NIBS (credit image/Pixabay/ Ryan McGuire)A fairly quiet week in terms of announcements. Meta was forced into a climbdown, albeit potentially temporary, over plans to use EU/EEA user data for its unspecified AI plans. After the intervention of multiple European DPAs and noyb, it announced a pause.

AIM Security secured US$18 million in Series A funding. The money is to help it develop its platform to track and report on what is happening with generative AI and corporate data.

In the first of two podcasts, Enterprise Times talked with Annelise Dubrovsky, Vice President of Product Management at Appian, about Process HQ and Appian’s Data Fabric updates. Dubrovsky talks about how Data Fabric links together all the data sources in an organisation and how it delivers a single security model.

The second podcast was with Karl Van den Bergh, CMO of Gigamon. In that podcast Van den Bergh talks about the challenges that CISOs face trying to wear too many hats. The main part of the podcast, however, looks at the immutable power of network data when it comes to cybersecurity.

FBI

Second member of ViLe pleads guilty

Sagar Steven Singh has pled guilty to conspiring to commit computer intrusion and aggravated identity theft. He is the second member of a hacking group called ViLe to do so.

U.S. Attorney Peace said, “The defendants called themselves ‘ViLe,’ and their actions were exactly that. They hacked into a law enforcement database and had access to sensitive personal information, then threatened to harm a victim’s family and publicly release that information unless the defendants were ultimately paid money.

“Our Office is relentless in protecting victims from having their sensitive information stolen and used to extort them by cybercriminals.”

Four Members of Notorious Cybercrime Group ‘FIN9’ Charged 

Four Vietnamese nationals accused of being members of the cybercrime group FIN9 have been charged in the US. The indictment accuses them of involvement in a series of computer intrusions. The result of which is said to have cost US companies to collectively suffer more than $71 million in losses, U.S. Attorney Philip R. Sellinger announced.

Sellinger commented, “The FIN9 defendants were prolific international hackers who, for years, allegedly used phishing campaigns, supply chain attacks and other hacking methods to steal millions from their victims. They did all of this while hiding behind keyboards, VPNs, and fake identities, and even then, the Department of Justice found them. My office remains committed to its pursuit of justice for victims, and cybercriminals everywhere should take notice.”

National Cyber Security Centre

The NCSC has commented on the publication of data stolen from Synnovis. The data was stolen in a ransomware attack by cybercrime group Qilin. It has already shared almost 400GB of private information on its darknet site, including patient names, dates of birth, NHS numbers and descriptions of blood tests.

Eleanor Fairford, NCSC Deputy Director for Incident Management, said: “The reports of sensitive data being published online by cyber criminals are very concerning and we are working with Synnovis and partners in the NHS and law enforcement to fully investigate.

“While investigations to determine whether sensitive data have been leaked are ongoing, we advise people to remain alert to suspicious messages or calls from would-be fraudsters who might try to exploit the situation.

“To help protect against the impacts of any data breach, we advise individuals to follow our practical advice, available at ncsc.gov.uk.”

ThreatQuotient

There were two partnership announcements this week from ThreatQuotient.

SW2 Inc adds Quaxar to ThreatQuotient platform

S2W Inc plans to accelerate global market expansion by providing its ‘QUAXAR‘ solution on the global threat intelligence platform, ThreatQuotient. This deal has been in the making since last November when ThreatQuotient requested a QUAXAR data integration.

It will see S2W provide vast amounts of threat intelligence-related big data collected from various channels to ThreatQuotient while supporting the derivation of data insights based on AI technology.

Robert Streamer – Regional Director for APAC at ThreatQuotient, said, “This strategic collaboration marks a significant milestone in ThreatQuotient’s mission to expand the reach of our cutting-edge cybersecurity solutions.

“The partnership with S2W enables us to deliver our comprehensive threat intelligence platform and services to organizations across the region, and thanks to S2W’s local expertise and commitment to excellence, customers in Asia can access world-class cybersecurity solutions and services with ease.”

Cybersixgill announces partnership with ThreatQuotient

Cybersixgill has announced a strategic partnership with ThreatQuotient. It will allow ThreatQuotient users to access Cybersixgill’s Dynamic Vulnerability Exploit (DVE) IntelligenceAlerts page, and Darkfeed.

Brandon Gaovongphet, Senior Director of Partner Programs at Cybersixgill, said, “Many security teams lack the resources to collect and analyze large amounts of data. They need security automation and threat intelligence with contextual insights to effectively defend their organizations against the growing number of threats.

“Our partnership with ThreatQuotient gives organizations real-time, actionable threat and vulnerability intelligence so they can proactively analyze, investigate, and respond to threats as they emerge and maintain cyber resilience.”

US Department of Justice

Consulting companies to pay $11.3M

Guidehouse Inc. has paid $7,600,000 and Nan McKay and Associates (Nan McKay),  $3,700,000 over allegations that they violated the False Claims Act. The companies admitted to breaching cybersecurity requirements in federal contracts. Those contracts were part of the emergency rental assistance program (ERAP) and took place during the COVID-19 pandemic.

The two companies were responsible for cybersecurity testing of the ERAP Application before it was launched. They have admitted that such work was not carried out. The result of their inaction meant New York’s ERAP site was shut down by the Office of Temporary and Disability Assistance (OTDA) after just 12 hours when PII had been compromised.

Guidehouse also admitted that for a short time period in 2021, it used a third-party data cloud software program to store personally identifiable information without first obtaining OTDA’s permission, in violation of its contract.

Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, said, “Federal funding frequently comes with cybersecurity obligations, and contractors and grantees must honor these commitments.

“The Justice Department will continue to pursue knowing violations of material cybersecurity requirements aimed at protecting sensitive personal information.”

Adobe and two Adobe executives face a civil suit

The Justice Department, together with the Federal Trade Commission (FTC), have launched a civil enforcement action against Adobe Inc. and two Adobe executives, Maninder Sawhney and David Wadhwani. They are jointly charged with alleged violations of the Restore Online Shoppers’ Confidence Act (ROSCA).

The lawsuit is about hidden early termination fees and making it difficult to cancel subscriptions. The detail is about the fine print, and hyperlinks were used to avoid customers knowing about early termination fees. It is also alleged that they used the fee to make customers stay.

Adoove was the first major vendor to move from boxed products to subscriptions, which has significantly boosted the revenue for the company. It has since become the norm for software companies, and this case will be watched by other software companies.

Adobe trapped customers into year-long subscriptions through hidden early termination fees and numerous cancellation hurdles,” said Director Samuel Levine of the FTC’s Bureau of Consumer Protection. “Americans are tired of companies hiding the ball during subscription signup and then putting up roadblocks when they try to cancel. The FTC will continue working to protect Americans from these illegal business practices.”

Security news from the week beginning 10 June 2024

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here