Trouble viewing this email?  View in web browser ›
The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by NetscoutNetscout

Hacker's SEC Stunt Is No Cause for Panic

By Kim S. Nash
 

Hello. I’ve been following the back and forth between AlphV and fintech firm MeridianLink, where the hacking group apparently filed a complaint with the Securities and Exchange Commission saying the company failed to notify the regulator of a cyberattack.

Under new SEC rules, a company must disclose a cyber incident within four days of deeming it material. The materiality designation starts the clock. (See our explainer, here.) 

Keep in mind the rules don’t go into effect until mid-December. More importantly, the hackers can't tell if their attack will be material for MeridianLink. The company said Monday it found unauthorized access to one user’s account and shut down the intruder. 

“Our forensic investigation confirms that the threat actor did not access MeridianLink’s networks, servers, databases, integrations, or any part of our customer product platforms,” the company said in a statement. No malware, including ransomware, was deployed.

I asked a MeridianLink spokeswoman whether the incident is or will be deemed material. She said the investigation is continuing and notifications, should they be required, will be done.

Don’t get me wrong: A stunt like AlphV’s jacks up pressure on hacked companies. But it’s no cause for panic.

More news:

  • Third time's a charm for North Korea's spy satellite
  • Binance to pay $4.3 billion and founder steps down
  • Boeing shares details of Citrix Bleed attack
  • Virtual credit cards can guard against security threats

Please note: The WSJ Pro Cybersecurity newsletter will take a break for Thanksgiving and will be back in inboxes on Monday.
 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 

‏‏‎ ‎
CONTENT FROM: Netscout

AI-Powered Adaptive DDoS Protection

Modern DDoS attacks can dynamically change, necessitating advanced detection and mitigation. Artificial intelligence offers the capability to mitigate attacks that are below most alarm thresholds while also detecting and adapting to these evolving attack patterns in real-time.

Learn More
 

Enforcement

PHOTO: BENOIT TESSIER/REUTERS

Guilty, fined: Changpeng Zhao, founder of Binance, stepped down and pleaded guilty Tuesday to violating criminal U.S. anti-money-laundering requirements, in a deal that might preserve the crypto exchange’s ability to continue operating. Binance agreed to pay fines totaling $4.3 billion, which includes amounts to settle civil allegations made by regulators. (WSJ)

Seized: The Justice Department said it seized nearly $9 million worth of Tether cryptocurrency associated with online scams known as “pig butchering.” Some of the crypto is linked to complaints that individuals made to the FBI. 
Alt text.

🎧 Listen: A Texting Scam Called ‘Pig Butchering’ Is Costing Victims Millions

WSJ cybersecurity reporter Robert McMillan joins host Zoe Thomas to discuss how it works and how to avoid it.
Listen Now
 

More Cyber News

PHOTO: GIUSEPPE CACACE/AGENCE FRANCE-PRESSE/GETTY IMAGES

Boeing shares hack details with U.S. cyber agency. Hackers targeted aerospace and defense giant Boeing through a lingering vulnerability in Citrix Systems software, according to the Cybersecurity and Infrastructure Security Agency. Boeing's global services business was disrupted early this month when LockBit hackers exploited an unpatched bug known as Citrix Bleed. 
  • Organizations should patch Citrix Bleed immediately or risk hackers hijacking legitimate user sessions and moving through corporate networks, CISA and other U.S. officials said Tuesday in an alert jointly issued with counterparts in Australia.

ILLUSTRATION: JON KRAUSE

Holiday shopping: Companies such as Capital One, Citibank and American Express can generate a virtual-card number for an individual purchase when customers are concerned about the security of using regular cards. 
  • This free service uses permanent credit-card accounts to generate unique numbers, verification codes and expiration dates. Read more from WSJ.
 

Privacy & Surveillance

PHOTO: AHN YOUNG-JOON/ASSOCIATED PRESS

North Korea said it had placed its homegrown spy satellite into orbit, a much-anticipated attempt after a pair of failed tries this year. The launch had drawn extra attention because satellites represent a core pursuit of the deepening military coordination between North Korea and Russia. Get the full WSJ story. 

AutoZone and Enstar unit disclose MoveIt-related breaches. Aftermarket auto parts maker AutoZone and the U.S. unit of re-insurer Enstar Group said the personal data of customers was exposed when hackers hit Progress Software's file-transfer tool, MoveIt, in May. Nearly 65,000 Enstar customers and close to 185,000 AutoZone customers were affected, according to notices the companies sent to state attorneys general. 
 
Advertisement
 

About Us

The WSJ Pro Cybersecurity team is Deputy Editor Kim S. Nash (on X @knash99), reporter James Rundle and reporter Catherine Stupp (@catstupp). Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2023 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe