Intelligence-led security firm FireEye yesterday announced the acquisition of Respond Software, a company that uses automation to assist customers to comprehend and investigate security incidents. The transaction closed on November 18, 2020, and is valued at approximately $186m in cash and stock.  FireEye said that the acquisition of Respond Software will open new market opportunities to deliver eXtended Detection and Response

A data breach at an Iowa hospital has exposed the Social Security numbers and private medical information of more than 60,000 patients.  Mercy Iowa City began notifying patients on November 13 of a data breach that occurred in spring 2020 after an employee’s email account was accessed by a threat actor.  The hospital detected the breach

by Paul Ducklin If you are a regular Naked Security reader, you’ll know that we generally steer clear of publishing content that deals specifically with Sophos products and services. That’s because our primary goal on this site is to help all of you learn more about cybersecurity by offering information and tips that work whatever

A former Green Beret in the United States Army has admitted passing classified information to Russian intelligence agents. Peter Rafael Dzibinski Debbins was arrested in August 2020 and charged with conspiring to provide United States national defense information to agents of a foreign government. On November 18, the 45-year-old Gainesville, Florida, resident pleaded guilty to the charge and now faces a

by Paul Ducklin Modern telephony is full of anachronisms. For example, we still “dial” calls, and many phone apps still display the word “dialling” while they’re waiting for the person at the other end to pick up. But when was the last time you saw, let alone used, a phone that actually had a dial?

An Oregon county hit by wildfires and a fall surge in Covid-19 cases is now dealing with the fallout from a cyber-attack. Jackson County’s website is currently down following a recent ransomware attack on the county’s web-hosting service provider, Managed.com. The company took down all its servers on Monday after reportedly becoming the latest target of REvil.  A status update issued by

by Paul Ducklin In this episode: we say thanks to companies that refuse to pay ransomware hush money, dig into the new Sophos 2021 Threat Report, and take a quick look inside a malicious Linux kernel driver. Also, a sneak preview of our upcoming podcast interview with bug bounty pioneer Katie Moussouris. With Kimberly Truong,

An Irish cyber-thief has been jailed for his part in a SIM-swap conspiracy that robbed victims of their life savings. Conor Freeman was identified by US Homeland Security as a member of a criminal group that stole over $2m worth of cryptocurrency from multiple victims in 2018. Freeman, of Dun Laoghaire, Dublin, pleaded guilty to stealing cryptocurrency, dishonestly operating a

by Paul Ducklin We know what you’re thinking: “Another year; another vendor; another threat report… …and when I open it, I’ll be stuck in a thinly disguised product brochure.” Well, not this one. We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, Sophos

American telecommunications company Verizon today released its first ever data-driven report on cyber-espionage attacks.  The 2020 “Cyber Espionage Report” (CER) draws from seven years of Verizon “Data Breach Investigations Report” (DBIR) content and more than 14 years of the company’s Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise.  Verizon said that it published the CER

by Paul Ducklin Did you know you can join us for a live cybersecurity lecture every Friday? Just keep an eye on the @NakedSecurity Twitter feed or check our Facebook page on Fridays to find out the time we’ll be on air – it’s usually somewhere between 18:00 and 19:00 UK time, which is late

Data breaches in the healthcare industry are likely to triple in volume in the coming year, according to a new report by Black Book Market Research. The “2020 State of the Healthcare Cybersecurity Industry” report is based on a survey of 2,464 security professionals from 705 provider organizations. Respondents were asked to identify gaps, vulnerabilities, and deficiencies

by Paul Ducklin Japanese video game company Capcom has been in the news recently for all the wrong reasons. The company suffered a ransomware attack earlier this month, apparently at the hands of the Ragnar Locker gang, and has been having a hard time with the criminals since. Rumours have suggested that the crooks opened

An international construction engineering and mobility services company is joining forces with a software business to launch a new center that aims to protect the cybersecurity of the railway industry. The new partnership between France-based Egis Group and Israeli tech company Cylus was announced today along with their plan to construct a Center for Excellence for advanced, rail-focused cybersecurity services. Built in line

A British ticketing company has been financially penalized over a 2018 data breach that exposed the personal information of millions of customers across Europe.  The Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25m for failing to keep its customers’ personal data secure. Ticketmaster issued a data breach notice in June 2018 after a third-party platform provider Inbenta Technologies was infected with