BankInfoSecurity.com

Russian SVR Targeting Government, Academia, Defense Organizations Globally
A Russian-state hacking group is posing as Microsoft employees and sending malicious configuration files as email attachments to target organizations across the world. The campaign has the hallmarks of a Midnight Blizzard phishing campaign although its use of an RDP configuration file is novel.

New Compliance Tool Say Many AI Firms Fail to Meet Security, Fairness Standards
Large language models developed by Meta and Mistral AI are among a dozen artificial intelligence models that fail to meet the cybersecurity and fairness requirements of the European Union AI Act, which went into effect on Aug. 1, said developers of a new open-source AI evaluation tool.

Normalyze’s AI-Powered DSPM Technology Boosts Proofpoint’s Data Visibility, Control
Proofpoint will acquire DSPM startup Normalyze to strengthen its data security offerings across cloud, SaaS and hybrid environments. The company aims to give security teams enhanced visibility, control and human-centric risk reduction for sensitive data across complex infrastructures.

Foreign Minister Tajani Condemns Conspiracy as 'Threat to Democracy'
The foreign minister of Italy condemned Monday as a threat to democracy the private investigation firm that prosecutors in Milan say illegally accessed government databases for years to assemble illicit dossiers. Four individuals are under house arrest.

Foreign Influence Campaigns Intensify as Experts Tout Election Security Upgrades
More than 50 million votes have already been cast in the 2024 United States presidential elections, but new reports indicate the cyber and physical threats continue to escalate - with potential implications that could extend well beyond Election Day.

Scaling Business Often a Challenge in the Country, Experts Told Lawmakers
Dependence on foreign capital in the United Kingdom for investments into artificial intelligence will stymie British technological progress, a parliamentary committee heard Tuesday. An absence of capital makes it hard for British firms to scale operations, said Michael Holmes, CEO at Scale Space

Strategies for Safeguarding Data and Reputation at Financial Institutions
In today's increasingly digital world, trust isn't always easy to come by. Businesses no longer have complete control over their technology stack. Instead, they rely heavily on third-party solutions, applications and products to keep operations running smoothly. But those third parties pose risks.

When a large hospital in an urban area is shut down by ransomware, the disruption can be significant, but when a rural hospital faces a similar cyber outage, the impact on patient safety and the community can be extreme, said Nitin Natarajan of the Cybersecurity and Infrastructure Security Agency.

Academics Build AI Agent With OpenAI to Execute Phone Scams at Scale
Hackers can use OpenAI's real-time voice API to carry out for less than a dollar deepfake scams involving voice impersonations of government officials or bank employees to swindle victims, said researchers at the University of Illinois Urbana-Champaign.

Forrester's Cody Scott on Why 2025 Will Be Pivotal for Security Leaders
Forrester's 2025 Predictions for Cybersecurity, Risk and Privacy report forecasts that security leaders will scale back generative AI investments by 10%. AI productivity gains have fallen short of expectations, forcing CISOs to reprioritize budgets and reassess gen AI’s role in security operations.

Series D Funding on $4.2B Valuation to Support OT, Medical Device Security Growth
Armis has closed a $200 million Series D funding round on a $4.2 billion valuation to drive growth in cyber exposure management with a focus on acquisitions and federal expansion. CEO Yevgeny Dibrov says the funds will accelerate Armis' work in operational technology and medical device security.

US Treasury Issues Regulations Restricting Investments in Foreign Semiconductors, AI
The U.S. Department of Treasury published final regulations Monday for investors planting dollars abroad that aims to restrict investments from the United States into sensitive technologies developed by foreign adversaries while continuing to ensure open investments practices remain intact.

FBI Probing 'Specific Malicious Activity Targeting' Telecommunications Providers
The FBI said Friday afternoon it is investigating Chinese nation-state hacking of commercial telecommunications infrastructure following a news report that Beijing actors targeted data from phones used by Republican presidential nominee Donald Trump and his running mate, Ohio Sen. JD Vance.

Hackers Backdoor Software Libraries to Deliver Malware
Security researchers found backdoored software packages in the NPM software library, apparent evidence of an ongoing campaign by North Korean hackers to social engineer coders into installing infostealers. Pyongyang hackers have a history of bizarre methods for stealing money.

SMS Impersonation Scam Victims Must Be Made Whole
Singapore regulators gave banks six months to institute real-time detection tools for blocking impersonation scams or else assume liability for stolen funds. A finalized framework published Thursday also shifts liability onto island-nation telecoms unless they block fraudulent SMS messages

Top Tier Capital, HarbourVest Support Concentric's Path to Autonomous Data Security
Supported by Top Tier Capital Partners and HarbourVest Partners, Concentric AI’s $45 million Series B funding round will drive product innovation in identity governance, risk monitoring and data breach investigation - critical areas for enterprises seeking resilient data security solutions.

How Might Election Outcome Affect HHS' Healthcare Cyber Work?
Regardless of who wins the upcoming Presidential election, one thing is apparent: As the final months of the Biden administration wrap up, regulators at the agency charged with enforcing HIPAA are racing to complete unfinished work they deem as critically important to healthcare sector cyber.

Rust-Based Ransomware Employs Aggressive Anti-Detection Tactics
Operators of a Russian-speaking ransomware group launched a new encryptor with enhanced measures for defeating cyber defenders including wiping logs, disrupting backup systems and stopping decryption without insiders knowledge. The same group disrupted London hospitals in a July attack.

While ransomware attacks against medical devices don't happen often, disruptive cyber incidents that affect the availability of the IT systems that medical devices rely on are a big concern that needs the industry's critical attention, said Jessica Wilkerson of the FDA.