Security News

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service. A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around the United States on Thursday says the ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information belonging to identity theft victims, and that "a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees."

The majority of business decision makers are insured against traditional cyber risks, such as breaches of personal information, but most were vulnerable to emerging risks, such as malware and ransomware, revealing a potential insurance coverage gap, according to the Hanover Insurance Group. Most businesses surveyed indicated they had purchased cyber insurance, and more than 70% reported purchasing a policy on the recommendation of an independent insurance agent.

Rockville, Maryland-based startup Sepio Systems, a rogue device mitigation firm, has raised a further $4 million that supplements the Series A round of $6.5 million announced in November 2019. The current chairman of the board, Tamir Pardo, was formerly the director of Mossad, while another advisor is a former CISO with the CIA. The service provided by Sepio is to detect and mitigate any rogue device that has been attached to the corporate infrastructure.

MoleRATs, a politically-motivated threat actor apparently linked to the Palestinian terrorist organization Hamas, has expanded its target list to include insurance and retail industries, Palo Alto Networks' security researchers report. Spear-phishing emails were leveraged to deliver malicious documents - mostly Word documents, but also one PDF - which in turn attempted to trick the intended victim into enabling content to run a macro, or force them into clicking a link to download a malicious payload. The Spark backdoor was used in most of these assaults, allowing the attackers to open applications and run command line commands on the compromised system.

Standard Insurance Company announced that Laxman Prakash has been promoted to assistant vice president and chief information security officer. Prakash joined The Standard in 2011 as director of Information Security and Business Continuity and focused on strengthening the company's information security organization.

Alfresco Software, an open source content, process and governance software company, and Tech Mahindra, a leading provider of digital transformation, consulting and re-engineering services and solutions, announced collaboration on four jointly-developed, transformative insurance solutions. The collaboration combines Tech Mahindra's insurance expertise and experience in the insurance industry with Alfresco's powerful Digital Business Platform to create solutions for risk management, automated underwriting, a self-learning chatbot, and intelligent claims handling.

Coalition, the leading cyber insurance provider for small and midsize businesses, announced it has acquired Internet scanning and cybersecurity pioneer BinaryEdge. Coalition will integrate BinaryEdge's technology with its cyber insurance and security platform, allowing Coalition policyholders to easily map their Internet attack surface, monitor risk exposures in real-time, and proactively fix vulnerabilities so that they can stay one step ahead of their adversaries.

Coalition, a San Francisco-based cyber insurance provider for SMBs, on Wednesday announced that it has acquired internet scanning and threat intelligence services provider BinaryEdge. Coalition is backed by insurers Swiss Re Corporate Solutions, Lloyd's of London, and Argo Group, and it provides customers in the United States up to $15 million of cyber and technology insurance coverage.

DPOs play a pivotal role in an organization's data management health and are required to report directly to the highest level of management. Some tasks that fall under the DPO role include advising on issues around data protection impact assessments, training, overseeing the accuracy of data mapping and responding to data subject access requests.

One of the biggest challenges for CISOs is deciding an indemnity limit on cyber insurance, says Bhishma Maheshwari, executive vice president at insurance broker Marsh India. "A lot of times when we meet the CISOs ... their biggest challenge is how do we arrive at the limit of insurance to buy. Since it is essentially a contingent capital which you are buying, to arrive at the right kind of limit is very important," Maheshwari says in an interview with Information Security Media Group.