What Should India's New Data Protection Bill Look Like?

Suparna Goswami • August 5, 2022

The Indian government has scuttled its personal data protection bill after the proposal grew in scope beyond data protection "and was creating degrees of complexity." Arrka Consulting CEO Shivangi Nadkarni shares her views on what the new bill must incorporate.

Application Security

Ping Identity to Go Private in $2.8B Thoma Bravo Acquisition

Latest

Cybercrime

Twitter Confirms Zero-Day Bug That Exposed 5.4M Accounts

Prajeet Nair • August 6, 2022

Twitter confirms that a zero-day vulnerability allowed threat actors to gain access to the personal information of 5.4 million user account profiles. The company was notified about this specific vulnerability in Twitter's systems through their bug bounty program in January.

Blockchain & Cryptocurrency

US Extradites Russian Accused of Crypto Laundering

Prajeet Nair • August 5, 2022

Accused cryptocurrency money launder Alexander Vinnik made his first appearance in U.S. federal court today. The Russian national faces 55 years imprisonment for his alleged involvement in laundering hacking proceeds through bitcoin on the BTC-e cryptocurrency exchange.

Finance & Banking

FFIEC Solicits Comments on Cybersecurity Assessment Tool

David Perera • August 5, 2022

The Federal Financial Institutions Examination Council is asking for comments regarding the Cybersecurity Assessment Tool, the ostensibly voluntary way for banks and credit unions to self-assess exposure to risk and the maturity of their cybersecurity.

3rd Party Risk Management

Reports: NHS Dealing With IT Outages Due to Cyber Incident

Marianne Kolbasuk McGee • August 5, 2022

The U.K.'s National Health Service is experiencing IT outages resulting from a cyberattack on a third-party vendor. Birmingham-based technology provider Advanced's Adastra system supplies digital services for urgent healthcare services number 111.

Endpoint Security

HHS HC3 Warns Healthcare of IoT Device, Open Web App Risks

Marianne Kolbasuk McGee • August 5, 2022

Federal authorities, in two separate advisories issued Thursday, urge healthcare sector entities to proactively address security risks from internet of things devices equipped with sensors, software and other technologies to connect and exchange data over the internet and from open web applications.

Fraud Management & Cybercrime

Europe Gets a New DDoS Attack Record

Brian Pereira • August 5, 2022

An unnamed Eastern Europe company became a victim of that continent's largest-ever distributed denial-of-service attack, says Akamai. The report comes in a season with a record-breaking volume of DDoS attacks, fueled greatly by geopolitical events led by Russia's invasion of Ukraine.

Fraud Management & Cybercrime

Profiles in Leadership: Ivan Milenkovic

Tom Field • August 5, 2022

Ivan Milenkovic became the group information security director of Webhelp in January 2020. Six weeks later, the pandemic changed everything. Today, Webhelp is twice the size it was in 2020, and Milenkovic discusses the cybersecurity challenges his team has overcome to support that growth.

Blockchain & Cryptocurrency

Nomad Entices Thieves of $190M Hack With Offer to Keep 10%

Rashmi Ramesh • August 5, 2022

The hackers who stole $190 million from cross-chain bridge Nomad stand to keep up to 10% of the loot and escape civil liability and criminal prosecution. The only caveat: They must return the rest of the money. Then, the firm says, it will label them as white hats and won't pursue legal action.

Cryptocurrency Fraud

ISMG Editors: Ransomware Groups Aiming for Smaller Targets

Anna Delaney • August 5, 2022

In the latest weekly update, four editors at Information Security Media Group discuss key takeaways from ISMG's recent Government Summit, how hackers siphoned nearly $200 million from cryptocurrency bridge Nomad and how midsized businesses are the new frontier for ransomware.

Cyberwarfare / Nation-State Attacks

Okta's Marc Rogers on Why Beating Ransomware Is a Team Sport

Michael Novinson • August 5, 2022

Increased collaboration between the public and private sectors hasn't slowed the increased frequency and ease of ransomware intrusions, but efforts to change the financial incentives of ransomware are having "a pretty good effect," says Marc Rogers, vice president of cybersecurity strategy at Okta.

Endpoint Security

More Mobile Devices, More Problems, Security Survey Finds

Brian Pereira • August 4, 2022

The era of pandemic-induced telework is also the era of higher reliance on mobile devices for sensitive workplace information - meaning we're likewise living in the age of fretful chief information security officers, a new survey concludes. "Companies are still struggling" to secure mobile devices.

Fraud Management & Cybercrime

Neuro Practice Tells 363,000 That PHI Was Posted on Dark Web

Marianne Kolbasuk McGee • August 4, 2022

An Indiana-based neurology practice is notifying nearly 363,000 individuals that their sensitive information was compromised in a recent ransomware attack - and that some of the data was made available on the dark web. Russian ransomware group Hive has been implicated.