Privacy and cybersecurity attorney Linda Malek of Moses & Singer LLP

Why FDA's Medical Device Cyber Recommendations 'Have Teeth'

Marianne Kolbasuk McGee • May 27, 2022

The inclusion of a new secure product development framework for manufacturers is a most significant addition to recently updated federal draft guidance for the cybersecurity of premarket medical devices, says attorney Linda Malek of the law firm Moses & Singer LLP.

Cybercrime

2 Health Plans Report Major Breaches Following Attacks

Latest

Fraud Management & Cybercrime

Ransomware Costs City of Quincy, Illinois, $650,000

Mihir Bagwe • May 27, 2022

The City of Quincy, Illinois' administrative systems were hit by a ransomware attack on May 7, confirmed Mayor Mike Troup in a press conference held on Tuesday. Consulting fees and a ransom were paid but critical services continued to operate throughout the incident.

Governance & Risk Management

ISMG Editors: London Summit Highlights

Anna Delaney • May 27, 2022

Four editors at Information Security Media Group discuss highlights from ISMG's recent London Summit, including whether if collateral damage from the Russia-Ukraine war isn't necessarily all it was reputed to be, then what are the most concerning emerging threats; building a cyber risk playbook to help businesses...

Account Takeover Fraud

Suspected Business Email Compromise Ringleader Busted

Mathew J. Schwartz • May 27, 2022

Police in Nigeria this week arrested a 37-year-old man who's been charged with masterminding "a criminal syndicate tied to massive business email compromise and phishing campaigns," Interpol reports. But with known BEC losses last year exceeding $2.4 billion, will the arrest have a noticeable impact?

Application Security & Online Fraud

Threat Actors Exploiting Free Browser Automation Framework

Prajeet Nair • May 27, 2022

An increasing number of threat actors are deploying a free-to-use browser automation framework as part of their attack campaigns. Automation tools are expected to become a more common element of the threat actor’s toolkit.

Business Email Compromise (BEC)

FBI: 2021 Business Email Compromise Losses Hit $4.3 Billion

Anna Delaney • May 27, 2022

The latest edition of the ISMG Security Report discusses how the leader of a "transnational cybercrime syndicate" has been arrested in Nigeria, according to Interpol. It also shares updates on U.S. privacy laws and how we can improve collaboration as an industry.

Fraud Management & Cybercrime

Twitter Fined $150M for Misusing Private Data to Sell Ads

Prajeet Nair • May 26, 2022

A $150 million penalty has been slapped on Twitter for deceptively using account security data of millions of users for targeted advertising, the U.S. Justice Department and the Federal Trade Commission say. Twitter says it has paid the fine and ensured that personal user data is secure and private.

Cloud Security

Broadcom Beefs Up Security Business With $61B VMware Buy

Michael Novinson • May 26, 2022

Broadcom has agreed to buy cloud and virtualization giant VMware for $61 billion, bringing together the $1.6 billion Symantec and $1 billion VMware security teams. Broadcom will incorporate its existing security offerings into the VMware portfolio and bring them to market under the VMware brand.

Cloud Security

Lacework Announces Layoffs 6 Months After Raising $1.3B

Michael Novinson • May 26, 2022

Cybersecurity startup Lacework has announced layoffs - affecting 20% of its employees, according to one report - to strengthen its balance sheet, just six months after raising $1.3 billion. The company says it restructured its business in response to a large shift in the public and private markets.

Next-Generation Technologies & Secure Development

Cribl Raises $150M to Incubate New Observability Features

Michael Novinson • May 25, 2022

Cribl has raised $150 million to drive the development of new features such as hosted versions of the company's technology. The company will build out separate tools for each piece of the observability process rather than forcing customers to purchase a bundle with features they don't care about.

Fraud Management & Cybercrime

Attempted Ransomware Attack Grounds SpiceJet Flights

Mihir Bagwe • May 25, 2022

Indian passenger airline SpiceJet says an attempt at a ransomware attack was made against its IT infrastructure on Tuesday night. The airline says the attack was "contained," and it has resumed regular operations. Passengers continued to complain about takeoff delays until noon local time.

Application Security

WhiteSource, Renamed Mend, Takes on Remediating Code Issues

Michael Novinson • May 25, 2022

WhiteSource has renamed itself Mend as the company pushes beyond software composition analysis to become a broad application security platform with automated remediation. The name WhiteSource didn't have any negative connotations when the company was founded, but some people today find it offensive.

Artificial Intelligence & Machine Learning

Semperis Raises $200M to Extend AI, ML to Identity Security

Michael Novinson • May 24, 2022

Semperis has closed a Series C funding round to expand geographically and enhance identity protection and threat mitigation with AI and ML capabilities. The AD security provider plans to use the $200 million to expand into safeguarding additional cloud applications and cloud identity providers.