ISMG Editors: Ugly Health Data Breach Trends in 2023

Anna Delaney • December 8, 2023

In the latest weekly update, editors at ISMG discuss the rampant rise in healthcare sector attacks and breaches in 2023, the most common vulnerabilities and targets, and remember the life of the Steve Katz, the world's first CISO who inspired generations of security leaders.

3rd Party Risk Management

Feds, AHA Urge Hospitals to Mitigate Citrix Bleed Threats

Latest

Fraud Management & Cybercrime

Ransomware Group Offline: Have Police Seized Alphv/BlackCat?

Mathew J. Schwartz • December 11, 2023

Cybercrime underground chatter suggests ransomware group BlackCat - aka Alphv - is being disrupted by law enforcement. Experts warn that disruptions too often remain short-lived, as operators reboot under different names and affiliates go independent or work with a bevy of rival services.

3rd Party Risk Management

Proof of Concept: A Guide to Navigating Software Liability

Anna Delaney • December 8, 2023

In the latest "Proof of Concept," Chris Hughes, co-founder and CISO of Aquia, join editors at ISMG to discuss the nuances around software liability, how organizations are integrating standards development practices, and guidelines for determining when a supplier qualifies for safe harbor.

Artificial Intelligence & Machine Learning

How a CEO Runs a Company in Wartime

Steve King • December 8, 2023

Yossi Appleboum, CEO of Sepio Systems in Israel, discusses the international support for Israel in the Israel-Hamas war and what his employees are doing to support the war effort, how the war is affecting Sepio Systems' performance and how generative AI can be "not a tool but a member of your team."

Cybercrime

Breach Roundup: Meta Debuts Messenger End-to-End Encryption

Anviksha More • December 7, 2023

This week, Meta debuted end-to-end encryption on Messenger, AeroBlade cyberespionage targeted U.S. aerospace, Trojan-Proxy threatened cracked apps, Tipalti investigated a ransomware attack, a Pennsylvania hospital faced lawsuits, Nissan probed a cyber incident and the U.S. FCC teamed up with states.

Training & Security Leadership

Microsoft CISO, Deputy CISO Reassigned in Management Shakeup

Cal Harrison • December 7, 2023

Microsoft has demoted its CISO after 14 years on the job, reassigned its deputy CISO and named Igor Tsyganskiy - a former CTO at Bridgewater Associates who just joined Microsoft four months ago as chief strategy officer - as its new chief information security officer.

Cybercrime

Joe Sullivan Tells Black Hat Europe: 'Choose Your Own Destiny'

Mathew J. Schwartz • December 7, 2023

Cybersecurity professionals must choose their own destiny, former CSO Joe Sullivan said at this week's Black Hat Europe in London. CISOs will either remain down in the weeds, technically speaking, or learn to become true senior executives and be treated as such by the board.

Governance & Risk Management

Lessons in Threat Detection for Insider Threats

David Perera • December 7, 2023

Whether because they're malicious, oblivious to company rules or outsmarted by hackers, insiders pose a mounting degree of risk to companies. Hunting for outside hackers offers lessons in preventing insider incidents, said Thomas Etheridge, CrowdStrike chief global professional services officer.

Cyberwarfare / Nation-State Attacks

Israel-Hamas War: 'We All Know Someone That Lost Someone'

Steve King • December 7, 2023

After the latest Israel-Hamas war began, Kollender found herself trying to return to her homeland, but "no airline was flying to or from Israel," she said. In this episode of CyberEd.io's podcast series "Cybersecurity Insights," she discussed her personal views about the Israel-Hamas war.

Cyberwarfare / Nation-State Attacks

New iPhone Exploit Technique Evades Lockdown Mode Function

Chris Riotta • December 6, 2023

Researchers from Jamf Threat Labs said they have managed to manipulate the code in a compromised iPhone to effectively make it appear as if the device is entering Lockdown Mode - but "without any of the protections that would normally be implemented by the service."

Black Hat

Better Cybersecurity Defense? Try Surprising Adversaries

Mathew J. Schwartz • December 6, 2023

"How do we surprise our adversaries?" So asked Ollie Whitehouse, CTO of Britain's National Cyber Security Center, in a keynote speech at Black Hat Europe in London in which he urged defenders to focus on resilience and on finding fresh ways to impose material costs on adversaries.

Artificial Intelligence & Machine Learning

How to Jailbreak Machine Learning With Machine Learning

Rashmi Ramesh • December 6, 2023

A small group of researchers says it has identified an automated method for jailbreaking OpenAI, Meta and Google large language models with no obvious fix. Just like the algorithms that researchers can force into giving dangerous or undesirable responses, the technique depends on machine learning.

Next-Generation Technologies & Secure Development

Unlocking the Superpower of DevSecOps

Michael Novinson • December 6, 2023

Enterprises have struggled to strike a balance between speed and security and stability, said Sean D. Mack, author, speaker and former CIO and CISO at Wiley. DevSecOps is the superpower that resolves this long-standing conflict and allows organizations to deliver software faster and more securely.