Latest

Anti-Money Laundering (AML)

Crypto Advocates Decry Bill That Could Ban Transactions

Dan Gunderman  •  January 27, 2022

Lawmakers on the House Committee on Financial Services this week announced nine provisions of its America COMPETES Act of 2022 - one of which has been criticized by cryptocurrency proponents for potential privacy and due process concerns.

3rd Party Risk Management

SEC Chair Seeks to 'Modernize' Cybersecurity Regulations

Devon Warren-Kachelein  •  January 27, 2022

U.S. Security and Exchange Commission Chair Gary Gensler wants to broaden cybersecurity regulations. Among his concerns are the rising threat of cyberattacks due to the tensions between Russia and Ukraine, and a need to harmonize communications between financial firms and third-party vendors.

Cloud Security

Microsoft Mitigates 'Largest Known DDoS Attack'

Mihir Bagwe  •  January 27, 2022

Microsoft successfully mitigated a 3.47 Tbps distributed denial-of-service attack that was targeted at one of its Azure customers from Asia, the company reports in an Azure blog post on DDoS attack trends for Q3 and Q4. The tech giant says that it believes this is the largest attack ever reported.

►

Governance & Risk Management

Spotting Cybersecurity Gaps, Becoming More Systems-Focused

Brian Barnier  •  January 27, 2022

Lisa Young prepares security teams to protect and defend their organizations from cybercriminals by seeing the things that others miss and asking the questions that others are too afraid to ask. She discusses how critical thinking improves cybersecurity.

Business Continuity Management / Disaster Recovery

New Strategy Funds UK Public Services' Cyber Resilience

Tony Morbin  •  January 27, 2022

U.K. local authorities are to receive 37.8 million pounds from the government to boost cyber resilience in essential public services, and a Government Cyber Coordination Center is being established under a new U.K. Cyber Security Strategy announced this week.

Application Security

Report: Access Broker Exploiting VMware Log4j Vulnerability

Dan Gunderman  •  January 26, 2022

The risks posed by Apache Log4j continue, as a previously seen initial access broker group with the codename Prophet Spider IAB appears to be targeting vulnerabilities in Apache's logging utility to infiltrate the virtualization solution VMware Horizon, researchers at BlackBerry warn.

Breach Notification

Kentucky Hospital Still Struggles One Week After Cyberattack

Marianne Kolbasuk McGee  •  January 26, 2022

Taylor Regional Hospital, a 90-bed facility in Campbellville, Kentucky, is still struggling one week after a cyber incident brought down its phone systems, internet services, email and other systems. Patient care services have also been affected.

Breach Notification

Proposed Settlement Calls for Health Plan to Bolster Security

Marianne Kolbasuk McGee  •  January 26, 2022

Following a trend seen in similar cases, a proposed settlement in a class action lawsuit filed against health insurer Excellus in the wake of a cyberattack discovered in 2015 that affected 10.5 million individuals calls for the company to bolster its security.

3rd Party Risk Management

New WordPress Vulnerability Affects AdSanity Plug-in

Soumik Ghosh  •  January 26, 2022

Not even one week after a massive supply chain attack that compromised 93 WordPress plug-ins and themes, a new critical vulnerability with RCE capabilities and a CVSS score of 9.9 was discovered Tuesday, impacting yet another WordPress plug-in, AdSanity.

Business Continuity Management / Disaster Recovery

Ransomware Trends: Volume of Known Victims Remains Steady

Mathew J. Schwartz  •  January 26, 2022

Despite Western governments' increased focus on disrupting ransomware, the quantity of new victims doesn't appear to have declined, at least so far. But multiple experts say that nation-state efforts to combat cybercrime syndicates are still picking up speed and may well yet have an impact.

Cybercrime

Hacktivists Hit Belarusian Railroad to Stop Russian Troops

Mihir Bagwe  •  January 26, 2022

A hacktivist group named Belarusian Cyber-Partisans says it has successfully attacked the country's railroad systems and encrypted some servers, databases and workstations to disrupt its operations. The group says its aim is "preventing the presence of Russian troops on the territory of Belarus."

Business Continuity Management / Disaster Recovery

US, NATO Discuss Ukrainian Cyber Aid Amid Tensions

Dan Gunderman  •  January 25, 2022

As tensions continue to flare between Ukraine and Russia, which has amassed at least 100,000 troops along Ukraine's eastern border, the U.S. continues to mull intervention, a part of which includes bolstering Ukraine's cyber defenses. This comes as experts warn that cyberwarfare could play an increasingly significant...