|
|
|
|
|
Cyber Daily: Cybersecurity Investments Are No Longer Optional, Officials Warn
|
|
|
|
|
|
Hello. A mix of regulation, investor demands and insurance requirements is pushing companies to elevate the oversight of cybersecurity, my colleague, James Rundle, reports today.
Cyber officials are signaling a growing impatience with companies that fail to use adequate defenses and are later hacked. In ransomware attacks, in particular, said Lindy Cameron, chief executive of the U.K. National Cyber Security Centre, some companies are all too ready to pay to restore their data, which in turn feeds the issue.
Customers and shareholders are also adding to the pressure, including with costly lawsuits after serious breaches, said Brandon Wales, executive director at the Cybersecurity and Infrastructure Security Agency. Read the full story.
More news below, including:
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
You Can’t Manage What You Can’t See
In today’s hybrid work environment, gaps in visibility can create chaos in your network. NETSCOUT’s Smart Edge Monitoring fills those gaps, assuring performance and user experience.
Learn More
|
|
|
|
|
|
|
|
|
PHOTO: MANDEL NGANMANDEL NGAN
/AGENCE FRANCE-PRESSE/GETTY IMAGES
|
|
|
Happening Wednesday: Assessing cyber risk in the water sector is the topic of a hearing of the House Homeland Security Committee. Craig Fugate, former administrator of the Federal Emergency Management Agency (pictured), is due to testify, with water and climate experts. Tune in here at 10 a.m. ET.
|
|
|
Uber says it was breached by Lapsus$, a teenage hacking group motivated by fame over money.
Over the past year, some of the world’s biggest technology companies have been bested by an international group of hackers—some of them teenagers—whose motivations seem at times unusual, said security experts who have investigated the episodes.
Who are Lapsus$ victims? Cisco Systems Inc., Microsoft, Nvidia Corp., online access management vendor Okta Inc., Samsung Electronics Co. and others.
Who is Lapsus$? The group likely includes members from Brazil and the U.K.—several of them teenagers—according to security researchers and law-enforcement officials. "They’re basically children who grew up in online communities that groom children to do cybercrime,” said Allison Nixon, chief research officer at the cybersecurity firm Unit 221B.
👉 Read the full story, including how the group manages to penetrate tech companies.
|
|
|
“This needs to be driven at the board level.”
— Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency, noting that cybersecurity isn’t as ingrained in corporate thinking as it should be. Mr. Wales spoke Tuesday at the WSJ CIO Network Summit. Read more here.
|
|
|
|
|
|
Crypto market maker Wintermute was hacked for about $160 million in its decentralized-finance operations, Chief Executive Evgeny Gaevoy tweeted on Tuesday. Mr. Gaevoy said the firm is open to treating the hack as a “white hat” or ethical hacking and asks the attacker to get in touch. (WSJ)
|
|
U.K.-based digital bank Revolut told European regulators that a hack of its database exposed sensitive data for more than 50,000 customers.
|
|
|
"Cybercriminals. That's crazy to me."
|
— A resident of Suffolk County, N.Y., commenting on a Sept. 8 cyberattack on local government systems. The county continues to work on recovery. (CBS News)
|
|
|
|
|
|
|
Morgan Stanley Paying $35 Million to Settle Claims of Failing to Protect Customer Records
The case involves computer servers and hard drives allegedly discarded without ensuring they no longer held sensitive customer information, the Securities and Exchange Commission said. Morgan Stanley also lost track of 42 computer servers that potentially contained unencrypted customer data, the SEC said. Morgan Stanley agreed to pay the fine without admitting or denying wrongdoing. A Morgan Stanley spokesperson said the firm was pleased to resolve the investigation. (WSJ)
|
|
Twitter Sued After Accusations of Cyber Failings
Shareholders sued Twitter and several senior executives last week, alleging that shortcomings in data protection and disclosure harmed the company in the market and exposed investors to potential damage. The suit draws from accusations from the former head of security at the company, who has filed whistleblower complaints with regulators and lawmakers. Twitter has said the whistleblower's claims are “riddled with inconsistencies and inaccuracies.” (Security Magazine)
|
|
|
Chinese Cargo-Data Network Poses Growing Risks, U.S. Analysis Says
A congressional advisory body is urging legislators to strengthen U.S. defenses against China’s growing control of digital information related to global shipping and cargo, warning it could undermine national security and businesses.
|
|
|
-
The U.S.-China Economic and Security Review Commission, in a report to be issued this week, focuses on Chinese cargo-data network Logink, which aggregates information about freight and shipping lines in China and other countries. (WSJ)
|
|
|
450,000
|
Number of users in China and at dozens of giant ports worldwide who provide input to Logink, an aggregator of freight and shipping data overseen by China’s Ministry of Transportation.
|
|
|
|
|
|
|
|