This week's roundup of cybersecurity news stories for the week of May 8, 2023.
Stories about cybersecurity attacks and data breaches.
Western Digital Confirms Ransomware Group Stole Customer Information
By Eduard Kovacs - SecurityWeek
Western Digital confirmed that a security breach was found on March 26th that included customer information. Ransomware group Alphv/BlackCat published screenshots showing video calls, emails, documents, internal tools, invoices, and confidential communications. The group is threatening to release customer information, code-signing certificates, and communications unless WD pays the ransom.
1 Million Impacted by Data Breach at NextGen Healthcare
By Ionut Arghire - SecurityWeek
NextGen Healthcare has started to inform 1 million people that their personal information was compromised in a data breach. According to notification letters, the company noticed suspicious activity on its systems on March 30, 2023 and found an unauthorized party had access to those systems between March 29 and April 14. Attackers accessed customer names, addresses, birth dates, and Social Security numbers.
Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up
By Eduard Kovacs - SecurityWeek
Former Uber security chief Joe Sullivan was sentenced on Thursday to three years of probation for covering up a data breach suffered by the ride-sharing giant in 2016. Sullivan was charged in August 2020 and found guilty by a jury in October 2022. Before the sentencing, prosecutors were hoping for 15 months in prison, while the defense wanted probation, which was the ultimate outcome, allowing the former chief security officer (CSO) to avoid prison time. In addition to probation, Sullivan must perform 200 hours of community service as part of the sentencing.
News stories about federal government cybersecurity policy, regulation, and advisories.
Biden, Harris Meet With CEOs About AI Risks
Associated Press
Vice President Kamala Harris met on Thursday with the heads of Google, Microsoft, and two other companies developing artificial intelligence as the Biden administration rolls out initiatives meant to ensure the rapidly evolving technology improves lives without putting people’s rights and safety at risk.
President Joe Biden briefly dropped by the meeting in the White House’s Roosevelt Room, saying he hoped the group could “educate us” on what is most needed to protect and advance society.
CISA Releases One Industrial Control Systems Advisory
CISA
CISA released one Industrial Control Systems (ICS) advisory on May 4, 2023.This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Top US cyber official warns AI may be the ‘most powerful weapon of our time’
By Christian Vasquez - Cyberscoop
CISA Director Jen Easterly said the rapid advances in technologies such as ChatGPT could be used by adversaries to carry out cyberattacks.
Stories related to state and local government cybersecurity.
$1.1M Paid to Resolve Ransomware Attack on California County
Associated Press
A $1.1 million payment was made to resolve a ransomware attack on a California county’s law enforcement computer network. The San Bernardino County Sheriff’s Department announced in April that a “network disruption” was being investigated by information technology staff and forensic specialists and that the FBI and Department of Homeland Security were notified. County spokesperson David Wert said the county paid $511,852 and the remainder was covered by insurance, the news group reported Thursday.
New cybersecurity courses, certifications, and training opportunities.
Google Launches New Cybersecurity Analyst Training Program
By Eduard Kovacs - SecurityWeek
Google announced a new cybersecurity training program for students to prepare for a cybersecurity analyst career and they will receive a professional certificate from Google when they graduate. The new Cybersecurity Certificate is part of the company’s Grow With Google initiative. The program was built by Google experts and it’s hosted by online course provider Coursera.
Surveys, studies, and research related to cybersecurity.
Your voice could be your biggest vulnerability
Help Net Security
AI technology is fueling a rise in online voice scams, with just three seconds of audio required to clone a person’s voice, according to McAfee. McAfee surveyed 7,054 people from seven countries and found that a quarter of adults had previously experienced some kind of AI voice scam, with 1 in 10 targeted personally and 15% saying it happened to someone they know. 77% of victims said they had lost money as a result.
Consumer skepticism is the biggest barrier to AI-driven personalization
Help Net Security
Businesses worldwide are eagerly embracing the potential for AI to provide personalized customer experiences, but customers remain cynical, according to Twilio. 62% of business leaders cite customer retention as a top benefit of personalization, while nearly 60% say personalization is an effective strategy for acquiring new customers.
Cybersecurity teams hampered by economic downturn
SC Media
TechRepublic reports that more cybersecurity vulnerabilities have been reported by 50% of organizations amid layoffs and reductions in security spending brought about by the economic downturn during the past year. Seventy-five percent of companies noted the adverse impact of reduced budgets and frozen security investments on cybersecurity management, and even though 84% of those that had increased vulnerabilities were worried about breaches' financial and reputational damages, 39% and 40% either reduced or plan to cut their security teams, respectively, according to a HackerOne survey.
A roundup of cybersecurity and tech opinion articles from the past week.
RSA 2023: Not Under the GenAI Influence Yet!
By Anton Chuvakin - Anton on Security
Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly) that “there is lots of money in cyberland.” As somebody cynically pointed out to me, a huge booth at the RSA conference doesn’t indicate that the company is doing well — it only indicates that it was doing well 6–8 months ago when they paid for the booth …
The Merck appeal: cyber insurance and the definition of war
By Christopher Burgess - CSO
Pharmaceutical giant Merck’s won an appeal that might see it claim $1.4 billion from insurers due to the NotPetya ransomware attack. The decision hinged on the definition of war and it could also affect how insurance terms are defined in the future.
ChatGPT and the new AI are wreaking havoc on cybersecurity in exciting and frightening ways
By Dan Patterson - ZDNet
Generative artificial intelligence is transforming cybersecurity, aiding both attackers and defenders. Cybercriminals are harnessing AI to launch sophisticated and novel attacks at large scale. And defenders are using the same technology to protect critical infrastructure, government organizations, and corporate networks, said Christopher Ahlberg, CEO of threat intelligence platform Recorded Future.
Not necessarily cybersecurity news, but interesting enough to share.
The ‘Devil Bird’ Lands in New York, With More Likely to Come
By James Crugnale - The New York Times
For two weeks, a strange bird has perched in Brooklyn over the treetops of one of the Three Sisters Islands in Prospect Park Lake. It shows no signs of heading back to the place it most likely came from in the South. Meet the anhinga, a large water bird with a snaky neck that has joined other high-profile vagrant birds in recent years by making a rare appearance outside of its typical migration range.
Why the Ferrari F355 Sounds So Good
By Chris Perkins - Road and Track
The sound is unmistakable—rich, complex, cultured, yet ferocious. Even among Ferraris, the noise emanating from the F355 is unique. After a recent opportunity to drive a manual F355 Berlinetta, fulfilling a childhood fantasy, the noise burnished itself in my brain. I walked away with two wants, a manual F355 Berlinetta—ideally in blue—and to drill down into its specific sound.
41 Madison Avenue, 37th Floor
New York, NY 10010
