Marriott Confirms Data Breach, Says Core Network Unaffected

Mihir Bagwe • July 6, 2022

Hotel chain Marriott International Inc. confirmed reports of a data breach and attempted extortion incident. Unknown hackers claim to have stolen 20 gigabytes worth of data but the hospitality giant tells ISMG only one system was compromised and no critical business or customer data was exposed.

Breach Notification

Mitigating the Impact of Ransomware With Data Science

Latest

Big Data Security Analytics

IBM Buys Startup Databand.ai to Address Data Quality Issues

Michael Novinson • July 6, 2022

IBM has purchased a data observability startup to help organizations address data errors, pipeline failures and poor quality before it affects their bottom line. Databand.ai will help businesses ensure that trustworthy data is being put into the hands of the right users at the right time.

Fraud Management & Cybercrime

Feds Warn Healthcare Sector of 'Maui' Ransomware Threats

Marianne Kolbasuk McGee • July 6, 2022

Federal authorities are alerting healthcare and public health sector entities of threats involving North Korean state-sponsored "Maui" ransomware. Attackers use the malware to maliciously encrypt diagnostics procedures, medical imaging, and medical center intranet services.

Leadership & Executive Communication

Profiles in Leadership: Deborah Haworth

Anna Delaney • July 6, 2022

Expectations for CISOs and their teams are at an all-time high, says Deborah Haworth, CISO of Penguin Random House UK. "Over the past two years, we've had a number of organizations pivot the way they work, which brings increased security challenges" and increases pressure on employees, she says.

Security Information & Event Management (SIEM)

Swimlane Raises $70M to Grow Security Automation Outside US

Michael Novinson • July 6, 2022

Swimlane has raised $70 million to expand its clientele beyond the Fortune 2000 and acquire more customers in Europe and Asia-Pacific. The company plans to hire more personnel focused on sales, marketing and partnerships to make the company's low-code security automation platform accessible.

Cyberwarfare / Nation-State Attacks

US Government Picks Quantum-Resistant Encryption Algorithms

David Perera • July 5, 2022

The National Institute of Standards and Technology today announced a first group of encryption algorithms designed to withstand the assault of a future quantum computer. Selection of the four algorithms comes after six years of evaluation by the U.S. federal agency.

Cloud Security

RSA Conference 2022 Compendium: 150+ Interviews and More

Information Security Media Group • July 5, 2022

Welcome to ISMG's compendium of RSA Conference 2022. The 31st annual conference covered a wide range of topics including cybercrime, cyberwarfare, zero trust, supply chain risk, ransomware, OT security, cyber insurance and jobs. Access 150+ interviews with the top speakers and influencers.

Anti-Money Laundering (AML)

Leveraging Interindustry Data to Discover Mule Accounts

Suparna Goswami • July 5, 2022

How can you leverage artificial intelligence and make sense of data from different industries to determine whether a customer is creditworthy or whether an account is a mule account? Guy Sheppard, general manager of financial services at Aboitiz Data Innovation, discusses a case study.

Business Continuity Management / Disaster Recovery

US, Israel Initiate Cybersecurity Collaboration Program

Mihir Bagwe • July 4, 2022

The U.S. and Israel have agreed to a new joint cybersecurity program called BIRD Cyber to enhance the cyber resilience of both countries' critical infrastructures. Grants of up to $1.5 million will be given to entities who jointly develop advanced cybersecurity applications under this program.

3rd Party Risk Management

Constant Vigilance Demanded - Cyber 'Not Just Another Risk'

Tony Morbin • July 4, 2022

The Biden executive order on cybersecurity was a catalyst for action, with tight delivery times for steps including promotion of SBOMs and zero trust. The cyber-physical nexus and expanding threat surface mean it's not easy to maintain vigilance, but recognizing that is the first step.

Business Continuity Management / Disaster Recovery

Russian Hackers Target Private Ukrainian Energy Firm

Prajeet Nair • July 4, 2022

Ukrainian private energy firm DTEK Group alleges that the Russian Federation has carried out a cyberattack against its facilities, crippling its infrastructure in retaliation for its owners' support of the country's fight against Russian invaders.

Cryptocurrency Fraud

British Army's Twitter and YouTube Accounts Hijacked

Mihir Bagwe • July 4, 2022

The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and NFTs. The situation has now been resolved, but the U.K. Ministry of Defense says the investigation is ongoing.

Cybercrime

Evilnum Hacking Group Updates TTPs Targeting Fintech

Prajeet Nair • July 2, 2022

The Evilnum hacking group has updated its tactics, techniques and procedures and now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. First seen in 2018, the group mainly targets fintech firms in the U.K. and Europe.