Many entities are facing challenges complying with Cures Act health data-sharing regulation deadlines, say industry groups.

Groups Urge HHS to Extend 'Information Blocking' Deadline

Marianne Kolbasuk McGee • September 28, 2022

Healthcare providers and their health IT vendors need more time to meet a pending federal deadline to comply with information-sharing regulations that pertain to an expanding set of electronic health information, say a slew of heavyweight lobbying groups in a letter to federal regulators.

Governance & Risk Management

Medtronic Recalls Certain Insulin Pumps Due to Cyber Flaw

Latest

Next-Generation Technologies & Secure Development

Jamf Buys ZecOps to Detect Advanced Hacks on Mobile Devices

Michael Novinson • September 28, 2022

Jamf plans to buy startup ZecOps to extend its ability to detect and respond to sophisticated threats across Mac, iOS and Android devices. Jamf's proposed acquisition will provide threat hunting tools to determine if any advanced attacks have compromised mobile devices.

Cloud Security

SentinelOne's Tomer Weingarten on Cloud, XDR and Analytics

Michael Novinson • September 27, 2022

Identity protection, XDR, data analytics and cloud security have been SentinelOne's biggest investment areas, says CEO Tomer Weingarten. Cloud has become the fastest-growing part of SentinelOne's business, appealing even to customers who might have chosen a different vendor for endpoint security.

Cybercrime

Optus Attacker Halts AU$1.5 Million Extortion Attempt

Jeremy Kirk • September 27, 2022

The person who stole nearly 10 million customer records from Australian telco Optus withdrew their AU$1.5 million extortion attempt after suddenly releasing 10,000 customer records. Also, Optus says it has not paid a ransom as it grapples with one of the largest data breaches in the country.

Governance & Risk Management

Code42's Joe Payne on Why Source Code Theft Is So Prevalent

Michael Novinson • September 26, 2022

Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer. Code42's Joe Payne shares the challenges of detecting source code theft and ways to protect intellectual property wherever it resides.

Finance & Banking

Assessing Growing Cyberthreats to Africa's Financial Sector

Anna Delaney • September 26, 2022

Financial services firms in Africa are becoming bigger cyber targets as they expand into new mobile payment and financial inclusion products. Rob Dartnall of Security Alliance explains why these firms need to invest in information sharing, training and new cybersecurity practices to avoid breaches.

Cybercrime

Optus Under $1 Million Extortion Threat in Data Breach

Jeremy Kirk • September 25, 2022

Australia's Optus telco is facing a $1 million extortion demand to prevent the release of up to 11.2 million sensitive customer records. The data appears to be legitimate. The attacker tells Information Security Media Group an unauthenticated API led to the breach.

Governance & Risk Management

Fortinet, VMware, Cisco Drive SD-WAN Gartner Magic Quadrant

Michael Novinson • September 23, 2022

Perennial leaders Fortinet and VMware and a surging Cisco set themselves apart from the pack in SD-WAN, according to the latest Gartner Magic Quadrant. Fortinet and VMware again took the gold and silver in ability to execute, with Cisco leapfrogging both Versa and Palo Alto to capture the bronze.

Business Email Compromise (BEC)

Sweepstakes Spam Hackers Used Microsoft Infrastructure

Prajeet Nair • September 23, 2022

Hackers behind a campaign of deceptive sweepstakes spam hacked their way into Azure cloud accounts that lacked multifactor authentication and obtained admin privileges for Exchange servers. Microsoft advises turning on MFA and other measures such as conditional access.

Multi-factor & Risk-based Authentication

ISMG Editors: How a Teen's Hack of Uber Adds to MFA Crisis

Anna Delaney • September 23, 2022

In the latest weekly update, ISMG editors discuss the industrywide implications of a teenager hacking into Uber's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter.

Cybercrime

Australian Telco Optus Investigates Scope of Large Breach

Jeremy Kirk • September 23, 2022

A criminal investigation is underway into a breach at Optus, Australia’s second-largest telecommunications company. Optus' CEO says the company will notify those affected. It's unknown so far who perpetrated the attack, and the data has not appeared on the dark web.

Fraud Management & Cybercrime

Ransomware's Future: A Continuing Money Spinner

Jeremy Kirk • September 23, 2022

What is the future of ransomware, and is it going to continue with the same intensity of the last few years? Michael DeBolt of Intel 471 says anti-ransomware efforts, including government action and better cybersecurity practices, are working. But ransomware isn't going away soon.

Breach Notification

Uber Ex-CSO's Trial: Who's Responsible for Breach Reporting?

Mathew J. Schwartz • September 23, 2022

Should the now-former CSO of Uber have reported a security incident to authorities after discovering signs of unusual behavior? That's one of the big questions now being asked in the closely watched trial of Joe Sullivan, who's been charged with covering up a data breach and paying off hackers.