Police cracked encrypted chat messages to bust organized crime group

Read More

Concerns rise that ransomware group used access to target customers

Read More

I hate to do this but consider the following thought exercise: Transport yourself back to fall 2020 when literally the entire world was waiting for a COVID vaccine. We knew there were a few candidates (in fact, one mRNA vaccine was formulated in late January) and were just waiting on the proof – the efficacy studies. Most of the world was elated to find out in early December 2020 that efficacy rates were 95%. Of course, some folks needed to know that a typical flu vaccine provides about 60% efficacy.

Now consider how you would have felt if, instead of conducting randomized control trials that tested outcomes from the vaccine, Pfizer and Moderna had asserted that the vaccine would work because the scientists who created it had strong credentials, the lab environment was properly managed, procedures were impeccably followed, and all the paperwork was in order. I’m not sure about you, but I would have been devastated and probably irate.

To read this article in full, please click here

Read More

Whether we wish to admit it, the way the internet is used is in the midst of a major morph due to the consequences of Russia’s invasion of Ukraine. Russia is moving to cut off internet access to Ukraine and to limit internet access to its own populace. Ukraine is seeking to limit Russia’s disinformation and ability to conduct commerce. Organizations continue to navigate their way through a world of sanctions and direct government requests to take specific actions

While the situation may appear to be black and white, it is, in reality, several shades of gray and is happening in the midst of the internet’s transition to multistakeholder governance. On March 10, 2022, the internet community issued a paper titled “Multistakeholder Imposition of Internet Sanctions.” This “conversation document,” signed by a plethora of individuals from companies and organizations, posited seven principles:

To read this article in full, please click here

Read More

Cybersecurity and risk expert David Wilkinson has heard some executives put off discussions about risk acceptance, saying they don’t have any appetite or tolerance for risk.

“But every organization has to have some level of risk acceptance,” says Wilkinson, senior managing partner with The Bellwether Group, a firm providing security and risk services. Otherwise, they’d be unable to function.

Yet there are indicators that many CISOs aren’t having productive conversations around risk acceptance.

According to Gartner research, only 66% of CISOs identified as top performers collaborate with senior business decision-makers to define their organization’s risk appetite. (The number drops to only 37% of CISOs identified by Gartner as “bottom performers.”)

To read this article in full, please click here

Read More

Ransomware group LAPSUS$ has claimed to have breached the internal systems of cloud-based authentication software provider Okta.

The breach was first flagged on Twitter by Bill Demirkapi, a senior security engineer at video conferencing company Zoom, at 8:15pm Pacific Time on Monday night.

According to the LAPSUS$ screenshots, taken from the secure messaging service Telegram and posted online by Demirkapi and others, the ransomware group said it did not target Okta’s databases, instead focusing on Okta customers. It also showed possible superuser access, and screenshots of Okta’s internal Jira and Slack instances.

To read this article in full, please click here

Read More

Annie Winterfield Manriquez becomes state’s first senior advisor for Cybersecurity and Critical Infrastructure

Read More

Commission orders e-commerce platform to compensate small businesses and improve security

Read More

Social Security numbers at risk in state’s largest reported breach since notification law enacted

Read More

The RansomEXX ransomware gang has seen fit to publish on the dark web 12GB of data stolen from SAMH, including unredacted photographs of individuals’ driving licences, passports, personal information such as volunteers’ home addresses and phone numbers, and – in some cases – even passwords and credit card details.

Read more in my article on the Hot for Security blog.

Read More