BankInfoSecurity.com

Private Details of Top Trump Officials Found Online Amid Growing Security Scandal
Private contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members’ private accounts and communications.

Palo Alto Networks CTO Nir Zuk predicts Google's security push through its $32 billion buy of Wiz won't succeed, as customers are reluctant to buy multi-cloud tools from cloud vendors. Zuk details how adversaries use LLMs at scale and how Palo Alto is unifying SOC tools under its Cortex platform.

C-Suite Strategies for AI Risk Management, Data Protection
Shadow artificial intelligence has shifted from being an outlier to a workplace staple, bringing risks of data breaches, regulatory violations and expanded attack surface on corporate networks. Shadow AI doesn't just introduce unapproved software: it consumes corporate data to function.

Incident Spotted in March 2024 Is Yet Another Attack Against Medical Billing Firms
A Nebraska-based firm that provides revenue cycle management and billing services to healthcare firms is notifying tens of thousands of people and an undisclosed number of companies that their personal, health and financial information was compromised in a March 2024 hack.

Also: Rapid7's Boardroom Shake-Up, China's Shift Tactical Cyber Shift
In this week's update, ISMG editors unpacked stealth vs. spectacle in ransomware attacks, Rapid7’s boardroom shake-up led by activist investors, and China's shift from cyber espionage to infrastructure sabotage - driving key shifts in global cybersecurity strategy and resilience.

Jason Costain on Ways Traditional and Digital Banks Could Learn from Each Other
Digital-only banks promise speed and sleek digital experiences but are not the best places to handle scam victims. Without branches to visit, victims find themselves stuck in a loop of chatbots, said Jason Costain, former head of fraud analytics and threat management at NatWest Group.

Startup Hits $4.8B Valuation After Series E as It Disrupts VDI, Web Filtering Tools
Island’s enterprise browser platform is gaining traction as a replacement for SASE and legacy VDI and web filtering tools. Backed by $250 million in Series E funding, the startup plans to scale up globally and enhance R&D to support secure, simplified digital work environments.

Max Payout for Bug Bounty Program Up From $20,000 to $100,000
OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000.

State and Local Election Offices Face Growing Cyber Threat Amid Federal Budget Cuts
Top-ranking current and former security officials warned Thursday that President Donald Trump's budget cuts to the Cybersecurity and Infrastructure Security Agency and other election security efforts have left U.S. election infrastructure vulnerable to escalating cyber threats.

Outdated Systems Putting AI Adoption in the Public Sector at Risk, Report Says
Outdated IT systems and poor data-sharing practices between public offices could undermine the U.K. government's plans to deploy artificial intelligence capabilities to increase public sector efficiencies, a parliamentary committee said.

UK ICO Says Advanced's Security Measures 'Fell Seriously Short'
A British IT service company must pay a 3.07 million pound fine for a 2022 ransomware hack that exposed medical records of tens of thousands of National Health Service patients. Hackers breached the Advanced system through a user account that did not have multifactor authentication in place.

Takeaways From CS4CA USA: OT Security Must Bridge the Gap Between IT and Operations
At the CS4CA USA Summit in Houston this week, the common refrain heard from practitioners was protecting the demands of industrial environments more than traditional IT know-how. It requires a hybrid expertise, one that speaks both the language of data packets and programmable logic controllers.

While recent draft guidance from the Food and Drug Administration on artificial intelligence-enabled medical devices is non-binding, the document signals that the agency is intensifying its regulatory scrutiny of these technologies, said Dr. Scott Schell of IT consulting firm Cognizant.

Credit Washing, Synthetic ID Fraud and Bust-Out Fraud Are Among the Usual Suspects
Auto lenders are grappling with a surge in complex fraud schemes that are not only increasing in volume but also exploiting systemic blind spots. From coordinated bust-out rings to fake dealership websites, fraudsters are expanding their playbooks with bold new tactics.

Highly Targeted Ransomware Hit Traced to Long-Running Cyberespionage Group
A stealthy group of mercenary hackers active since 2018 appears to have diversified into hitting hypervisors with ransomware via highly targeted attacks. Researchers said they tracked the hit to a corporate espionage team tracked as RedCurl.

Benchmark Results From Google Show Gemini 2.5 Outperforming Rivals
Google introduced on Tuesday its "most intelligent" AI reasoning model yet, designed to pause and "think" before responding. The model ships with a 1 million-token context window, capable of processing about 750,000 words in a single input - more than the entire Lord of the Rings series.

Cybersecurity Firm Finds Rash of Apps Coded With Microsoft .NET MAUI
Cybercriminals are using a Microsoft cross-platform app development framework to create Android malware that bypasses security measures, evades detection and steals user data. Malicious apps spotted by McAfee researchers aren't traditional Android malware.

'Encryption Can't Protect You From Stupid,' Says Leading Cryptographer
We're all human. Who among us hasn't lost a thumb drive or added a journalist to a consumer-grade encrypted app group chat devoted to White House war planning and military operations? Still, some accidental data breaches pose a bigger risk than others.