Latest

Cybercrime

Feds Allege Former IT Consultant Hacked Healthcare Company

Marianne Kolbasuk McGee  •  May 26, 2022

A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization. Experts say the case spotlights insider threats that must not be underestimated.

Fraud Management & Cybercrime

Twitter Fined $150M for Misusing Private Data to Sell Ads

Prajeet Nair  •  May 26, 2022

A $150 million penalty has been slapped on Twitter for deceptively using account security data of millions of users for targeted advertising, the U.S. Justice Department and the Federal Trade Commission say. Twitter says it has paid the fine and ensured that personal user data is secure and private.

Cybercrime

Black Basta Claims Responsibility for AGCO Attack

Mihir Bagwe  •  May 26, 2022

Ransomware gang Black Basta, which came to prominence in April 2022, has claimed responsibility on its leak site for a ransomware attack on AGCO. An AGCO spokesperson confirmed to ISMG that employee data was exfiltrated during an attack but did not comment on Black Basta's claims of responsibility.

Cloud Security

Broadcom Beefs Up Security Business With $61B VMware Buy

Michael Novinson  •  May 26, 2022

Broadcom has agreed to buy cloud and virtualization giant VMware for $61 billion, bringing together the $1.6 billion Symantec and $1 billion VMware security teams. Broadcom will incorporate its existing security offerings into the VMware portfolio and bring them to market under the VMware brand.

Cloud Security

Lacework Announces Layoffs 6 Months After Raising $1.3B

Michael Novinson  •  May 26, 2022

Cybersecurity startup Lacework has announced layoffs - affecting 20% of its employees, according to one report - to strengthen its balance sheet, just six months after raising $1.3 billion. The company says it restructured its business in response to a large shift in the public and private markets.

Next-Generation Technologies & Secure Development

Cribl Raises $150M to Incubate New Observability Features

Michael Novinson  •  May 25, 2022

Cribl has raised $150 million to drive the development of new features such as hosted versions of the company's technology. The company will build out separate tools for each piece of the observability process rather than forcing customers to purchase a bundle with features they don't care about.

Application Security

WhiteSource, Renamed Mend, Takes on Remediating Code Issues

Michael Novinson  •  May 25, 2022

WhiteSource has renamed itself Mend as the company pushes beyond software composition analysis to become a broad application security platform with automated remediation. The name WhiteSource didn't have any negative connotations when the company was founded, but some people today find it offensive.

Healthcare

Developing Medical Device Cybersecurity Maturity Benchmarks

Marianne Kolbasuk McGee  •  May 25, 2022

An effort to establish industry benchmarks for medical device cybersecurity maturity aims to help advance overall cybersecurity in the healthcare sector, says Rob Suárez, CISO of medical device maker Becton, Dickinson and Co. He discusses how to improve the state of medical device cybersecurity.

Breach Notification

3 Health Data Hacks Affect 1.4 Million Individuals

Marianne Kolbasuk McGee  •  May 24, 2022

Hacking incidents recently reported as major breaches by three different types of health sector entities - a children's hospital, a managed care plan and a government contractor - have in total compromised the sensitive information of more than 1.4 million individuals.

Artificial Intelligence & Machine Learning

Semperis Raises $200M to Extend AI, ML to Identity Security

Michael Novinson  •  May 24, 2022

Semperis has closed a Series C funding round to expand geographically and enhance identity protection and threat mitigation with AI and ML capabilities. The AD security provider plans to use the $200 million to expand into safeguarding additional cloud applications and cloud identity providers.

Security Operations

UK Privacy Watchdog Imposes 7.5M-Pound Fine on Clearview AI

Mihir Bagwe  •  May 24, 2022

The ICO has imposed a penalty of 7.5 million pounds on Clearview AI Inc. for using scraped U.K. citizen facial images for its facial recognition database. The agency has directed the firm to delete images of all U.K. citizens and to stop scraping data from the open internet.

Blockchain & Cryptocurrency

US Sets Up Multiagency Initiatives to Curb Ransomware

Prajeet Nair  •  May 23, 2022

The U.S. is setting up a Joint Ransomware Task Force, headed by the Cybersecurity and Infrastructure Security Agency and the FBI, as well as two international initiatives, chaired by the Department of Justice, to tackle illegal cryptocurrency activities related to ransomware.