Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that involves the CNA communit… Continue reading Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

Japan’s Tokio Marine is the latest insurer to be victimized by ransomware

Ransomware struck Japan’s largest property and casualty insurer, Tokio Marine Holdings, at its Singapore branch, the company disclosed on Monday. Tokio Marine, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was breached. Such data could be a smorgasbord for hackers who would use the data to extort victims based on their coverage amounts. It’s at least the third major insurer to disclose a ransomware attack in recent months, following CNA and AXA. And it’s the second insurer just this week, with Ryan Specialty Group — fresh off launching an initial public offering — to disclose a cyber incident. Cyber insurers have, of late, taken to asking more detailed questions about policyholders’ cybersecurity safeguards as a condition for providing coverage. But the spate of recent successful attacks suggests that insurers, too, might need to step up […]

The post Japan’s Tokio Marine is the latest insurer to be victimized by ransomware appeared first on CyberScoop.

Continue reading Japan’s Tokio Marine is the latest insurer to be victimized by ransomware

Veeam Government Solutions: Backup and protection of government mission-critical data

Veeam Software announced the launch of its new, federal government-focused subsidiary, Veeam Government Solutions. Veeam provides a single platform for modernizing backup, accelerating hybrid cloud, and securing data to 400,000+ customers worldwide, in… Continue reading Veeam Government Solutions: Backup and protection of government mission-critical data

Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees

Ransomware gangs have now struck two cybersecurity insurers in as many months, with AXA confirming over the weekend that an attack had affected its Asian operations. AXA joins CNA Insurance, which in April confirmed that a ransomware incident had forced the company to take its operations offline. The attack on AXA, though, comes shortly after the French insurer said it would no longer reimburse ransomware payments under new policies it writes in that country, although a source familiar with the attack said there was no connection between AXA’s decision and the attack on its own networks. The so-called Avaddon ransomware operators posted screenshots of information online that they said they obtained from AXA’s Asia Assistance subsidiary. The screenshots include a claim that the operators stole three terabytes of data, such as customer medical reports and claims, customer IDs and bank account papers, payments to customers and other health information. “Asia […]

The post Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees appeared first on CyberScoop.

Continue reading Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees

CNA shares details about ransomware attack, recovery effort

Major U.S. insurer CNA confirmed this week that it was the victim of a ransomware attack and that it has taken several steps on the road to recovery. The company, one of the biggest players in cybersecurity insurance specifically, had previously acknowledged an attack, but stopped short of specifying exactly what kind. In an update on Thursday, the company said it had restored normal email operations after a ransomware attack, adding that it instituted multi-factor authentication and a security platform for detecting and blocking threats. “Our team deployed additional endpoint detection and monitoring tools for an added layer of security and visibility across our network,” the update reads. “We expect that there will be a number of other remediation and infrastructure enhancements.” The attack has proven a source of misery for the company since hackers hit on March 21. Like other insurers, CNA would represent a tempting target for hackers […]

The post CNA shares details about ransomware attack, recovery effort appeared first on CyberScoop.

Continue reading CNA shares details about ransomware attack, recovery effort

Top insurer CNA disconnects systems after cyberattack

CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network. Its website hasn’t been working for the last couple days, and at press time displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.” The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements. If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated. The company said it discovered the intrusion on March 21, adding that it is working with forensics experts […]

The post Top insurer CNA disconnects systems after cyberattack appeared first on CyberScoop.

Continue reading Top insurer CNA disconnects systems after cyberattack

OPAQ and CNA partnership provides policyholders holistic risk management

OPAQ, the network security cloud company, announced a partnership with CNA, one of the largest commercial property and casualty insurance companies in the United States, to offer a cloud-based cyber security solution that will enable CNA’s cyber insura… Continue reading OPAQ and CNA partnership provides policyholders holistic risk management

CyberArk and CNA cybersecurity insurance offering prioritizes privileged access security

CyberArk and CNA, one of the largest U.S. commercial property and casualty insurance companies, introduced the first cybersecurity insurance offering that prioritizes privileged access security to reduce business risk. CNA selected CyberArk to provide … Continue reading CyberArk and CNA cybersecurity insurance offering prioritizes privileged access security