Image: Getty Images

Novel Botnet Dubbed 'Zerobot' Targets Slew of IoT Devices

Prajeet Nair • December 8, 2022

A novel botnet dubbed "Zerobot" by Fortinet researchers is taking advantage of vulnerabilities in a slew of networking equipment and networked cameras with an emphasis on equipment manufactured in East Asia. The botnet exploits 21 separate vulnerabilities.

Artificial Intelligence & Machine Learning

Brooklyn Hospitals Decried for Silence on Cyber Incident

Latest

Geo Focus: Australia

Australian Aims to Be World's 'Most Cyber-Secure' Country

Mihir Bagwe • December 9, 2022

Australian Home Affairs and Cyber Security Minister Clare O'Neil vowed during a speech to transform the country into the world's most cyber-secure, saying experts will start work on a strategy intended to outdo the rest of the world by 2030. The country has recently experienced a data breach wave.

Business Email Compromise (BEC)

US Law Enforcement Arrests 4 for Business Email Compromise

Rashmi Ramesh • December 9, 2022

U.S. federal prosecutors indicted four men charged with engaging in business email compromise and credit card fraud schemes that netted them $9.2 million. The FBI has warned that business email compromises - whether through account compromise or impersonation - is a growing threat.

Leadership & Executive Communication

ISMG Editors: How Will the Role of CISO Evolve in 2023?

Anna Delaney • December 9, 2022

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including the evolution of the CISO role, the community impact of ransomware attacks targeting hospitals, and trends in cybersecurity customers' buying behavior.

Industry Specific

Ransomware-Wielding Criminals Increasingly Hit Healthcare

Mathew J. Schwartz • December 9, 2022

Ransomware gangs rely on shotgun-style attacks using phishing or stolen remote access credentials to target individuals. This strategy snares less poorly prepared organizations, and that often means healthcare entities. Experts share insights on this plague on healthcare and what to do about it.

Fraud Management & Cybercrime

Hive Ransomware Group Leaks Data From European Retailer

Akshaya Asokan • December 8, 2022

The Hive ransomware-as-a-service group says it posted customer data obtained during a November attack against French sports retailer Intersport. The U.S. federal government estimates the group has attacked more than 1,300 companies worldwide, collecting about $100 million in ransom payments.

Incident & Breach Response

Report: Outsourced HR Firm Sequoia One Undergoes Data Breach

David Perera • December 8, 2022

A human resource outsourcing firm reportedly underwent a data breach from its own outsourced cloud computing storage provider. The company, San Francisco-based Sequoia One, did not respond to multiple requests for comment from Information Security Media Group.

Security Operations

Akamai CEO on How Guardicore Prevents the Spread of Malware

Michael Novinson • December 8, 2022

Akamai's acquisition of Guardicore allowed the company to extend from protecting public-facing web content and APIs to safeguarding internal applications and data, says CEO Tom Leighton. The $600 million deal will allow the Boston-area firm to blend its public-facing and internal security assets.

Healthcare

One Brooklyn Health Not Over November Cyber Incident

Marianne Kolbasuk McGee • December 8, 2022

New York-based One Brooklyn Health is slowly recovering from a cybersecurity incident detected on Nov. 19 that disrupted a variety of IT systems at its three safety-net hospitals and other care facilities. The organization's CEO says there has been progress in investigation and remediation.

Industry Specific

Protecting Healthcare Against Ransomware: Essential Defenses

Mathew J. Schwartz • December 8, 2022

Especially for healthcare organizations, repelling ransomware attacks hinges on having robust monitoring and defenses in place to spot the signs of an unfolding attack and shut it down before crypto-locking malware gets unleashed, says Peter Mackenzie, director of incident response at Sophos.

Black Hat

Cybersecurity Pros: Fresh Challenges Face 'Next Generation'

Mathew J. Schwartz • December 8, 2022

As the potential harm posed by technology increases, the cybersecurity stakes are changing, warned speakers at Black Hat Europe. With governments taking a greater interest in regulating cybersecurity - and perhaps practitioners - experts urged practitioners to collectively guide their own destiny.

Cybercrime

Ransomware Defense: Common Mistakes to Avoid

Anna Delaney • December 8, 2022

This week's edition of the ISMG Security Report discusses the mistakes enterprises commonly make when building ransomware defenses, the cybersecurity capabilities being built by the U.S. Department of Energy, and the first female CEO at Securonix - one of only a handful in the vendor community.

Endpoint Security

CloudSEK Pins Blame for Hack on Other Cybersecurity Firm

Akshaya Asokan • December 7, 2022

Indian cybersecurity firm CloudSEK says another cybersecurity firm used a compromised collaboration platform credential to obtain access to its training webpages. CEO Rahul Sasi did not identify the alleged perpetrator and says the hacker did not obtain access to the company code base and database.