Blog
-
Charges for SolarWinds and Its CISO in Massive 2020 Breach, SEC Alleges That Known Cybersecurity Risks Were Covered Up
In a development that is certainly sparking discussions in CISO circles, SolarWinds and its head of information security are being charged with negligence in addressing known cybersecurity risks and fraudulent false reporting to inflate company stock value.
-
OPM Reports Hackers Obtained 632,000 Emails From Justice and Defense Departments During MOVEit Data Breach, but Denies Serious Risk to National Security
The massive MOVEit data breach is thought to have exposed some 62 million records in personal data to date, and over half a million emails from the Departments of Justice and Defense can now be added to that list.
-
AI Executive Order From Biden Administration Motivated by “Slow” Response to Social Media Harms
Biden’s new executive order shows promise in tackling the multiple facets of harm AI could cause, but many elements are kicked down the road either for federal agencies to develop or for Congress to act on.
-
ISC2 Study Shows No Relief in Sight for Cybersecurity Workforce Skill Gaps
The cybersecurity workforce does continue to add substantial amounts of newcomers, about 5.5 million globally over the past year. The problem is that demand for new workers was at about 9 million.
-
English-Speaking Cybercriminals Partner With Russian Ransomware Outfits in Serious Emerging Threat
What sets Octo Tempest apart from other cybercriminals is the highly advanced social engineering capability, something that ransomware gangs typically struggle with. The group’s current modus operandi is to target support and help desk employees.
-
Payments System Cyber Attack Could Cost $3.5 Trillion Globally; Cyber Insurance Market Only Covers $9 Billion at Present
Lloyd’s of London estimates that by the midpoint of the present century, there will be some sort of a cyber attack on a major payments system that causes rippling global damage to the tune of trillions of dollars. The current cyber insurance industry is sitting on no more than about $9 billion in total.
-
Millions More Genetic Profiles Potentially Exposed in Ongoing 23andMe Data Breach
23andMe’s data breach has apparently gotten about four times worse, as four million more files have been leaked to a dark web hacking forum. It’s still not clear how many of these are full genetic profiles.
-
Okta Support Security Breach Puts Customers on Edge Once Again
The company has disclosed exposure of customer files uploaded to the Okta support system. The security breach took place near the start of October and the window may have been open for most of the first half of the month.
-
Ragnar Locker Dark Web Site, Infrastructure Seized by Law Enforcement in Multi-Country Operation
Ragnar Locker’s dark web site is offline as nine servers were taken during law enforcement raids in Germany, Sweden and the Netherlands. A 35 year old Czech man was arrested following the seizure.
-
Software Supply Chain Attacks Doubled Over Last Year
Software supply chain attacks have been trending sharply upward since 2019 but doubled from 2022 to 2023 alone, the largest increase of the roughly four-year period. The high inactivity rate of open source projects is a major contributing factor.