BankInfoSecurity.com

Behavioral Health Company Lost Electronic PHI for Nearly 3,000 Patients in Breach
A Florida-based behavioral health holding company has paid federal regulators a $337,750 HIPAA settlement for a 2018 incident involving the deletion of electronic protected health information pertaining to nearly 3,000 patients. How should other entities avoid these data loss situations?

Cado Security Deal Brings Enhanced Forensics, Automation, and AI-Powered Analytics
By acquiring Cado Security, Darktrace strengthens its ability to secure multi-cloud environments. The transaction brings together Cado's forensic capabilities with Darktrace's AI analytics to deliver comprehensive threat detection and response to organizations in regulated industries.

Officials Worry Trump's Cybersecurity Agenda Could Scrap Biden's Final Cyber Orders
An executive order set to be published by the Biden administration in its waning days could offer the next White House a blueprint to counter Chinese cyberattacks but experts fear its timing - so close to the transition of power - could make it practically dead on arrival.

Deputy Director Reflects on Term and Offers Advice to Successors
From application security to zero trust, it's been a busy four years for the current leaders of the U.S. Cybersecurity and Infrastructure Security Agency. Deputy Director Nitin Natarajan discusses the agency's accomplishments and the threats that await the next administration's cyber leaders.

Also: Penalty on Illegal Cryptomining in Siberia
This week's roundup includes Do Kwon's trial, penalty on a Siberian firm over illegal cryptomining, 2024 drainer attack statistics, U.S. bank regulator's crypto stance, Gemini's CFTC settlement, China's blockchain plans and Hong Kong's push for DLT in banks.

ActZero Purchase Adds Artificial Intelligence, Open Platform and Process Maturity
With its acquisition of ActZero, WatchGuard gains advanced machine learning capabilities and expertise to improve its MDR service. ActZero's mature processes and open platform enable seamless integration of WatchGuard products as well as third-party tools like Microsoft Defender.

Also, Alleged Gravy Analytics Breach Exposes Location Data
This week, a Russian tanker linked to cable sabotage detained in Finland, a claimed Gravy Analytics breach exposed location data, a Mirai-based botnet exploited zero-day flaws, Dell updated framework flaws and a court sentenced a Florida woman for laundering millions in romance scams.

Facebook Unveils Community Notes Program But Has Done Little to Curb Fraud
Meta has decided to end its fact-checking program. Meta CEO Mark Zuckerberg announced significant changes to the company's moderation policies and practices on Tuesday, attributing the shift to a renewed commitment to free speech. Some fear the move will embolden financial scammers.

Transfer of German Man's IP Address Wins Him 400 Euros
European privacy regulation - bane of American technology companies and a favorite cudgel of activists - came to haunt no less an organization than the European Commission, which must pay 400 euros to aggrieved German national Thomas Bindl, peeved that Facebook obtained his IP address.

US Senate Unlikely to Ratify Contentious Cybercrime Treaty Amid Mounting Concerns
Experts tell Information Security Media Group that a controversial United Nations cybercrime convention is unlikely to be ratified in the U.S. Senate due to mounting concerns from technology, human rights and privacy advocates over its potential impact on internet security and privacy protections.

Suspected Chinese Attackers Again Tied to Active Exploitation of VPN Appliances
VPN appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Experts are warning users to immediately update their devices, after factory resetting them to flush any malware attackers may have installed.

Studying Backdoors in Web Shells, Researchers Find 4,000 Infected Systems
How many servers are infected by web shells designed to give attackers remote access to systems, but now "phone home" to malicious infrastructure that's now abandoned or expired? Security researchers who posed that question have counted 4,000 such systems, including in government and education.

Facebook Unveils Community Notes Program But Has Done Little to Curb Fraud
Meta has decided to end its fact-checking program. Meta CEO Mark Zuckerberg announced significant changes to the company's moderation policies and practices on Tuesday, attributing the shift to a renewed commitment to free speech. Some fear the move will embolden financial scammers.

Know the Challenges and Opportunities of Working as a CISO, Architect or Pen Tester
Cybersecurity jobs typically pay well and they can be personally rewarding because they merge advanced technical challenges with a vital mission - protecting critical systems, data and people. In this post, we'll focus on the highest-paying jobs and the challenges and opportunities they offer.

Cync Acquisition Bolsters Exposure Validation Through Advanced Offensive Expertise
Cymulate’s acquisition of Cync Secure enhances its ability to bridge vulnerability identification and resolution. The deal integrates Cync offensive capabilities, creating a next-gen exposure prioritization platform to tackle vulnerabilities effectively and address unmet market demands.

Transfer of German Man's IP Address Wins Him 400 Euros
European privacy regulation - bane of American technology companies and a favorite cudgel of activists - came to haunt no less an organization than the European Commission, which must pay 400 euros to aggrieved German national Thomas Bindl, peeved that Facebook obtained his IP address.

US Senate Unlikely to Ratify Contentious Cybercrime Treaty Amid Mounting Concerns
Experts tell Information Security Media Group that a controversial United Nations cybercrime convention is unlikely to be ratified in the U.S. Senate due to mounting concerns from technology, human rights, and privacy advocates over its potential impact on internet security and privacy protections.