Aura Lays Off 70 Staff After Raising $350M Over Past Year

Michael Novinson • June 24, 2022

Aura has laid off 70 employees as a result of customer acquisition strategy changes just a year after raising $350 million. The layoffs came about as a result of an agreement inked with MetLife earlier this year that made it Aura's exclusive go-to-market partner for the employee benefits channel.

Cyberwarfare / Nation-State Attacks

Zscaler Posture Control Correlates, Prioritizes Cloud Risks

Latest

Fraud Management & Cybercrime

Ransomware Gang Uses Log4Shell

Prajeet Nair • June 24, 2022

Ransomware group AvosLocker made use of unpatched VMWare Horizon applications to hack into an unidentified organization’s systems, says analysis from Cisco Talos. The race between systems administrators and hackers to patch the Log4j vulnerability is ongoing.

Cybercrime

After Conti Ransomware Brand Retires, Spinoffs Carry On

Mathew J. Schwartz • June 24, 2022

The Conti ransomware group officially pulled the plug on its operation in May. But experts say the group's activities have continued in the form of numerous already-launched subsidiaries or spinoffs, which appear to include Alphv/BlackCat, AvosLocker, Black Basta and HelloKitty, among others.

Business Continuity Management / Disaster Recovery

'When, Not If': Crafting Cyber Resilience Plans That Work

Mathew J. Schwartz • June 24, 2022

To excel at cybersecurity incident response, start with planning, preparation and, ideally, regular tabletop exercises, say Kevin Li, CISO for MUFG Securities Americas, and Rocco Grillo, managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice.

Cybercrime

Rising Fraud in the Digital Age: Detect, Prevent and Respond

Anna Delaney • June 24, 2022

Mark Read, head of data breach solutions for TransUnion in the UK, shares insights on the current data breach landscape, including how businesses should respond to a data breach in order to reduce its impact. "The most successful responses often include the offer of a remediation solution," he says.

3rd Party Risk Management

Lawsuits in Wake of MCG Health Data Breach Start Piling Up

Marianne Kolbasuk McGee • June 24, 2022

Four proposed federal class action lawsuits filed in recent days against MCG Health LLC in the wake of a recently disclosed 2020 hacking incident affecting up to 1.1 million individuals allege negligence and violations of various laws by the clinical guidelines vendor.

3rd Party Risk Management

How Security Risks Might Halt the Use of AI in Applications

Michael Novinson • June 23, 2022

Modern applications and architectures are permeating more deeply into organizations to transform back-office functions as well as those that directly affect the customer experience, according to Kara Sprague, F5's executive vice president and general manager of application delivery.

3rd Party Risk Management

How to Mitigate Emerging Security Threats Against the Cloud

Michael Novinson • June 23, 2022

The need to secure cloud workloads and environments isn't new, but a surge of funding and attention has come to the sector over the past year. One of the most acclaimed cloud security startups has been Wiz, which in October raised $250 million on a $6 billion valuation.

3rd Party Risk Management

How Ransomware Has Changed the Nature of Risk

Anna Delaney • June 23, 2022

Ransomware has changed the risk landscape for suppliers and is forcing companies to reconsider their risk relationships, says Kelly White, co-founder and CEO of RiskRecon. He discusses the correlation between cyber hygiene, ransomware and data loss.

Endpoint Security

Federal Authorities Warn of Cardio Product Security Flaws

Marianne Kolbasuk McGee • June 23, 2022

A popular line of portable electrocardiographs contains vulnerabilities that allow hackers to execute commands and access sensitive information, federal authorities warn. Device manufacturer Hillrom Medical has released a patch and coordinated disclosure with CISA.

Business Continuity Management / Disaster Recovery

Cybercrime: Conti Ransomware Retools After Backing Moscow

Anna Delaney • June 23, 2022

The latest edition of the ISMG Security Report investigates the reboot of ransomware group Conti, which supports Russia's invasion of Ukraine. It also discusses why paying ransomware actors is a "business decision" and how to respond to the talent shortage in the financial sector.

Anti-Phishing, DMARC

The State of Phishing and Email Security

Anna Delaney • June 22, 2022

"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.

Events

Why Diversity Is the Defender's Greatest Weapon

Anna Delaney • June 22, 2022

CISO Patricia "Patti" Titus says the cybersecurity sector is "still struggling" with the diversity and inclusion it requires. "The things we do really impact all of our end users, employees and customers," she says, so you need "the broadest skill set possible when you're making decisions."