Image: Getty

Mistrial in Criminal HIPAA Case Against Army Doctor & Spouse

Marianne Kolbasuk McGee • June 2, 2023

A federal judge declared a mistrial in the criminal HIPAA conspiracy case against a married couple, both doctors, after the jury deadlocked on whether the two had been entrapped by the U.S. government into providing patient records to a supposed Russian operative. Prosecutors will seek a retrial.

Fraud Management & Cybercrime

AHA Tells HHS to 'Amend or Suspend' Web Tracking Guidance

Latest

Governance & Risk Management

Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data

Michael Novinson • June 2, 2023

Adversaries have taken advantage of a zero-day vulnerability in Progress Software's managed file transfer product to deploy web shells and steal data, Mandiant found. An unknown threat actor began exploiting the critical SQL injection vulnerability in MOVEit Transfer on May 27.

Leadership & Executive Communication

ISMG Editors: Why Communications Skills Matter for CISOs

Anna Delaney • June 2, 2023

In the latest weekly update, ISMG editors discuss why communication is vital to be an effective CISO in 2023, how the hack of Florida-based dental insurer MCNA affects nearly 9 million people, and how CyberArk is securing privileged users with a new browser.

Endpoint Protection Platforms (EPP)

SentinelOne Lays Off 5% of Staff as Data Consumption Tumbles

Michael Novinson • June 1, 2023

SentinelOne plans to ax approximately 105 workers after a significant drop in data usage for products with consumption-based pricing caused revenue to fall short of expectations. The company revealed plans to reduce its staff by 5% to remain on track with achieving non-GAAP profitability next year.

Fraud Management & Cybercrime

Breach Roundup: Amazon Settles US FTC Investigations

Prajeet Nair • June 1, 2023

This week: Amazon settled privacy and cybersecurity investigations with the U.S. FTC, SAS received a $3 million extortion demand and apparently Ukrainian hacktivists penetrated Russia's Skolkovo Foundation. Plus, breaches at Onix Group and Toyota and a warning about Salesforce "ghost sites."

Cybercrime

Hackers Exploit Progress MOVEit File Transfer Vulnerability

Michael Novinson • June 1, 2023

Hackers have exploited a critical zero-day vulnerability in Progress Software's managed file transfer offering in several customer environments. Progress warned of a critical SQL injection vulnerability in MOVEit Transfer that allows for "escalated privileges and potential unauthorized access."

Artificial Intelligence & Machine Learning

Cisco Buys Armorblox to Bring Generative AI to Its Portfolio

Michael Novinson • May 31, 2023

Cisco plans to make its third tuck-in cybersecurity acquisition of 2023 to protect email, cloud office applications and enterprise communications through natural language understanding. Cisco will take advantage of Armorblox's predictive and generative AI to help customers bolster their security.

Network Detection & Response

Cisco's New XDR Tool Emphasizes Robust Telemetry Correlation

Michael Novinson • May 31, 2023

Cisco Security Executive Vice President and General Manager Jeetu Patel said the industry struggles to address multifaceted attacks that originate in email and include bad links, malware downloads to a device and more. Cyber defenders need correlated data from multiple sources of telemetry, he said.

Endpoint Security

Ring Settles FTC Allegations of Poor Cybersecurity, Privacy

David Perera • May 31, 2023

Amazon agreed to pay $5.8 million to settle a Federal Trade Commission investigation into allegedly poor cybersecurity practices by its Ring home surveillance device subsidiary. The company is also poised to come under two decades' worth of outside reviews of a mandated data and security program.

API Security

Why Identity Is Key to Baselining API Security Programs

Anna Delaney • May 31, 2023

Change management is a critical part of a robust API management program, said Shaam Farooq, vice president of technology at Atlas Energy Solutions and a CyberEdBoard member. Team members must review and approve changes as they happen and communicates those changes across IT and OT security teams.

Artificial Intelligence & Machine Learning

Integrating Generative AI Into the Threat Detection Process

Steve King • May 31, 2023

In this episode of "Cybersecurity Insights," Chen Burshan and Amir Shachar of Skyhawk Security discuss how they integrated generative AI into their threat detection process and significantly increased the speed and lowered the costs of detecting breaches based by focusing on anomalous activity.

3rd Party Risk Management

Synopsys Extends Lead in Gartner MQ for App Security Testing

Michael Novinson • May 30, 2023

Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.

Card Not Present Fraud

Invoice and CEO Scams Dominate Fraud Affecting Businesses

Mathew J. Schwartz • May 29, 2023

Losses to fraud reported by Britain's financial services sector exceeded $1.5 billion in 2022, declining by 8% from 2021, says trade association UK Finance. About 40% of losses tied to authorized push payment fraud, in which victims get tricked into transferring funds to attackers.