Latest

Breach Notification

Senate Considering Several Cyber Measures in Annual NDAA

Dan Gunderman  •  November 29, 2021

Following the holiday recess, U.S. lawmakers are picking up several legislative priorities starting Monday, including progress on the annual defense spending bill, which contains amendments that would require incident reporting for critical infrastructure providers, among other measures.

3rd Party Risk Management

17 Scenes From the IRISSCON Irish Cybercrime Conference

Mathew J. Schwartz  •  November 29, 2021

The annual IRISSCOM cybercrime conference in Dublin aims to give attendees "an overview of the current cyberthreats facing businesses in Ireland and throughout the world" and how to best defend themselves, organizers say. Here are visual highlights from the conference's latest edition.

►

Cybercrime

The Best Gift for the Holidays? An Incident Response Plan

Anna Delaney  •  November 26, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why security teams are still unprepared for cyberattacks over weekends and holidays, which experts warn is when attackers love to strike.

Blockchain & Cryptocurrency

Cryptocrimes Proliferate: Ransomware, New Threat Campaigns

Prajeet Nair  •  November 24, 2021

Cryptocurrency exchange BTC-Alpha faces a ransomware attack; Morphisec researchers investigate malware that targets cryptocurrency, NFT communities on Discord; and RiskIQ researchers uncover fresh Aggah campaign that deploys clipboard hijacking code to swap a victim's cryptocurrency address.

3rd Party Risk Management

NHS Denies Data Was Exposed in Stor-a-File Hack

Mihir Bagwe  •  November 22, 2021

Reports of NHS data being exposed following a ransomware attack on U.K.-based data capture and storage company Stor-a-File are incorrect, an NHS Digital spokesperson tells ISMG. "Most NHS data was held offline and not affected in the Stor-a-File hack."

3rd Party Risk Management

Regulators: Banks Have 36 Hours to Report Cyber Incidents

Dan Gunderman  •  November 19, 2021

U.S. federal banking regulators have approved a new rule that will require banks to notify regulators no later than 36 hours after the organization determines it has suffered a qualifying "computer-security incident," the nation's top financial agencies announced this week.

►

3rd Party Risk Management

ISMG Editors: Cyberspace Solarium Commission Updates

Anna Delaney  •  November 19, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the status of the recommendations of the Cyberspace Solarium Commission today and what still needs to be enacted by the current Congress, addressing the increasing challenge of cyberattacks...

►

Business Continuity Management / Disaster Recovery

Ransomware Attackers: 'No Days Off!'

Tom Field  •  November 19, 2021

We know they are coming, and yet we are still ill-prepared. Cybereason surveyed 1,200 global cybersecurity professionals on ransomware. And while most are concerned about attacks, nearly one-quarter have no contingencies for weekends and holidays - the favored strike time. Sam Curry explains why.

Blockchain & Cryptocurrency

Cryptocurrency Conundrum: How to Make Dirty Bitcoins Clean?

Anna Delaney  •  November 19, 2021

The latest edition of the ISMG Security Report features an analysis of how cybercriminals are turning to cryptomixing services to conceal the proceeds of ransomware activities from law enforcement officials. Also featured: Criminals exploit a misconfigured FBI server and the future of zero trust.

Business Continuity Management / Disaster Recovery

US, UK, Australia Issue Alert on Iranian APT Groups

Prajeet Nair  •  November 18, 2021

Law enforcement and intelligence agencies in the U.S, U.K. and Australia have issued a joint advisory on unidentified Iran government-backed advanced persistent threat actors exploiting Fortinet and Microsoft Exchange ProxyShell vulnerabilities to attack organizations in their respective countries.

Data Loss Prevention (DLP)

Exfiltration Breach, Ransomware Attack Affect 800,000

Marianne Kolbasuk McGee  •  November 17, 2021

Two recent hacking incidents - one involving ransomware and the other involving the exfiltration of sensitive data for hundreds of thousands of individuals - are among the latest examples of the serious cybersecurity threats and risks facing healthcare organizations and their patients' information.

Blockchain & Cryptocurrency

Money Laundering Cryptomixer Services Market to Criminals

Mathew J. Schwartz  •  November 16, 2021

Cryptocurrency-using criminals continue to rely on services designed to launder their virtual currency to give them "clean coins" that are tougher for law enforcement to trace. Experts say such services are widely marketed on cybercrime forums, and sometimes provided directly to ransomware groups' affiliates.