far filched 316,728 USDT and infected 45 fraudulent decentralized applications.

Artificial Intelligence & Machine Learning

Qualys Buys Blue Hexagon to Aid Secure Public Cloud Adoption

Michael Novinson • October 4, 2022

Qualys has purchased a startup founded by longtime Qualcomm leaders to help detect supply chain infections, crypto miners and unauthorized activity in the cloud. The deal will allow customers to detect active exploitation, identify advanced threats and create an adaptive risk mitigation program.