Latest

Cyberwarfare / Nation-State Attacks

Hackers Impersonate Meta Recruiter to Target Aerospace Firm

Prajeet Nair  •  October 1, 2023

Researchers discovered an undocumented backdoor being used by the North Korean Lazarus Group to target a Spanish aerospace company. The attacker masquerading as a Meta recruiter and tricked the victim into downloading and executing malicious files on a company device.

►

Governance & Risk Management

Editors' Panel: What Impact Will Cisco's Splunk Acquisition Have on Industry?

Anna Delaney  •  September 29, 2023

In our latest weekly update, ISMG editors discuss key takeaways from a forum on developing a strategy for OT security, guidance issued by the U.S. Food and Drug Administration on cybersecurity in medical devices, and how the acquisition of Splunk by Cisco might impact the cybersecurity industry.

Network Detection & Response

IronNet Ceases Operations, Terminates All Remaining Staffers

Michael Novinson  •  September 29, 2023

The firm founded by retired four-star Army Gen. Keith Alexander and once valued at $1.2 billion has officially turned off the lights. IronNet Friday ceased business operations and terminated remaining employees after probing alternatives and finding additional sources of cash unavailable.

Security Operations

Nord Security Raises $100M on $3B Valuation to Go After M&A

Michael Novinson  •  September 28, 2023

The maker of the world's most popular VPN service hauled in $100 million on a $3 billion valuation to accelerate growth through mergers and acquisitions. The Warburg Pincus-led investment will allow the Lithuania-based internet privacy and security vendor to expand its product offering.

Cybercrime

Infusion Firm Faces Lawsuit After Hackers Hit Parent Company

Marianne Kolbasuk McGee  •  September 28, 2023

Specialty infusion company Amerita is facing a proposed federal class action lawsuit in the wake of a March cyberattack on its parent company, PharMerica, which reported a breach affecting nearly 6 million individuals. Amerita recently reported its own breach that affected about 220,000 people.

Artificial Intelligence & Machine Learning

White House Set to Publish AI Executive Order This Fall

Rashmi Ramesh  •  September 28, 2023

U.S. President Joe Biden says he expects to soon sign an executive order detailing how the United States can harness opportunities of artificial intelligence while protecting citizens from "profound" risks. The United States is far from enacting comprehensive AI regulation.

►

Artificial Intelligence & Machine Learning

Cyber Fail: More Bumbling Cybercrooks, Avoidable Breaches

Anna Delaney , Cal Harrison  •  September 28, 2023

Welcome to "Cyber Fail" - ISMG's roundup of all that's broken in the world of cybersecurity, where our panel of experts uncovers the fails so we can strengthen our defenses. In this episode, ISMG host Anna Delaney takes on bumbling cybercrooks, avoidable breaches and the ethics of paying a ransom.

Endpoint Security

FDA Finalizes Guidance Just as New Device Cyber Regs Kick In

Marianne Kolbasuk McGee  •  September 27, 2023

The FDA has issued final guidance on how medical device makers should approach cybersecurity in their products to meet new requirements for including cyber details in their premarket product submissions. Starting Oct. 1, the FDA will "refuse to accept" submissions lacking those details.

Governance & Risk Management

Why OT Security Keeps Some Healthcare Leaders Up at Night

Marianne Kolbasuk McGee  •  September 27, 2023

It's not just medical device cybersecurity that's keeping some healthcare security leaders up at night - it's also the risks posed by other critical connected gear that patients and clinicians depend upon, said Ali Youssef, director of medical device and emerging tech security at Henry Ford Health System.

Big Data Security Analytics

Why Palo Alto Is Eyeing Data Defense Firm Dig at $300M-$400M

Michael Novinson  •  September 27, 2023

A data security startup led by a Microsoft and Google veteran and backed by Samsung and CrowdStrike could soon be acquired by Palo Alto Networks. The company is in advanced talks to buy data security posture management startup Dig Security for between $300 million and $400 million.

Cybercrime

Sony Investigating Potential Data Breach

David Perera  •  September 26, 2023

Sony is investigating an apparent leak of internal data posted onto the dark web and a criminal hacking board by separate criminal actors. Sony is saying little other than, "We are currently investigating the situation, and we have no further comment at this time."

Multi-factor & Risk-based Authentication

CISA Urges Americans to Apply MFA, 'Think Before They Click'

Michael Novinson  •  September 26, 2023

CISA Director Jen Easterly urged citizens to boost their defenses by choosing strong passwords, opting for multifactor authentication, reporting phishing and enabling automatic software updates. Easterly said users should choose passwords that are complex and unique to each sensitive account.