Latest

Application Security

Twitter Reportedly Fires Head of Security, CISO to Leave

Prajeet Nair  •  January 22, 2022

Twitter has said it is firing Peiter Zatko, the network security expert that it hired on November 2020 as head of security. The changes in the security team followed “an assessment of how the organization was being led,” according to a company memo shared with The New York Times.

3rd Party Risk Management

New FS-ISAC Program Boosts Supply Chain Security Dialogue

Devon Warren-Kachelein  •  January 21, 2022

FS-ISAC is piloting a new program called the Critical Providers Program that is aimed to heighten the conversation between leaders of security firms and their third-party partners. The program leverages the Connect platform, and Akamai Technologies plays a key role.

►

Application Security

ISMG Editors: Will Ransomware Kill Cyber Insurance?

Anna Delaney  •  January 21, 2022

In the latest weekly update, four ISMG editors discuss the state of cyber insurance today and why its future is uncertain; applying a security-by-design reliability model to analyze vulnerabilities; and how Russia takes down members of the REvil ransomware group as cyber aggressions in Ukraine rise.

►

3rd Party Risk Management

From the Trenches: Remediating Widespread Apache Log4j Flaw

Mathew J. Schwartz  •  January 21, 2022

Although flaws in Apache Log4j software that need remediating remain widespread in organizations, "some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years," says Jeff Macko, an offensive security expert at Kroll.

Blockchain & Cryptocurrency

Crypto.com Confirms Breach, Nearly $34 Million in Losses

Dan Gunderman , Devon Warren-Kachelein  •  January 21, 2022

Singaporean cryptocurrency exchange Crypto.com confirms that its platform fell victim to a multimillion-dollar cyberattack. In a postmortem entry on its site, Crypto.com says unauthorized withdrawals targeted Ethereum and Bitcoin of 483 users. Associated losses were near $34 million.

Application Security

Ukraine Cyber Attacks: A Case of Hacktivism?

Anna Delaney  •  January 21, 2022

The latest edition of the ISMG Security Report features an analysis of whether the cyberattacks that hit Ukraine's government agencies last week are attributable to any group or nation-state along with updates to the cybersecurity executive order and illicit cryptocurrency trends.

Endpoint Security

Israeli Officials Deny Claims of Improper Spyware Use

Dan Gunderman  •  January 20, 2022

New developments have emerged in the case of the Israel Police allegedly using the flagship spyware of NSO Group, Pegasus, on its own citizens, with reported targets including critics of former Prime Minister Benjamin Netanyahu, among others. Following a bombshell local report, high-ranking Israeli officials have...

Cloud Security

Biden Memo Orders Cybersecurity Improvements

Dan Gunderman  •  January 20, 2022

U.S. President Joe Biden today signed a National Security Memorandum that aims to improve the cybersecurity of national security systems. The memo gives new powers to the NSA to oversee cybersecurity improvements such as the use of the multifactor authentication, encryption and endpoint detection services.

Application Security

Log4Shell Update: VMware Horizon Targeted

Prajeet Nair  •  January 19, 2022

Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.

Business Continuity Management / Disaster Recovery

JPMorgan Chase Invests $12 Billion in Security Updates

Devon Warren-Kachelein  •  January 19, 2022

JPMorgan Chase will earmark $12 billion for technological updates - including cloud migration, upgrading legacy architecture, data strategy, and emerging technologies. About half of this budget will go toward security modernization, while the other half will be invested into digital innovation.

Endpoint Protection Platforms (EPP)

McAfee Enterprise and FireEye Products Rebrand as Trellix

Mathew J. Schwartz  •  January 19, 2022

Endpoint detection and response software news: The entity formerly known as McAfee Enterprise and FireEye Products has a new name: Trellix. Think of a "security trellis to businesses across the globe, giving them support they need to keep them safe," says CEO Bryan Palma. Will customers and prospects buy in?

Fraud Management & Cybercrime

NSO Group Spyware Reportedly Used by Israeli Police Force

Dan Gunderman  •  January 18, 2022

Spyware from controversial Israeli firm NSO Group was reportedly used by the nation's civilian police force, according to a new report from an Israeli business publication. Its findings allege that the Israel Police conducted warrantless phone taps on Israeli politicians and activists, among others.