Image: Shutterstock

North Korean Hackers Find Value in LinkedIn

Akshaya Asokan • March 13, 2023

Business social media platform LinkedIn continues to pay dividends for North Korean hackers, including one group historically concentrated on South Korean targets that has expanded into pursuing security researchers and media industry workers in the West.

Anti-Phishing, DMARC

Chris Inglis Steps Down as White House Cybersecurity Adviser

Latest

Events

'Stronger Together' - Preview of RSA Conference 2023

Tom Field • March 28, 2023

"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.

Video

Essential Steps to Building a Robust API Security Program

Anna Delaney • March 28, 2023

Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."

Artificial Intelligence & Machine Learning

ChatGPT Exposed Payment Card Data of Subscribers

Prajeet Nair • March 26, 2023

A now-patched bug that caused OpenAI to take down the ChatGPT chatbot for nine hours on Monday also revealed the last four digits of payment cards, the company disclosed Friday. One user said he saw the history of another account including the topics "phobia of rats" and "sexist music video clips."

Cyberwarfare / Nation-State Attacks

US Sends Cyber Team to Aid Albania's Cyber Defenses

Mihir Bagwe • March 24, 2023

The United States sent its top cyber offensive team to NATO ally Albania to help secure the nation's critical infrastructure networks. The Cyber National Mission Force helped find cyberthreats and vulnerabilities on networks likely targeted last year by Iranian threat actors.

Incident & Breach Response

Corelight Pursues IR Partnerships, Smaller Enterprise Deals

Michael Novinson • March 24, 2023

Corelight has cemented partnerships with incident response firms and extended its capabilities from large enterprises to midsized enterprises to further the reach of its technology. Corelight allows its product to be used by CrowdStrike's incident response team during network-based investigations.

Cyberwarfare / Nation-State Attacks

ISMG Editors: What's Next in Russia's Cyber War?

Anna Delaney • March 24, 2023

In the latest weekly update, ISMG editors discuss how Russia's invasion of Ukraine upended the cybercrime ecosystem, a lawsuit against a U.S. cardiovascular clinic that seeks a long list of security improvements, and the latest endpoint protection technology trends in the Gartner Magic Quadrant.

Cyber Insurance

Lawmakers Weigh Laws Proposed in Biden's Cyber Strategy

Cal Harrison • March 23, 2023

Members of a U.S. House subcommittee got their first look at the Biden administration's new national cybersecurity strategy and quizzed the White House cybersecurity director on the timeline, proposed regulations and incentives for private businesses.

Breach Notification

Breach Roundup: Ferrari, Indian Health Ministry and the NBA

Mihir Bagwe • March 23, 2023

This week's roundup of cybersecurity incidents around the world includes attacks on luxury car manufacturer Ferrari, the Indian health system and a Dutch maritime logistics company. Other data breach incidents involve the NBA, Lionsgate, the city of Oakland, McDonald's and Samsung.

Card Not Present Fraud

Online Card Fraud Flourishes, Thanks to the Magnetic Stripe

Suparna Goswami • March 23, 2023

EMV chip technology has taken a major bite out of credit card fraud at the point of sale, but card-not-present fraud continues to flourish thanks to an age-old technology - the magnetic stripe, says Mark Solomon, international president, International Association of Financial Crimes Investigators.

Fraud Management & Cybercrime

TikTok CEO Aims to Assure Lawmakers Americans' Data Is Safe

Mathew J. Schwartz • March 23, 2023

TikTok CEO Shou Chew appeared Thursday before the U.S. congressional panel to defend his company against accusations that it's imperiling Americans' national security, privacy and mental health. Lawmakers pressed Chew on the company's Chinese ownership, source code and privacy practices.

Identity & Access Management

Splashtop Buys Foxpass to Bring Enterprise IAM to the Masses

Michael Novinson • March 23, 2023

Remote access provider Splashtop has bought server and network access management vendor Foxpass to get better visibility across co-managed and multi-tenant environments. The acquisition of Foxpass will simplify the onboarding experience for developers while ensuring passwords aren't being shared.

Cloud Security

Orca Promotes CPO Gil Geron to CEO to Drive Efficient Growth

Michael Novinson • March 22, 2023

Orca Security has promoted Chief Product Officer Gil Geron to CEO to help the agentless cloud security vendor maintain its market leadership and rapid growth. The leadership swap at Portland, Oregon-based Orca will result in Avi Shua moving to the newly created position of chief innovation officer.