BankInfoSecurity.com

Firm Won't Deploy Feature in the EU, UK Due to Data Collection Norms
Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.

Tech Giants, AI Firms, Academics Urge Congress to Take Action by Term-End
A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.

The trend toward remote working over the last several years has bred all kinds of tools intended to help us improve productivity and facilitate easier, faster digital communications with colleagues. So why does workplace productivity still feel impossible to achieve? Unfortunately, email—one of the most integral vehicles for business communication—is also one of the biggest drains on employee time and energy. According to data from Microsoft, employees spend as much as 8.8 hours each week checking and responding to email. And while many email communications are essential, one recent report found that nearly half of all emails are spam or other unwanted mail.

SEC: Check Point, Mimecast Disclosures Didn't Capture Severity of SolarWinds Hack
Check Point and Mimecast will each pay regulators nearly $1 million to settle charges of making materially misleading disclosures related to the SolarWinds Orion hack. The SEC alleged public disclosures from Check Point and Mimecast didn't capture the severity of the compromise.

Europe Will Renew or Deny Data Sharing Agreement in June
The U.K. government should work ahead of a June deadline to retain its status as a trusted host of European commercial and law enforcement data, urged the head of a parliamentary committee. The economic value of an EU "adequacy agreement" is "substantial," wrote Peter Ricketts.

Attackers Could Exploit Flaw to Relay Credentials, Compromise Systems
A critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.

Annual Conference and Hackathon Showcases Solutions for Protecting IoT Devices
Showcasing the latest innovations in hardware security, experts from more than 100 companies worldwide have gathered this week at Hardwear.io in Amsterdam. The annual event and hardware hackathon examines current and future challenges and solutions in hardware security.

Socket Plans to Triple Headcount After Big Growth, Deliver Open-Source Tools Faster
A $40 million Series B investment will support Socket in rapidly scaling its team and product development. Following a 400% revenue increase, the company plans to build on its success by expanding its application security offerings and enterprise support for more programming languages.

Attack Method Exploits RAG-based Tech to Manipulate AI System's Output
Researchers found an easy way to manipulate the responses of an artificial intelligence system that makes up the backend of tools such as Microsoft 365 Copilot, potentially compromising confidential information and exacerbating misinformation. Researchers called the attack "ConfusedPilot."

2023 Hacking Incident Affected 1.9 Million Patients, Employees
A Michigan-based dental practice with 250 centers across nine states has agreed to pay $2.7 million under a preliminary settlement of a proposed consolidated class action lawsuit centered on a 2023 hacking incident reported as affecting more than 1.9 million patients and employees.

US Cyber Defense Agency Says Election Is Secure Despite Intensifying Threats
The Cybersecurity and Infrastructure Security Agency is ramping up its warnings of potential election interference and influence campaigns in the lead up to the November vote. But voters can be assured their ballots are secure and will be counted as cast, the agency said.

Vulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub Projects
Security researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS data and uncovered local file inclusion, cross-site scripting and remote code flaws in APIs.

Boston Children's Health Physicians Says Incident Involved Unnamed IT Vendor
Ransomware gang BianLian has listed Boston Children's Health Physicians - a pediatric group that practices in New York and Connecticut - on its dark web site, threatening to release stolen patient and employee data. The practice said the September incident involved an IT vendor.

Phishing Emails Impersonating Eset Target Cybersecurity Professionals With Malware
Cybercriminals posing as a top security firm in Israel have launched wiper attacks on local cybersecurity professionals after bypassing significant security measures, according to recent reports. Cybersecurity firm Eset said threat actors did not compromise its systems.

Report Reveals North Korean Workers Expanding Into Intellectual Property Theft
North Korean threat actors posing as remote information technology workers are increasingly extorting ransom from Western companies after securing jobs under false pretenses, according to a new report from Secureworks' counter threat unit.

Company Shifts Cyber Focus to QNX and Secure Communications as Key Growth Drivers
As Cylance continues to incur significant losses, BlackBerry is reallocating resources toward its more promising QNX and secure communications teams. The company expects its cybersecurity unit to stabilize and become profitable by the end of the fiscal year, thanks to strategic bets and cost cuts.