Profiles in Leadership: Avinash Dharmadhikari, CISO, Persistent Systems

Suparna Goswami • September 23, 2021

Avinash Dharmadhikari, the CISO of Persistent Systems, a technology services company headquartered in India, has no complaints about managing different functions under security. He discusses building a security culture in his organization.

Blockchain & Cryptocurrency

SEC Chair Pushes for Additional Cryptocurrency Regulations

Latest

Fraud Management & Cybercrime

Identity Fraud: Moving Beyond Document Verification

Suparna Goswami • September 24, 2021

In order to improve identity verification, it is not enough to only verify documents; a multilayered approach is needed, says Brett Johnson, a former fraudster who is now a cybercrime consultant. He discusses current fraud trends and how fraud is evolving.

3rd Party Risk Management

ISMG Editors’ Panel: The Rise of Quadruple Extortion Attacks

Anna Delaney • September 24, 2021

Four editors at Information Security Media Group discuss important cybersecurity issues, including the rise of quadruple extortion attacks employed by ransomware gangs, the FBI reportedly withholding the Kaseya ransomware decryption key for weeks, and raising security posture during a pandemic.

Access Management

IT and OT Convergence: Sizing Up the Security Risks

Geetha Nandikotkur • September 24, 2021

As the risks to IT and OT converge, organizations must use "zero trust" to verify user identities and build effective monitoring capabilities to track the behavior of privileged users, say Kartik Shahani of Tenable and Rohan Vaidya of CyberArk.

Critical Infrastructure Security

New Malware Targets India's Defense Personnel

Soumik Ghosh • September 24, 2021

Researchers have identified a new malware sample that is targeting Indian defense personnel. Cyber threat intelligence firm Cyble says the target and attack method of the malware point to the work of APT group SideCopy.

Business Continuity Management / Disaster Recovery

Ransomware Updates: Conti Attacks Rise, New Players Surface

Anna Delaney • September 24, 2021

The latest edition of the ISMG Security Report features an analysis of how the U.S. government has been tracking an increase in the pace of attacks tied to Conti ransomware. Also featured are what "protection" means today and building a new cybersecurity operating model.

Governance & Risk Management

Applying Critical, Systems and Design Thinking to Security

Steve King • September 24, 2021

Brian Barnier, a director of analytics who is developing a course on critical and design thinking in cybersecurity for CyberEd.io, is a firm believer in the importance of critical thinking today. He discusses how that, plus systems and design thinking, can improve the way cybersecurity functions.

Critical Infrastructure Security

Karma Seeks Free Publicity to Fulfill Ransomware Destiny

Mathew J. Schwartz • September 24, 2021

A new and still little-known ransomware group called Karma has been pursuing a novel strategy to pressure victims into paying: Get journalists to publicize businesses hit by the ransomware operation, adding pressure on victims to pay the ransom demand.

Anti-Phishing, DMARC

Microsoft Analyzes Phishing-as-a-Service Operation

Doug Olenick • September 22, 2021

Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign. The gang remains operational.

Application Security

Researcher Finds Exposed Data of 106 Million Thai Visitors

Mihir Bagwe • September 22, 2021

Researcher Bob Diachenko has discovered an unsecured database containing personal information of 106 million foreign nationals who have visited Thailand in the past decade. The 200GB database, which has now been secured, has not been accessed by unauthorized personnel, Thai authorities say.

Critical Infrastructure Security

Ransomware Reportedly Hits Iowa Farm Services Cooperative

Scott Ferguson , Doug Olenick • September 20, 2021

NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports. The cooperative is working with law enforcement agencies.

Blockchain & Cryptocurrency

Hacker Makes Off With $12 Million in Latest DeFi Breach

Dan Gunderman • September 20, 2021

In the latest security incident involving a decentralized finance protocol, cross-chain project pNetwork announced Sunday it had been hacked for 277 pBTC, a form of wrapped bitcoin, with losses worth over $12 million at current value.

Application Security

No Bounty for Bug Hunters in India

Soumik Ghosh • September 20, 2021

While there is no dearth of talent among Indian bug bounty hunters, hurdles such as lack of trust, payment disputes, cost, unethical practices and lack of regulatory laws deter the growth of the bug bounty programs in the country, according to some experts.