Midwest health system implements CynergisTek’s additional controls for more stringent requirements

CynergisTek announces a six-figure agreement for Privileged Access Management (PAM) services with an existing Midwest health system client to safeguard identities with special access or capabilities beyond regular users. The increase in ransomware atta… Continue reading Midwest health system implements CynergisTek’s additional controls for more stringent requirements

Cribl raises $200M to help enterprises do more with their data

Cribl is developing unified data pipelines, called “observability pipelines,” to parse and route any type of data that flows through a corporate IT system. Continue reading Cribl raises $200M to help enterprises do more with their data

Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability

The so-called PrintNightmare vulnerability in Microsoft software is turning into a dream for ransomware gangs. For the second time this week, security researchers have warned that extortionists exploited the critical flaw in an attempt to lock files and shake down victims. It shows how, more than a month after Microsoft disclosed the bug and urged users to update their software, a new round of exploitation is under way against vulnerable organizations. A ransomware group dubbed Vice Society recently seized on the PrintNightmare bug to move through an unnamed victim’s network and attempt to steal sensitive data, Talos, Cisco’s threat intelligence unit, said Thursday. A day earlier, cybersecurity firm CrowdStrike said that hackers using another type of ransomware had tried to use PrintNightmare to infect victims in South Korea. Neither Talos nor CrowdStrike named the targeted organizations. The PrintNightmare vulnerability affects how Windows’ Print Spooler manages interactions between computers and printers. […]

The post Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability appeared first on CyberScoop.

Continue reading Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability

ForgeRock expands board of directors with two new appointments

ForgeRock announced the appointment of two new members to its Board of Directors: Rinki Sethi, Chief Information Security Officer (CISO) of Twitter and Johanna Flower, former Chief Marketing Officer (CMO) of CrowdStrike. Sethi built her career leading … Continue reading ForgeRock expands board of directors with two new appointments

Ransomware Gangs and the Name Game Distraction

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation over as many years.

Reinvention is a basic survival skill in the cybercrime business. Among the oldest tricks in the book is to fake one’s demise or retirement and invent a new identity. A key goal of such subterfuge is to throw investigators off the scent or to temporarily direct their attention elsewhere.

Cybercriminal syndicates also perform similar disappearing acts whenever it suits them. These organizational reboots are an opportunity for ransomware program leaders to set new ground rules for their members — such as which types of victims aren’t allowed (e.g., hospitals, governments, critical infrastructure), or how much of a ransom payment an affiliate should expect for bringing the group access to a new victim network. Continue reading Ransomware Gangs and the Name Game Distraction

Cyber job listings excluded Colorado workers after salary transparency law went into effect

Dozens of technology companies, including several cybersecurity firms, have excluded remote workers in Colorado from searches for job candidates since a state law requiring pay transparency in job listings went into effect. CyberScoop identified at least five cybersecurity firms or tech companies with active security-related job listings excluding Colorado workers from remote work. The companies represent a small subset of hundreds of employers navigating 2019’s Equal Pay For Equal Work Act, which went into effect on January 1 and requires employers to include compensation in job postings and keep job descriptions and wage records for two years after an employee leaves the company. Advocates for equal pay say that salary transparency is a powerful tool in closing the wage gap between men and women. Companies that implement pay transparency tend to have a lower wage gap at all job levels, the salary data site PayScale found in a 2020 study. A […]

The post Cyber job listings excluded Colorado workers after salary transparency law went into effect appeared first on CyberScoop.

Continue reading Cyber job listings excluded Colorado workers after salary transparency law went into effect

How Public Cybersecurity Companies Performed in 1H 2021

A good way to monitor the overall health of the IT security industry is to track the publicly traded companies in the space. I previously reported on the performance of 20 cybersecurity companies in 2020. This is an update on those 20 companies with t… Continue reading How Public Cybersecurity Companies Performed in 1H 2021

Ignorance is Bliss… for Hackers

Imagine standing in front of the CEO and company board of directors, asking them for a check for an obscene amount of money to pay off hackers that are holding critical data hostage and disrupting the company business. 
I am sure many of you are cring… Continue reading Ignorance is Bliss… for Hackers

Claroty raises $140M to expand into new regions and enhance its product portfolio

Claroty announced it has secured $140 million in a Series D financial round. The round marks the largest investment ever made within the industrial cybersecurity sector, establishing Claroty’s market leadership as the world grapples with an uptic… Continue reading Claroty raises $140M to expand into new regions and enhance its product portfolio

Cybersecurity Threats, Like the Pandemic, Still Lurk

The CrowdStrike 2021 Global Threat Report called 2020 one of the most active years in recent memory for those tasked with stopping breaches and protecting organizations against cyberattacks, provided details on trends that emerged throughout the year … Continue reading Cybersecurity Threats, Like the Pandemic, Still Lurk