Third Party Risk Pulse: Credit Unions Read more →

In the News

2021

The Colonial Pipeline Hackers Are One Of The Savviest Criminal Startups In A $370 Million Ransomware Game | Forbes

May 12, 2021

When Colonial Pipeline took its gasoline lines down following a successful cyberattack last week, it became the most high-profile victim of a hacking group called DarkSide.

Read more

Bringing Clarity To The Messy World Of Corporate Ransomware | PYMNTS.com

May 12, 2021

In between the most high-profile cases exists a trove of nearly countless ransomware attacks targeting businesses of all types and sizes. The threat is growing so much, said Black Kite Chief Security Officer Bob Maley, that he now describes the risk as an “epidemic.

Read more

Third-Party Ransomware Risk Is Real, but Black Kite’s Latest Tool Can Help | VentureBeat

May 4, 2021

A new assessment service from cybersecurity ratings provider Black Kite will let enterprise defenders know which of their third-party partners and vendors could be vulnerable to a ransomware attack.

Read more

Babuk ransomware group emerges with new claims against U.S. companies | Cybersecurity Dive

March 26, 2021

Researchers at Black Kite — who have been monitoring the group’s activities and seen many of the posted documents — say the group is a “legitimate threat” and confirm that Babuk has aggressively threatened to share information, including to hostile nation states.

Read more

Threat data sharing considered critical to defense amid rise in sophisticated attacks: report | Cybersecurity Dive

March 24, 2021

As the IT industry works with federal lawmakers to respond to a spate of sophisticated attacks against the U.S., a report from the Ponemon Institute shows nearly 80% of security professionals consider threat data essential to maintaining a strong cybersecurity posture.

Read more

Leaked employee credentials, older software could put credit unions at risk | Bank Automation News

March 23, 2021

As credit unions increasingly pivot to digital platforms and solutions, flaws in their cyber meshes may become an expensive point of weakness. Credit unions face risks associated with out-of-date operating systems and employee credentials leaked onto the dark web, according to a report released last week by cyber-risk rating platform Black Kite.

Read more

The financial impact of cybersecurity vulnerabilities on credit unions | Help Net Security

March 22, 2021

Cybersecurity vulnerabilities among credit unions and their vendors create the potential for large financial impacts to the credit union industry, according to a Black Kite report.

Read more

After Review, Cybersecurity Firm Gives CUs, Vendors a ‘B’ Grade; Says Vulnerabilities Were Found | CU Today

March 18, 2021

A new report from a cybersecurity firm based of a sample of credit unions and vendors offers a “B” grade for their state of security, meaning “cyber breaches would require the skills of persistent, highly experienced hackers.”

Read more

Report: Nearly half of all credit unions at increased risk of cyberattack | Credit Union Journal | American Banker

March 17, 2021

Roughly half of all credit unions and more than half of their vendors could have critical vulnerabilities in their technology that leave them at increased risk of cyberattacks. That’s according to a new report from Black Kite, a firm that creates cyber risk-rating profiles. The company analyzed the cybersecurity positions of 250 federally insured credit unions and 150 vendors that serve the industry.

Read more

Qualys Is the Latest Victim of Accellion Data Breach | Dark Reading

March 4, 2021

Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.

Read more

Qualys confirms data breach related to Accellion after documents leak | Cybersecurity Dive

March 4, 2021

Cloud security firm Qualys confirmed it was the subject of a data breach related to the zero-day exploit in the Accellion FTA file transfer platform, which the cybersecurity firm used for customer support, the company announced Wednesday.

Read more

Will Boston lose its competitive edge in a work-from-home world? | The Boston Globe

February 2, 2021

Executives say they’re not worried about a California-style exodus taking place here, at least not yet. Tech companies are heading for the exits in California. Wall Street tycoons are packing their bags to catch some Florida sunshine. So, a big question looms for Boston’s business community: Will we be next? The most common answer you’ll hear: So far, no.

Read more

Cyber risk ratings startup moves HQ to Boston | BostInno

January 11, 2021

The cybersecurity hub of Boston has attracted another startup to its ranks. Cyber risk ratings startup NormShield has rebranded as Black Kite and moved its headquarters from Vienna, Virginia — just outside Washington, D.C. — to The Yard, a coworking space at 120 St. James Ave. in the Back Bay.

Read more

The siege of the U.S. Capitol was a disaster for congressional cybersecurity — and experts say Congress will likely have to wipe all its computers and rebuild from scratch | Business Insider

January 7, 2021

The looting of the U.S. Capitol on Wednesday by a mob of Trump supporters has also caused a cybersecurity disaster that the federal government must address, according to experts.

Read more

The physical breach of the Capitol building opens a cybersecurity Pandora’s box | SC Media

January 7, 2021

The insurrection at the U.S. Capitol Wednesday, which saw rioters storm the building and reportedly steal devices belonging to government officials, opened what one cybersecurity expert has called a Pandora’s box of national security and data privacy issues.

Read more

2020

Phishing sites promising COVID-19 cure hyped by Trump soar | Micky

April 21, 2020

Hundreds of fraudulent websites were discovered as the public took an interest in antimalarial drugs chloroquine and hydroxychloroquine hyped by public figures. A report conducted by researchers in NormShield showed that hundreds of shady coronavirus-related websites have been operating and profiting off the pandemic since January.

Read more

Fake COVID-19 medication websites on the rise, stealing money and information | WCNC

April 16, 2020

Scammers are claiming they have medication to protect against or treat coronavirus.

Read more

Coronavirus misinformation seeds ground for digital scams | Axios

April 15, 2020

Researchers at cybersecurity auditor NormShield found a massive uptick in the first three months of 2020 for new domains that make reference to chloroquine and hydroxychloroquine.

Read more

Hundreds of new, shady websites are pushing chloroquine scams: report | Business Insider

April 14, 2020

Scammers are creating hundreds of shady websites to trick people searching for information about certain drugs with shaky links to COVID-19 treatment, according to a new report.

Read more

Beware of Shady Websites Pushing Pharmaceuticals for COVID-19 | Security Boulevard

April 10, 2020

Researchers from NormShield looked for websites using the names of 10 drugs commonly discussed in recent months. The team claims to have found “a dramatic spike” in the number of sites set up to capitalize on the anxiety caused by the pandemic.

Read more

Cybercriminals capitalize on COVID-19 fears, push shady websites, pharmaceuticals | Help Net Security

April 10, 2020

NormShield researchers looked for websites using the names of 10 commonly discussed drugs over the last several months. They found a dramatic spike in the number of sites generated to get the attention of scared shoppers looking for coronavirus cures.

Read more

Election security training goes online | POLITICO

April 9, 2020

An ambitious, Google-backed election security training initiative has had to adapt its plans during the pandemic by taking it online. Internet voting is inherently unsafe, warned a group of security experts and good-governance groups. A wide assortment of advocacy groups and companies recommended policy and enforcement steps to deal with coronavirus scams, including cyber-based ones.

Read more

The Cybersecurity 202: Mail-in voting surge is already facing time crunch in run-up to November election | The Washington Post

April 9, 2020

Time’s running short for states and counties to prepare for a possible massive surge of mail-in voting in November prompted by the coronavirus pandemic.

Read more

Untangling Third-Party Risk (and Fourth, and Fifth…) | Dark Reading

March 30, 2020

Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.

Read more

The Great Fake: Scammers are luring shoppers to fake websites and sellers | WKYC

March 6, 2020

Shoppers don’t find out until after they hand over their money.

Read more

How Cybersecurity’s Metrics of Misery Fail to Describe Cybercrime Pain | Dark Reading

January 2, 2020

Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.

Read more

2019

Tehran-connected hackers again target higher ed, researchers conclude | POLITICO

September 11, 2019

Iranian government-linked hackers notorious for targeting universities have sprung another round of phishing attacks, researchers found. John Bolton’s legacy as President Donald Trump’s national security adviser is a hawkish stance in cyberspace that a successor is unlikely to undo. A House Armed Services Committee member sought clarification on DoD’s positions on encryption.

Read more

The Cybersecurity 202: How counties are war-gaming Election Day cyberattacks | The Washington Post

September 11, 2019

If Russian hackers seek to disrupt the 2020 election, it will be county election officials on the front lines. And some are diving in to war games so they can be ready for anything Moscow or another U.S. adversary can throw at them.

Read more

States still not up to snuff on election security, researchers warn | POLITICO

September 10, 2019

DState election commissions are running old software and prone to email attacks, according to a study out today. There are some positive signs, too. Two panels today will look at how federal agencies are bolstering the fundamentals of internet security, with witnesses from three departments testifying. A judge issued a major ruling on the prevailing U.S. cybercrime law, with the court favoring a narrower interpretation.

Read more

The Cybersecurity 202: How state election officials are contributing to weak security in 2020 | The Washington Post

September 10, 2019

It’s not just a question of paper ballots. The offices charged with administering elections across the country are falling short on a slew of basic cybersecurity measures that could make the 2020 contest far more vulnerable to hacking, according to a report out this morning.

Read more

Elections officials flub some basic security tasks | Axios

September 10, 2019

State elections officials struggle with some of the basics of office cybersecurity, according to a new report from cybersecurity auditor Black Kite.

Read more

Report: Growing wave of phishing attacks targets banking customers | Inside CyberSecurity

August 15, 2019

The security firm NormShield found a double-digit rise in phony “phishing” domains targeting customers of large banks, a trend the financial services industry says it is countering thorough enhanced security and education efforts.

Read more

Hackers Subvert Security Checks Like the Browser Padlock | WSJ

August 15, 2019

Recent attacks have shown that cybercriminals have co-opted techniques and tools that people commonly use to distinguish real communications and websites from fake ones, such as the padlock in a browser window. Traditional defenses have become part of an attacker’s arsenal.

Read more

Coalition presses to change surveillance law | POLITICO

August 14, 2019

Major cybercrime groups are collaborating and operating in a savvier way in response to law enforcement crackdowns, a report out today concludes. Cybercriminals also appear to be increasingly targeting customers of the world’s largest banks, according to new data.

Read more

Financial Phishing Grows in Volume and Sophistication in First Half of 2019 | Dark Reading

August 14, 2019

Criminals are using the tools intended to protect consumers to attack them through techniques that are becoming more successful with each passing month.

Read more

The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet | The Washington Post

August 14, 2019

In a Cosmopolitan hotel suite 16 stories above the Def Con cybersecurity conference this weekend, a team of highly vetted hackers tried to sabotage a vital flight system for a U.S. military fighter jet. And they succeeded.

Read more

Sprint Reveals Account Breach via Samsung Website | Dark Reading

July 17, 2019

The last-June breach exposed data including names, phone numbers, and account numbers.

Read more

Get Ready For A Ransomware Tsunami | Forbes

July 3, 2019

OK, maybe you can’t say the two cities in Florida hit with ransomware a few weeks ago dodged a bullet, but at least they dodged the digital equivalent of a cruise missile … right?

Read more

Cyber firm examines supply-chain challenge in securing election ecosystem | Inside CyberSecurity

April 22, 2019

State election officials are doing a better job of securing systems but still need to pay more attention to “internet facing infrastructure” and possible weak links in their supply chains, according to a new report from Black Kite, a cybersecurity firm that develops risk scorecards for companies.

Read more

$20 Million Investment Round Shows Growth of Risk | Dark Reading

April 8, 2019

The Series B investment supports a company bringing risk assessment to businesses in business terms.

Read more

Ready to get started?