Medtronic is recalling its entire line of MiniMed 600 Series insulin pumps due to a cyber vulnerability. (Photo: Medtronic)

Medtronic Recalls Certain Insulin Pumps Due to Cyber Flaw

Marianne Kolbasuk McGee • September 21, 2022

Federal authorities have issued urgent advisories - and Medtronic a voluntary product recall - about a cybersecurity flaw in some of the company's insulin pumps. If exploited, the flaw could result in patients receiving too little or too much insulin, which in extreme cases could result in death.

►

Cybercrime

CISA Warns of Contec Patient Monitoring Device Flaws

Latest

Governance & Risk Management

Fortinet, VMware, Cisco Drive SD-WAN Gartner Magic Quadrant

Michael Novinson • September 23, 2022

Perennial leaders Fortinet and VMware and a surging Cisco set themselves apart from the pack in SD-WAN, according to the latest Gartner Magic Quadrant. Fortinet and VMware again took the gold and silver in ability to execute, with Cisco leapfrogging both Versa and Palo Alto to capture the bronze.

Multi-factor & Risk-based Authentication

ISMG Editors: How a Teen's Hack of Uber Adds to MFA Crisis

Anna Delaney • September 23, 2022

In the latest weekly update, ISMG editors discuss the industrywide implications of a teenager hacking into Uber's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter.

Breach Notification

Uber Ex-CSO's Trial: Who's Responsible for Breach Reporting?

Mathew J. Schwartz • September 23, 2022

Should the now-former CSO of Uber have reported a security incident to authorities after discovering signs of unusual behavior? That's one of the big questions now being asked in the closely watched trial of Joe Sullivan, who's been charged with covering up a data breach and paying off hackers.

Security Operations

Malwarebytes Gets $100M Weeks After Laying Off 14% of Staff

Michael Novinson • September 22, 2022

Private equity firm Vector Capital invested $100 million in Malwarebytes a month after the antivirus stalwart laid off 125 employees to focus on smaller customers. The funds will help the vendor reduce clients' attack surfaces and accelerate momentum with MSPs and channel partners.

Security Operations

Darktrace's Nicole Eagan on How AI Predicts, Prevents Hacks

Michael Novinson • September 22, 2022

Darktrace's Cybersprint acquisition allowed the cybersecurity AI vendor to move from focusing solely on internal threats to also defending the external attack surface, Nicole Eagan says. The company says AI will give an outside-in view of the victim and simulate how the attacker will behave.

Cyberwarfare / Nation-State Attacks

Iranian Hackers Accessed Albania's Network for 14 Months

Prajeet Nair • September 22, 2022

Iranian hackers rambled across the Albanian government's network for 14 months before launching a ransomware and disk wiper attack in July, says the U.S. government. Iran exploited a Microsoft SharePoint vulnerability to gain access and then harvested credentials and exfiltrated data.

Leadership & Executive Communication

Profiles in Leadership: Errol Weiss

Tom Field • September 22, 2022

Errol Weiss, chief security officer of Health-ISAC for the past three years, watched the healthcare sector undergo a historic revolution in the digital delivery of services to patients. Also in that time, the attack surface grew exponentially. How can entities best defend it?

Endpoint Security

It's 2022. Do You Know Where Your Old Hard Drives Are?

Anna Delaney • September 22, 2022

The latest edition of the ISMG Security Report discusses financial giant Morgan Stanley's failure to invest in proper hard drive destruction oversight, the future of ransomware and the gangs that have attacked organizations in recent years, and the methods required to secure new payments systems.

Governance & Risk Management

Public Water Systems at Cybersecurity Risk, Lawmakers Hear

David Perera • September 21, 2022

Public water systems in the United States will continue connecting control systems to the internet despite the risks, members of the House Homeland Security Committee heard today. Water systems need network connectivity for remote repairs, said an official with the National Rural Water Association.

Big Data Security Analytics

SentinelOne's $100M Venture Capital Fund Seeks Data Startups

Michael Novinson • September 21, 2022

SentinelOne is taking on top rival CrowdStrike in the venture arena, unveiling a $100 million fund to support security and data startups of all sizes. S Ventures will give the company broader reach in adjacent markets and enable high-value integrations that can grow over time.

Data Masking & Information Archiving

Morgan Stanley's Hard Drive Destruction Investment Failure

Mathew J. Schwartz • September 21, 2022

Financial services giant Morgan Stanley will pay a $35 million fine to settle U.S. Securities and Exchange Commission charges that it failed to comply with rules requiring it to safeguard customer data as well as ensure it is disposed of properly.

Leadership & Executive Communication

Deep Instinct Snags Former Palo Alto, Zscaler Exec as CEO

Michael Novinson • September 20, 2022

Deep Instinct has tasked the former CEO of Palo Alto Networks and COO of Zscaler with reworking the company's go-to-market strategy to better serve large enterprises. The company has moved longtime executive Lane Bess from the executive chair to the CEO's seat to recruit experienced sales leaders.