The BD Totalys MultiProcessor medical laboratory testing system is the subject of security vulnerability alerts from BD and CISA. (Photo: BD)

BD, CISA Warn of Security Flaw in Cancer Testing System

Marianne Kolbasuk McGee • October 6, 2022

If exploited, a hard-coded credential vulnerability in certain BD medical laboratory equipment used for cancer screenings could allow an attacker to access, modify or delete sensitive patient information, the manufacturer and federal authorities warn.

Fraud Management & Cybercrime

Groups Urge HHS to Extend 'Information Blocking' Deadline

Latest

Cybercrime

ISMG Editors: The Plot to Leak US Health Records to Russia

Anna Delaney • October 7, 2022

In the latest weekly update, ISMG editors examine the story of a Maryland couple facing charges for giving military medical records to Russia, the sentencing of a former Seattle tech worker for her massive Capital One hack, and why David Hatfield resigned as co-CEO of cloud security vendor Lacework.

Cyberwarfare / Nation-State Attacks

President Biden to Sign Order for Trans-Atlantic Data Flows

David Perera • October 7, 2022

U.S. President Joe Biden will mount the third attempt to normalize commercial trans-Atlantic data flows by signing an executive order implementing privacy safeguards on American intelligence gathering. The order follows nearly two years of negotiations between Brussels and Washington.

Identity & Access Management

How Adversaries Are Bypassing Weak MFA

Anna Delaney • October 7, 2022

The latest edition of the ISMG Security Report discusses how adversaries have a new favorite tactic to circumvent MFA, why vendor Akamai is an appealing target for private equity, and what the industry can do differently to attract more females to leadership roles.

Cybercrime

The Ransomware Files, Episode 12: Unproven Data Recovery

Jeremy Kirk • October 7, 2022

What if you were hired for an office job but ended up negotiating with cybercriminals? There aren’t many rules around ransomware, but this is a story about one rule that was definitely broken. By the end, the path to the truth led to a place on the other side of the world where no one wanted to be.

Breach Notification

Health Entity Agrees to Pay $7.9 Million to Improve Security

Marianne Kolbasuk McGee • October 6, 2022

A Baltimore, Maryland-based healthcare organization has agreed to spend nearly $8 million improving and maintaining its data security as "injunctive relief" to settle a class action lawsuit involving two data breaches that affected a total of about 540,000 individuals.

Managed Detection & Response (MDR)

Arctic Wolf Gets $401M From Owl Rock to Pursue Acquisitions

Michael Novinson • October 6, 2022

Security operations stalwart Arctic Wolf has taken on more than $400 million in debt to pursue acquisitions in the cloud, SIEM, endpoint and XDR markets. The money will fuel an upcoming launch in the Asia-Pacific region and expansion in markets such as South Africa, Benelux and the Nordics.

Attack Surface Management

Pen Test Firm NetSPI Gets $410M Boost From KKR to Fuel M&A

Michael Novinson • October 5, 2022

Rising offensive cyber star NetSPI has received a massive follow-up investment from KKR to pursue acquisitions and expand its technological and geographic footprint. KKR's $410 million bet comes on the heels of 50% organic sales growth for NetSPI in 2021 and 61% sales growth thus far in 2022.

Leadership & Executive Communication

Why Aren't More Women in Security Leadership Positions?

Anna Delaney • October 5, 2022

A man in the cybersecurity field is seven times more likely than a woman to have applied for or been offered the job of CISO, according to a new report from Accenture on the need for more inclusion in the workplace. Experts discuss strategies to close the gap and make hiring more inclusive.

Cloud Security

Lacework Co-CEO David Hatfield Out 4 Months After Layoffs

Michael Novinson • October 5, 2022

David "Hat" Hatfield has exited the co-CEO role at Lacework just four months after the cloud security vendor laid off 20% of its employees. The move will bring Lacework's co-CEO experiment to an end after just 14 months, with Facebook engineering head Jay Parikh moving forward as sole CEO.

3rd Party Risk Management

How to Deal With Endemic Software Vulnerabilities

Steve King • October 5, 2022

In this episode of "Cybersecurity Unplugged," Amit Shah, director of product marketing at Dynatrace, discusses the implications of the Log4Shell software vulnerability and the need for organizations to take an observability-led approach to software development and security going forward.

Artificial Intelligence & Machine Learning

Qualys Buys Blue Hexagon to Aid Secure Public Cloud Adoption

Michael Novinson • October 4, 2022

Qualys has purchased a startup founded by longtime Qualcomm leaders to help detect supply chain infections, crypto miners and unauthorized activity in the cloud. The deal will allow customers to detect active exploitation, identify advanced threats and create an adaptive risk mitigation program.

Application Security

Tim Eades of vArmour on Expanding From Banking to Government

Michael Novinson • October 3, 2022

While vArmour has enjoyed success in banking, the U.S. government is now the fastest-growing part of its business. CEO Tim Eades says much of the government doesn't understand the relationships and dependencies among vArmour's applications or the consequences of an application going down.