Erin Baudo Felder, Okta's vice president of social impact and sustainability (Image: Okta)

Okta to Spend $1M Helping Nonprofits Improve Their Security

Michael Novinson • July 1, 2022

Identity titan Okta has awarded $1.02 million in grants to groups focused on linking nonprofits with the talent needed to configure and manage security technology. Nonprofits have limited access to infrastructure and human capital to address their cybersecurity needs, and Okta hopes to change that.

Biometrics

XM Cyber Buys Cyber Observer to Better Spot Cyber Exposures

Latest

Cybercrime

Evilnum Hacking Group Updates TTPs Targeting Fintech

Prajeet Nair • July 2, 2022

The Evilnum hacking group has updated its tactics, techniques and procedures, now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. First seen in 2018, the group mainly targets fintech firms in the U.K. and Europe.

Cryptocurrency Fraud

US DOJ Targets Baller Ape Rug Pull and Other Crypto Fraud

Prajeet Nair • July 1, 2022

The U.S. Department of Justice is touting a string of indictments against accused cryptocurrency and NFT fraudsters, including against a Vietnamese man who is allegedly behind the Baller Ape rug pull, the largest such NFT fraud to date. Rug pulls are the largest form of cryptocurrency-based crime.

Critical Infrastructure Security

Indian Stock Exchanges Have 6 Hours to Report Cyber Incident

Mihir Bagwe • July 1, 2022

India's stock brokers and depository participants must now report all cyberattacks and breaches to the Securities and Exchange Board of India within six hours of detection under a mandate implementing what is likely the world's tightest breach reporting timeline requirement.

Cyberwarfare / Nation-State Attacks

ISMG Editors: Russia's War Has Changed the Cyber Landscape

Anna Delaney • July 1, 2022

Four ISMG editors discuss important issues, including how Russia's cyber and kinetic wars in Ukraine have changed the cybersecurity landscape, what recent layoffs at cybersecurity firms mean for the industry and how cybercriminals are taking a page out of the white hat hacker playbook

3rd Party Risk Management

Malware Disrupts Multiple US State Unemployment Websites

Mihir Bagwe • July 1, 2022

Unemployment benefits websites across the United States are offline after a malware attack was detected at third-party vendor Geographic Solutions Inc. The vendor, which serves dozens of state labor departments, says no personally identifiable information has been affected by the attack.

Governance & Risk Management

The Mounting Threats to Sensitive Data After Roe v. Wade

Marianne Kolbasuk McGee • July 1, 2022

Location data, browser history, IP addresses, and appointment scheduling are among the sensitive data putting individuals' privacy at risk in the wake of the decision to overturn Roe v. Wade, says Alexandra Reeve Givens of the Center for Democracy and Technology.

Critical Infrastructure Security

OT Security: Has the Industry Made Progress?

Suparna Goswami • July 1, 2022

OT security has been at the center of the security conversation ever since the Colonial Pipeline attacks. Scott Flower, the founder of Pareto Cyber and a former global intelligence officer at FS-ISAC, discusses the challenges in OT security and where the industry needs to go.

Email Security & Protection

OpenSea Customer Emails Exposed in Third-Party Breach

Mihir Bagwe • June 30, 2022

Emails shared with NFT marketplace OpenSea were disclosed to an unauthorized external party, the company is warning patrons. Anyone who shared an email address should be on guard for phishing attacks. The cause was a rogue employee at a third-party email delivery vendor.

Governance & Risk Management

HHS Tackles Data Privacy Concerns Linked to Abortion Ruling

Marianne Kolbasuk McGee • June 30, 2022

Federal regulators issued health privacy guidance for medical providers and patients and promised to make privacy violations a top HIPAA enforcement priority in the wake of the U.S. Supreme Court overturning Roe v. Wade, the five-decade precedent that guaranteed nationwide access to abortion.

Cybercrime

Ukrainian Cops Arrest Phishing Gang That Stole $3.4 Million

Prajeet Nair • June 30, 2022

Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.

Email Security & Protection

The Criticality of Reporting Cybercrimes

Anna Delaney • June 30, 2022

For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.

CISO Trainings

Profiles in Leadership: Rob Hornbuckle

Mathew J. Schwartz • June 30, 2022

Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.