How Will SEC Rules Affect Reporting, Tracking of Incidents?

Anna Delaney • September 25, 2023

Under new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Hamerstone, advisory solutions director at TrustedSec, discussed the challenges ahead.

Fraud Management & Cybercrime

How Can FedNow Recruit More US Banks? Lessons From Brazil

Latest

Privileged Access Management

CyberArk, BeyondTrust, Delinea Dominate Gartner MQ for PAM

Michael Novinson • September 25, 2023

CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.

Cyberwarfare / Nation-State Attacks

Deadglyph Backdoor Targeting Middle Eastern Government

Prajeet Nair • September 25, 2023

Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a .NET assembly.

Artificial Intelligence & Machine Learning

Governor at Fed Cautiously Optimistic About Generative AI

Rashmi Ramesh • September 25, 2023

Federal Reserve Board Governor Lisa D. Cook is cautiously optimistic about the impact of generative AI on jobs and productivity but urged the industry to address the "very real concerns." While she sees "broad benefits from its use, in the short term, she said, AI could disrupt the labor market.

Artificial Intelligence & Machine Learning

Polish Privacy Regulator Probes OpenAI's ChatGPT

Akshaya Asokan • September 25, 2023

The Polish data regulator launched a probe into OpenAI's ChatGPT for potential privacy violations of the European General Data Protection Regulation. The Polish regulator is the third European data protection agency to raise privacy concerns related to ChatGPT.

Cybercrime

Bermuda Struggles to Recover From Cyberattack

Mihir Bagwe • September 25, 2023

Bermuda government workers Monday remained cut off from email and normal telephone systems following a hacking incident disclosed late last week. Bermuda Premier David Burt on Thursday attributed the hack to "Russia-based actors," without elaborating.

Open XDR

How to Overcome Practitioner Concerns Over Cisco-Splunk Deal

Michael Novinson • September 25, 2023

Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. Forrester's Allie Mellen expects some customers to try out other SIEM tools given Cisco's heritage in hardware.

Cybercrime

Data Breach Toll Tied to Clop Group's MOVEit Attacks Surges

Mathew J. Schwartz • September 25, 2023

The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.

Endpoint Security

Apple Fixes Bugs That Infected Egyptian Politician's iPhone

Mihir Bagwe • September 22, 2023

Apple released patches Thursday to close three actively exploited vulnerabilities that researchers say commercial spyware maker Cytrox used to infect the iPhone of Egyptian politician Ahmed Eltantawy with Predator malware. The Citizen Lab attributes the attacks to the Egyptian government.

Cloud Access Security Brokers (CASB)

Cato Networks Raises $238M on $3B Valuation to Move Upmarket

Michael Novinson • September 22, 2023

A late-stage SASE startup led by a serial entrepreneur hauled in a massive equity investment to address the feature and capability needs of large enterprises. The $238 million in funding will allow Cato Networks to more tightly align CASB and DLP with SASE to safeguard cloud apps and sensitive data.

Leadership & Executive Communication

Google CISO Phil Venables on Building Strong CIO-CISO Bonds

Michael Novinson • September 22, 2023

Increased engagement from boards on digital transformation initiatives around cloud and AI adoption has spurred greater investment in cybersecurity, said Google Cloud CISO Phil Venables. Systems built and designed decades ago have become increasingly difficult to secure, he said.

Fraud Management & Cybercrime

Hong Kong Consumer Watchdog Suffers Major Ransomware Attack

Jayant Chakravarti • September 22, 2023

The Hong Kong Consumer Council said it had detected a severe ransomware attack on Wednesday that compromised 65 gigabytes of data, including employee and client information, internal records and possibly the data of current and former staff and their family members.

Cybercrime

Nation-State Actors Unleash Stealthy, LuaJIT-Based Malware

Jayant Chakravarti • September 22, 2023

SentinelOne observed suspected cyberespionage actors of unknown origin using modular backdoors and highly stealthy tactics in August to target telecommunication companies in the Middle East, Western Europe and South Asia. The group, tracked as Sandman, is using the novel backdoor LuaJIT.