DigitalOcean Suspects Mailchimp Hack in Account Takeover

Mihir Bagwe • August 17, 2022

Attackers are attempting to reset the passwords of some DigitalOcean customers, the cloud infrastructure provider says. The email addresses of these customers were likely exposed in a data breach involving Mailchimp, which provided transactional email services for DigitalOcean.

3rd Party Risk Management

Hardware MFA Stops Attack on Cloudflare

Latest

Fraud Management & Cybercrime

Vendor Ransomware Breach Affects 942,000 Patients

Marianne Kolbasuk McGee • August 17, 2022

A New York-based practice management vendor has notified 28 healthcare entity clients and more than 942,000 of their patients that sensitive information was compromised in a ransomware attack in April. The incident is the latest fallout from ransomware assaults on the healthcare sector.

Governance & Risk Management

Are You Spending Too Much or Too Little on Security?

Anna Delaney • August 17, 2022

How do you know whether your organization has invested enough money and time in security? As director of information security for Canon EMEA, Quentyn Taylor is often asked this question. "I'll be honest with you - just to set some expectations here, I don't have the correct answer," he admits.

Identity & Access Management

CrowdStrike's Michael Sentonas on Identity, Cloud and XDR

Michael Novinson • August 17, 2022

Identity, observability, log management and cloud security have been CrowdStrike's biggest areas of investment during 2022, says CTO Michael Sentonas. The company protects against the abuse of identities through a stand-alone capability embedded on the Falcon sensor.

Incident & Breach Response

Infoblox's Jesper Andersen on How to Identify Threats Sooner

Michael Novinson • August 17, 2022

Infoblox has invested in shifting left in the cybersecurity kill chain with on-premises, cloud and hybrid versions of its BloxOne Threat Defense tools, which help security practitioners find and identify threats earlier and mitigate risks, says President and CEO Jesper Andersen.

Fraud Management & Cybercrime

COVID-19's Impact on Cybersecurity Marketing

Steve King • August 17, 2022

Marketers rely on events to create brand awareness and generate demand, and physical events are coming back after the COVID-19 pandemic, says Gily Netzer of Perimeter 81. But "not everybody is traveling," she says, so hybrid events - and SaaS-driven corporate networks - are the future for companies.

Analytics

Thoma Bravo Eyes Darktrace Acquisition in Take-Private Spree

Michael Novinson • August 16, 2022

Thoma Bravo is eyeing its third take-private security deal of 2022, initiating talks with Darktrace months after agreeing to buy SailPoint and Ping Identity. The cybersecurity AI firm says it's in early discussions with private equity giant Thoma Bravo on a possible cash offer for the business.

Business Email Compromise (BEC)

Finding the Balance to Tackle Business ID Theft

Suparna Goswami • August 16, 2022

Research by Dun & Bradstreet says business identity fraud jumped 254% last year. Tools can help prevent this fraud but may create greater friction, say Andrew La Marca, senior director at Dun & Bradstreet, and Ralph Gagliardi, agent in charge, High Tech Crimes Unit, Colorado Bureau of Investigation.

3rd Party Risk Management

Lawsuit Against FTC Intensifies Location Data Privacy Battle

Marianne Kolbasuk McGee • August 16, 2022

A lawsuit by an Idaho-based data marketing and analytics vendor against the U.S. Federal Trade Commission is the latest legal dispute spotlighting growing privacy concerns related to the tracking and collection of consumers' healthcare-related and location data.

Open XDR

Sumedh Thakar on Fusing Vulnerability and Patch Management

Michael Novinson • August 16, 2022

Companies continue to struggle with prioritizing which vulnerabilities present the greatest risk to the business and need to be remediated first since vulnerability scoring is too often based on a static set of what could happen if an issue is exploited, says Qualys President and CEO Sumedh Thakar.

Open XDR

Why XDR Beats SIEM at Spotting Threats in Noisy Environments

Michael Novinson • August 16, 2022

SIEM can play a key role in aggregating log data for compliance or auditing purposes, but when it comes to identifying threat activity in an IT environment, nothing beats XDR, which excels at using advanced techniques to pinpoint threats in high volumes of data, says Secureworks' Ryan Alban.

Governance & Risk Management

Why Companies Are Failing at Cybersecurity

CyberEdBoard • August 16, 2022

When security practitioners lose their initial enthusiam for hunting cyberthreats, their companies begin to fail at cybersecurity, says CISO Marco Túlio Moraes. He discusses how collaborating with the business lines and moving from awareness to education all around can help fix this problem.

Finance & Banking

Building Resilience in a Multi-Cloud Environment

Anna Delaney • August 15, 2022

A well-managed multi-cloud strategy "is a sensible approach" because it allows organizations to move different workloads between providers, but it gets a "bit more complicated when you start thinking about workload portability," says Lee Newcombe, security director, Capgemini U.K.