An artist's representation of the Horizon bridge (Source: Harmony)

Horizon Offers $1M Bounty to Hackers Who Stole $100M

Rashmi Ramesh • June 27, 2022

Blockchain company Harmony has offered a $1 million bounty to hackers who stole $100 million worth of Ethereum tokens. It says it won’t push for criminal charges if the funds are returned. The exploit did not affect the trustless Bitcoin - BTC - bridge, the company says in its tweet thread.

Cybercrime

Battling Ransomware: 'We're Targeting the Entire Ecosystem'

Latest

Digital Identity

How to Implement PAM Across Multiple Companies

Suparna Goswami • June 27, 2022

How does a conglomerate implement PAM across multiple companies? What are some of the challenges, and how can you overcome them? Gonz Gonzales, the CISO at JG Summit Holdings, one of the largest conglomerates in the Philippines, shares his journey of PAM implementation across companies.

Endpoint Security

Profiles in Leadership: Karin Höne, CISO, Barloworld

Mathew J. Schwartz • June 27, 2022

Effective security and risk programs require not just domain mastery but making security accessible to boards of directors and senior officers, says Karin Höne, the group chief information security and risk officer of South Africa-based multinational Barloworld.

Fraud Management & Cybercrime

Ransomware Gang Uses Log4Shell

Prajeet Nair • June 24, 2022

Ransomware group AvosLocker made use of unpatched VMWare Horizon applications to hack into an unidentified organization’s systems, says analysis from Cisco Talos. The race between systems administrators and hackers to patch the Log4j vulnerability is ongoing.

Endpoint Security

Aura Lays Off 70 Staff After Raising $350M Over Past Year

Michael Novinson • June 24, 2022

Aura has laid off 70 employees as a result of customer acquisition strategy changes just a year after raising $350 million. The layoffs came about as a result of an agreement inked with MetLife earlier this year that made it Aura's exclusive go-to-market partner for the employee benefits channel.

Cyberwarfare / Nation-State Attacks

Attackers Use Log4Shell to Hack Unpatched VMware Products

Mihir Bagwe • June 24, 2022

Watch out for APT and state-sponsored hackers using the Log4Shell vulnerability to gain unauthorized entry into unpatched VMware Horizon Systems and Unified Access Gateway servers, says a joint advisory from CISA and the U.S. Coast Guard Cyber Command.

Business Continuity Management / Disaster Recovery

'When, Not If': Crafting Cyber Resilience Plans That Work

Mathew J. Schwartz • June 24, 2022

To excel at cybersecurity incident response, start with planning, preparation and, ideally, regular tabletop exercises, say Kevin Li, CISO for MUFG Securities Americas, and Rocco Grillo, managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice.

Cybercrime

Rising Fraud in the Digital Age: Detect, Prevent and Respond

Anna Delaney • June 24, 2022

Mark Read, head of data breach solutions for TransUnion in the UK, shares insights on the current data breach landscape, including how businesses should respond to a data breach in order to reduce its impact. "The most successful responses often include the offer of a remediation solution," he says.

Critical Infrastructure Security

Russian Cyberattacks on Ukraine Underscored By Microsoft

Mihir Bagwe • June 23, 2022

A report from the company behind the world's most ubiquitous operating system depicts active cyber scrimmage between Russia and Ukraine and Russia and a slew of other countries. Fighting it is the work of private-public collaboration, Microsoft President Brad Smith writes.

Endpoint Security

Federal Authorities Warn of Cardio Product Security Flaws

Marianne Kolbasuk McGee • June 23, 2022

A popular line of portable electrocardiographs contains vulnerabilities that allow hackers to execute commands and access sensitive information, federal authorities warn. Device manufacturer Hillrom Medical has released a patch and coordinated disclosure with CISA.

Business Continuity Management / Disaster Recovery

Cybercrime: Conti Ransomware Retools After Backing Moscow

Anna Delaney • June 23, 2022

The latest edition of the ISMG Security Report investigates the reboot of ransomware group Conti, which supports Russia's invasion of Ukraine. It also discusses why paying ransomware actors is a "business decision" and how to respond to the talent shortage in the financial sector.

Cloud Security

Cloudflare Outage Whacks 19 Data Centers for Global Traffic

Michael Novinson • June 22, 2022

A massive Cloudflare outage that left many of the world's most popular websites inaccessible for 75 minutes was caused by a network configuration change gone awry. The change was meant to increase resilience in 19 of Cloudflare's busiest data centers that handle much of the global traffic.

Events

Why Diversity Is the Defender's Greatest Weapon

Anna Delaney • June 22, 2022

CISO Patricia "Patti" Titus says the cybersecurity sector is "still struggling" with the diversity and inclusion it requires. "The things we do really impact all of our end users, employees and customers," she says, so you need "the broadest skill set possible when you're making decisions."