Industry News: Cyber

Know Your Breach: CNO Financial Group

The Target: Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group

The Take: Personal information including names, social security numbers, dates of birth, and policy numbers.

The Vector: SIM-swapping attacks involve fraudsters tricking customer support staff at a cellphone operator into giving them control of someone else's phone number. This allows the fraudster to receive the victim's phone calls and SMS messages, including two-factor authentication tokens.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Benefits And Cautions Of Aligning With Cybersecurity Frameworks

2024-02-13

Forbes: Enterprise security teams continually assess shifting security concerns and implement mitigating controls to reduce the organization's risk. However, with the pressing need to respond to threats, many organizations have implemented specific controls to mitigate single risks, creating the potential for dangerous gaps in coverage.

Tech Companies Plan to Sign Accord to Combat AI-Generated Election Trickery

2024-02-13

SecurityWeek: At least six major technology companies are planning to sign an agreement this week that would guide how they try to put a stop to the use of artificial intelligence tools to disrupt democratic elections. The upcoming event at the Munich Security Conference in Germany comes as more than 50 countries are due to hold national elections in 2024.

Prudential Says Hackers Gained Access to Its Computer Systems

2024-02-13

BNN Bloomberg: Prudential Financial Inc. said hackers it believes to be part of a cyber-crime group gained access to some of its information-technology systems and a small percentage of user accounts associated with employees and contractors.

Ivanti Gets Poor Marks for Cyber Incident Response

2024-02-13

Dark Reading: Here's what's clear about the current cybersecurity state of Ivanti's VPN appliances — they have been widely vulnerable to cyberattack, and threat actors are onto the possibilities. It's up to enterprise cyber teams to decide what comes next.

Willis Lease Finance Corp Discloses Cyberattack

2024-02-13

SecurityWeek: Aircraft parts dealer Willis Lease Finance Corporation (WLFC) has informed the US Securities and Exchange Commission (SEC) that it fell victim to a cyberattack. According to the SEC filing, the incident was flagged on January 31, when unauthorized activity was detected on portions of its systems.

Bank of America Warns Customers Of Data Breach After Vendor Hack

2024-02-12

Bleeping Computer: Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year.

Banks Report an Increase in 'High Impact' Breaches as Federal Cybersecurity Bill Idles

2024-02-12

CBC: The number of "high impact" cyber incidents reported by Canada's banks nearly tripled last year, according to the industry's watchdog. The increase comes as a federal bill meant to protect Canada's critical systems — including financial systems — has been sitting idle in parliamentary limbo for months.

Know Your Breach: Verizon

The Target: Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and internet services to over 150 million subscribers across the U.S.

The Take: The data that was exposed varies per employee but could include: full name, physical address, social security number (SSN), National ID, gender, union affiliation, date of birth, compensation information.

The Vector: A data breach notification shared with the Office of the Maine Attorney General revealed that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023.

This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Ransomware Payments Reached Record $1.1 Billion In 2023

2024-02-07

Bleeping Computer: Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.

Endpoint Security Startup NinjaOne Lands $231.5 Million at $1.9 Billion valuation

2024-02-07

Yahoo Finance: Just two years ago, VC funding to cybersecurity startups was on fire. Indeed, $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that -- the result of the exceptional surge in 2021, bloated valuations and investors wary of market instability.

Fortinet Beats Q4 Profit on Cybersecurity Demand, Shares Jump

2024-02-06

US News: Fortinet reported fourth-quarter profit above analysts' estimates, as enterprises spent more to safeguard their digitized operations against the rising risk of attacks, sending the cybersecurity company's shares up 10.4% in extended trading.

The Impact Of AI On Post-Quantum Cybersecurity

2024-02-06

Forbes: These days, major debates are happening around artificial intelligence (AI) and the future of the human race. Whether you believe that advanced AI will better humanity or force us off the planet, I would propose that we have a more pressing problem.

ZeroFox Holdings To Be Acquired By Haveli Investments For About $350 Mln

2024-02-06

Nasdaq: ZeroFox Holdings, Inc., a provider of external cybersecurity, said it has agreed to be acquired by Haveli Investments, a technology-focused private equity firm, in an all-cash transaction with an enterprise value of about $350 million.

Britain, France Lead 35 Nation Agreement on Controlling Spyware, Mercenary Hackers

2024-02-06

US News: Countries led by Britain, France and the United States and tech firms including Google, Microsoft and Meta signed a joint statement recognising the need for more action to tackle malicious use of cyber spying tools.

Deepfake-Generating Apps Explode, Allowing Multimillion-Dollar Corporate Heists

2024-02-05

Dark Reading: Deepfake creation software is proliferating on the Dark Web, enabling scammers to carry out artificial intelligence (AI)-assisted financial fraud with previously unheard of creativity and scope.

Know Your Breach: Direct Trading Technologies

The Target: Direct Trading Technologies (DTT) is an international fintech company offering trading platforms for stocks, forex, precious metals, energies, indices, Contracts for Difference (CFDs), and cryptocurrencies.

The Take: The leaked data included the trading activity of over 300,000 users spanning the past six years, along with names, email addresses, emails sent by the company, and IP addresses.

The Vector: In October 2023, a research team discovered a misconfigured web server with backups and development code references allegedly belonging to the fintech company Direct Trading Technologies. The discovered directory included multiple database backups, each holding a significant amount of sensitive information about the company’s users and partners.

With the fintech industry experiencing rapid growth, this leak stands as a clear reminder of the critical role of robust cybersecurity measures. Fintech companies manage and store exceptionally sensitive customer data. This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

US Disrupted Chinese Hacking Operation That Targeted Routers

2024-01-31

BNN Bloomberg: A US operation disrupted a Chinese state-sponsored hacking effort in which spies hijacked a large network of devices to target water facilities and the power grid, among other targets, officials from the Federal Bureau of Investigation and the Department of Justice said.

US Sanctions Two ISIS-Affiliated ‘Cybersecurity Experts’

2024-01-31

SecurityWeek: The sanctioned individuals are both Egyptian nationals. One of them is Mu’min Al-Mawji Mahmud Salim, the creator of a platform named Electronic Horizons Foundation (EHF), which provides cybersecurity training and guidance to ISIS supporters.

Cyber Crime Damage Costs Firms Up To $5 Million Annually, Says Barracuda

2024-01-31

Security Brief: The annual cost of recouping from cyber crime for businesses can reach as much as $5 million, according to a new Cybernomics 101 report from Barracuda Networks, a leading provider of cloud-first security solutions.

New SEC Cyber Disclosure Rules Will Force Companies to Develop Incident Response Plans

2024-01-31

CPO Magazine: To many, the new SEC rules that require public companies to disclose “material” cybersecurity incidents within four days of determining their materiality may seem like a challenging, if not unreasonable, demand.

20 Essential Factors To Consider When Vetting Cybersecurity Platforms

2024-01-30

Forbes: In an increasingly digital work world, companies across industries collect and manage sensitive data. And just as companies are finding new and sophisticated ways to leverage that data, hackers are finding new and sophisticated ways to breach cyber defenses.

SolarWinds Files Motion to Dismiss SEC Lawsuit

2024-01-29

Dark Reading: In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information security officer with mishandling the now-infamous, 2020, Russian-backed cyber espionage attack on its Orion platform.

Canada Wakes Up To China, Russia, Iran Threat To Intellectual Property

2024-01-29

CSO Online: It is as if a light went on within the Canadian government this month as it took steps to tighten control over the risk presented by China, Russia, and Iran to sensitive research being funded by the federal government.