|
|
|
|
|
|
|
|
|
|
Amazon Wants to Be Your Cyber Insurance Liaison
|
|
|
|
|
|
|
|
Hello. Amazon’s AWS cloud unit debuted Wednesday a program designed to cut the time to acquire cyber insurance from weeks to days, via partnerships with brokers and insurers.
AWS customers can let brokers access data from their Security Hub console. This gives potential insurers a list of controls enabled on a particular account and information on vulnerabilities and other details to quickly evaluate against AWS’s security best practices and their own underwriting standards, and provide policy quotes. Get our full story.
Also today: Security company BlueVoyant buys Conquest Cyber and discloses a $140 million funding round that facilitated the deal. Read more.
More news:
-
Water facilities using tech from Israel-based Unitronics are at risk, U.S. officials warn
-
Okta says a breach in October was more serious than it thought
-
CrowdStrike, Splunk beat earnings forecasts
-
Google issues emergency Chrome patch
-
And more
|
|
|
|
|
|
|
|
|
CONTENT FROM: Netscout |
 |
Deploying Adaptive DDoS Defenses for Service Providers
For network services providers, maintaining network and service availability is crucial. Year after year, the size, frequency, and complexity of dynamic DDoS attacks continue to increase, elevating risks for the service provider and their customers. You must have access to timely and actionable threat intelligence to combat the modern DDoS attack or you will jeopardize the security of your service.
Read More
 |
|
|
|
|
|
|
|
|
|
|
|
PHOTO: JOHN LOCHER/ASSOCIATED PRESS
|
|
|
|
|
Water hack: Hackers are actively exploiting an industrial tool common at water-treatment facilities, U.S. officials say. Programmable logic controllers—a rugged industrial computer—from Israeli tech company Unitronics were attacked at a U.S. water site, the Cybersecurity and Infrastructure Security Agency said Tuesday.
|
|
|
-
The Municipal Water Authority of Aliquippa, outside of Pittsburgh, said it was attacked last week in an incident that cybersecurity researchers linked to Iran. The authority shut down certain technology and is operating one pump station manually, CNN reported. An anti-Israel message appeared on a computer at the authority, which now plans to stop using equipment made in Israel, an official said.
-
CISA recommended precautions, such as validating that the Unitronics default password “1111” is not in use. Read the full advisory.
|
|
|
|
|
An October security incident that affected Okta's customer support system was more grave than it originally appreciated, the provider of identity-management software said, Barron's reported. Okta said that it only recently discovered that the “threat actor” in the October breach downloaded a report that includes the names and email addresses of all users of Okta’s customer support system users, affecting most of the company’s customers other than certain federal and Department of Defense systems. The report contained no user credentials or sensitive personal data, the company said.
|
|
|
First American Title Insurance Co. must pay a $1 million fine to New York state regulators for cybersecurity violations related to a 2019 breach of consumer data. First American lacked effective access controls, identity management, and risk-assessment policies and procedures, the New York State Department of Financial Services said. The company, which the department said cooperated with the investigation, agreed to make cyber improvements under a consent order.
|
|
|
Playing a better blame game: The federal Intelligence Advanced Research Projects Activity group, known as IARPA, launched a program to fine-tune the tools and techniques for accurately attributing cyberattacks. Attribution can be tricky as hackers obfuscate and mimic rivals to evade detection.
-
IARPA aims to develop tools for government and commercial forensic investigators to analyze malware source code and other details, and is taking proposals until Jan. 24. (MeriTalk)
|
|
|
Google issued an emergency patch on Tuesday for a zero-day vulnerability in its Chrome web browser. Google's own threat analysis group discovered the bug and reported it Nov. 24. (Bleeping Computer)
|
|
|
|
|
8 Years
|
|
Prison sentence for a 25-year-old Los Angeles man convicted of cyber crimes carried out between 2019 and 2023, including SIM swapping schemes that resulted in $740,000 in losses to victims (SecurityWeek)
|
|
|
|
|
|
|
|
|
|
PHOTO: ANDREW GOMBERT/EUROPEAN PRESSPHOTO AGENCY
|
|
|
|
|
Data breach at discount chain. A tech company that provides workforce analytics to Dollar Tree and Family Dollar said nearly two million individuals associated with the retail chains had their personal data compromised in a security incident in August. Names, dates of birth and Social Security numbers are at risk, Florida-based Zeroed-In Technologies said in a notice to state regulators.
|
|
|
|
|
|
Splunk surpassed revenue forecasts for its fiscal third quarter, ended Oct. 31, as demand grows for AI-powered cybersecurity tools. Revenue topped $1.67 billion for the period, up about 15% from $930 million one year earlier. Splunk shares have risen about 28% since Cisco Systems said in September it would acquire the cyber company in a $28 billion deal.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
