Keeping up with the world of cybercrime is important but can often feel overwhelming for security practitioners. Leaky Weekly is a podcast hosted by security researcher Nick Ascoli as he dives into the most pressing stories on data leaks, cybercrime, and the dark web in the last week or so. On this episode of Leaky […]
The post Dark Web Forum Arrests, Columbus Ransomware Attack Updates, and American Background Info Data Leak appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.
The post Dark Web Forum Arrests, Columbus Ransomware Attack Updates, and American Background Info Data Leak appeared first on Security Boulevard.
Application programming interface (API) vulnerabilities surged 21% in the third quarter, with cloud-native infrastructure increasingly targeted by cybercriminals, according to Wallarm’s Q3 2024 API ThreatStats report.
The post API Vulnerabilities Jump 21% in Third Quarter appeared first on Security Boulevard.
The SEC has fined four major companies for materially misleading investors regarding cyberattacks.
Tech in TroubleRegulatory actions have been brought against Unisys, Avaya, Check Point, and Mimecast for their purposeful decisions to not clearly inform customers and shareholders of the attacks and breaches they suffered as part of the SolarWinds cyberattack.
The SEC concluded that these companies were purposely vague by framing their cybersecurity risk factors hypothetically or discussing them in generic terms, even after knowing the issues were present and material.
Reporting material issues to shareholders is a requirement for public companies, so investors will have the same information to make decisions as the insiders of the company.
Jorge G. Tenreiro, acting chief of the Crypto Assets and Cyber Unit, warned that “downplaying the extent of a material cybersecurity breach is a bad strategy”.
The result of this investigation is that Unisys Corporation is fined $4 million as a civil penalty for misleading disclosures and a failure to maintain proper controls over its public statements. Check Point, Avaya, and Mimecast were fined close to $1 million each for similar reasons.
Message to CISOsThe message to boards, C-suites, and especially Chief Information Security Officers (CISOs) is clear — report material breaches as required by the governing regulations. Misleading or false statements are not acceptable.
Sanjay Wadhwa, Acting Director of the SEC’s Division of Enforcement, stated “…while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered”
Security must be seen as a center of trust. Ethical representations of risks and impacts are the foundation. This includes messages and formal notifications to shareholders and customers. CISOs must recognize their new responsibilities and actively navigate conflicts of interest they experience, and honor their duties.
SEC Press Release: https://www.sec.gov/newsroom/press-releases/2024-174
The post SEC is Not Accepting Half-Truths appeared first on Security Boulevard.
In this episode, Paul Asadoorian and Matt Johansen discuss the recent targeted attacks by Chinese threat actors, particularly focusing on the Volt Typhoon group. They explore the implications of back doors in cybersecurity, the role of ISPs, and the ongoing tension between privacy and security. The conversation delves into historical contexts, the evolution of threat […]
The post BTS #40 - Backdoors in Backdoors - Matt Johansen appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.
The post BTS #40 – Backdoors in Backdoors – Matt Johansen appeared first on Security Boulevard.