Ash Kulkarni, CEO, Elastic (Image: Elastic)

Elastic Lays Off Nearly 400 Employees as SMB Spend Dwindles

Michael Novinson • December 1, 2022

Security, observability and search vendor Elastic will shrink its workforce by 13% due to small and medium businesses reducing their purchases amid the economic downturn. Elastic will lay off nearly 400 of its 3,056 employees as it adopts an automated, low-touch motion for SMB customers.

Artificial Intelligence & Machine Learning

Cybercrime Forum Dumps Stolen Details on 5.4M Twitter Users

Latest

Governance & Risk Management

HHS: Web Trackers in Patient Portals Violates HIPAA

Marianne Kolbasuk McGee • December 1, 2022

Federal regulators issued a warning to healthcare entities and their tech vendors that the use of tracking code embedded in patient portals that transmits patient information to third-parties could be a violation of HIPAA, and punishable with monetary fines.

Identity & Access Management

LastPass Breach Exposes Customer Data

Prajeet Nair • December 1, 2022

Hackers stole customer information but not passwords when they broke into password manager LastPass' third-party cloud storage service, the company disclosed. An unauthorized party used information stolen during a dayslong incident in August to exfiltrate the data.

Fraud Management & Cybercrime

Ransom Realpolitik: Paying for Data Deletion Is for Suckers

Mathew J. Schwartz • December 1, 2022

Ransomware-wielding attackers have myriad tactics for extorting victims, including demanding a stand-alone ransom for a promise to delete stolen data. But Coveware's Bill Siegel urges victims to never pay for such promises, in part because they rarely - if ever - get honored.

Fraud Management & Cybercrime

Why Ransomware Victims Avoid Calling It 'Ransomware'

Anna Delaney • December 1, 2022

The latest edition of the ISMG Security Report discusses why too few organizations admit to being victims of ransomware attacks, how delayed enterprise subscription start dates forced CrowdStrike to cut sales forecasts, and leveraging threat intelligence to protect critical infrastructure.

Governance & Risk Management

A Look Ahead: John Kindervag's Zero Trust Outlook for 2023

Tom Field • November 30, 2022

The foundation of a landmark presidential executive order and now a standard embraced by governments and enterprises globally, zero trust has come far in the past two years. Zero trust creator John Kindervag offers a progress report and insight into the key trends he sees shaping the new year.

Endpoint Security

Acer Fixes Bugs That Enable Attackers to Bypass Secure Boot

Prajeet Nair • November 30, 2022

Acer fixed high-severity bugs that hackers could use to disable the secure boot in several laptops built by the Taiwanese manufacturer. The vulnerability could give threat actors control over operating system boot processes and allow them to disable some protection mechanisms.

Fraud Management & Cybercrime

Brooklyn Hospitals Decried for Silence on Cyber Incident

Marianne Kolbasuk McGee • November 30, 2022

As three Brooklyn safety net hospitals grapple with the aftershocks of a Nov. 19 cyber incident, sources say other area hospitals are complaining about a lack of transparency. One Brooklyn Health System has been tight-lipped about the cause of the outage, which is suspected to involve ransomware.

Blockchain & Cryptocurrency

UK Court Orders Crypto Firms to Share Data to Track Thieves

Rashmi Ramesh • November 30, 2022

A British judge ordered cryptocurrency trading platforms to divulge the identities of account holders accused of holding funds stolen from an English digital assets exchange. A change in civil procedure makes it easier for English judges to subpoena foreign entities in cases of financial fraud.

Fraud Management & Cybercrime

Server Remains Down; India's Premier Healthcare Uses Paper

Prajeet Nair • November 29, 2022

India's flagship combined public medical university and hospital continues to grapple with the fallout of a cyber incident it underwent last Wednesday. Patient care services remain affected as of Tuesday as physicians and staff use manual processes in place of disabled electronic systems.

General Data Protection Regulation (GDPR)

UK Companies Fear Reporting Cyber Incidents, Parliament Told

Akshaya Asokan • November 29, 2022

U.K. businesses shy from involving police in cyber incident response for fear of regulatory consequences, lawmakers sitting on Parliament's Joint Committee on National Security Strategy heard. Allowing businesses to anonymously disclose incidents would result in more data, suggested a witness.

Critical Infrastructure Security

TSA Plans Cyber Risk Regulation for Pipeline and Rail Sector

David Perera • November 29, 2022

The oil pipeline and rail sectors could be required to implement cyber risk management following the Transportation Security Administration's initiation of a rule-making process. The Biden administration is pressuring critical infrastructure operators through voluntary measures and new regulation.

Industry Specific

Why Are HIPAA Fines Down 93% - With Data Breaches Soaring?

Marianne Kolbasuk McGee • November 29, 2022

Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.