BankInfoSecurity.com

Company Deploys Thousands of Use Cases, Underscores Responsible AI to Rebuild Trust
UnitedHealth faces AI backlash after nH Predict's 90% error rate and a DOJ probe. With more than 1,000 AI applications from call routing to claims efficiency and a robust responsible AI policy, the company aims to balance innovation with trust in a high-stakes bid to reshape healthcare.

Also: Prison Time for an Irish Crypto Launderer, an ISIS Financier
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, prison sentences for Celsius CEO, Irish crypto launderer and an ISIS supporter, exCH and Haowang close, a Parisian kidnapping attempt on crypto CEO's family and Sinaloa Cartel leaders charged in U.S. federal court.

Also, DOGE Employee’s Credentials Found in Infostealer Dumps
This week, SAP NetWeaver flaw drew hackers, zero-days in Ivanti EPMM, DOGE employee’s credentials found in infostealer dumps and Nucor halted operations. North Korean hackers targeted South Koreans with fake conference invites, Russian hackers targeted webmail servers and Microsoft fixed 72 flaws.

Financially Strapped Cloud Services Firm Settles Suit From 2020 Patient Data Hack
A financially strapped cloud services vendor that experienced a 2020 ransomware attack affecting dozens of healthcare sector clients and hundreds of thousands of patients has agreed to a $1.9 million settlement in proposed class action litigation involving the data theft case.

Urges Companies to Regularly Patch Their Products
The British National Health Service is prodding suppliers to commit to voluntary cybersecurity measures in a bid to prevent disruptive hacks. Among the proposed measures are regularly patching IT systems, instituting multifactor authentication and requiring IT suppliers to monitor and log their systems to allow prompt incident response.

All Risk, No Reward: Meta's Ongoing Legal Issues in Europe
Social media giant Meta is likely to face more legal hurdles over its plans to use the personal data of European Facebook and Instagram users to train artificial intelligence models. Meta paused efforts to train AI with European data in June 2024.

Report Finds North Koreans Embedded in Top Blockchain and Web3 Projects
A new report details how North Korea’s cybercrime network is infiltrating global tech firms with fake IT workers who exploit trusted access to steal millions in cryptocurrency, launder funds through international fronts and channel proceeds into weapons development and espionage missions.

HHS Secretary Testifies to Congress on Trump Administration's FY 2026 Budget Plans
The U.S. Department of Health and Human Services aims to bolster cybersecurity and health IT through the aid of artificial intelligence that will be used at federal health agencies, said Robert F. Kennedy Jr., secretary of HHS during House and Senate committee budget hearings on Wednesday.

It's Me, Not You: CISA Withdraws Leidos Cyber Offer Last Second
A multi-billion dollar vision by the Cybersecurity and Infrastructure Security Agency for its government-wide network intrusion detection and prevention system went kaput on Friday, court documents show. It withdrew an offer to contractor Leidos to support the National Cybersecurity Protection System.

CISO Joe Carson on How NATO's Locked Shields Sharpens Defenders for the Next Attack
Each year, the tiny northern Atlantic Ocean island country of Berylia comes under a massive cyberattack. It's all part of one of the world's largest red team-blue team exercises called Locked Shields, which has attracted thousands of cyber professionals including Joe Carson, advisory CISO, Segura.

Fewer Applications Carry OWASP Top 10 Flaws
Here's secure code development news to celebrate. After five years of steady improvement, slightly more than half of software applications don't have an OWASP Top 10 security flaw, find researchers Chris Wysopal and Jason Healey. "That makes life harder for attackers," Wysopal said.

US House Republicans Back Decade Pause of State AI Statutes
Republicans in the executive and legislative branches made moves Tuesday to loosen regulations on artificial intelligence by championing a decade-long ban on state AI regulation and undoing a rule that would have limited exports of advanced chip and model weights.

Microsoft Researchers Link Turkish Spy Group to Output Messenger Zero-Day Hack
A Turkish-linked cyberespionage group known as Marbled Dust exploited a zero-day in the Output Messenger Server Manager application to spy on Kurdish military operations in Iraq. Microsoft reported the hack and called for immediate mitigation to block credential theft and malware delivery.

Prosecutors Say Liridon Masurica Ran BlackDB.cc
A Kosovar man is being held in a Tampa jail after being extradited on charges that he was the main administrator of an online illicit marketplace in operation since 2018. Prosecutors accused Liridon Masurica, 33, of being the force behind BlackDB.cc.

CEO Howard Ting's Resignation Comes as Data Protection Company Hits $1B Valuation
Cyberhaven appointed product chief Nishant Doshi as interim CEO as longtime leader Howard Ting transitions to the board. With a sevenfold valuation increase and deep investment in Gen AI security and DSPM, the company is preparing to unify data controls across enterprises.

CISA Said Its Cyber Alerts Were Moving to X on Monday. By Tuesday, the Plan Changed.
The U.S. cyber defense agency reversed plans to move cybersecurity alerts off its .gov site Tuesday and acknowledged the "confusion" the decision caused within the cybersecurity community, amid concerns that relying on platforms like X would reduce visibility and public access to critical warnings.

Real-Time, Deep Cryptographic Discovery Added to Certificate Automation Portfolio
Keyfactor is acquiring CipherInsights and InfoSec Global in a move designed to shift cryptographic security earlier in the lifecycle. The acquisitions offer real-time and deep discovery capabilities to help customers identify and remediate cryptographic weaknesses ahead of quantum disruption.

Noodlophile Steals Credentials and Wallets Under AI Video Guise
Hackers are targeting users into downloading infostealers by tricking them into clicking on links that claim to produce AI-generated videos. The attackers build websites and promoted them on high-visibility Facebook groups, some exceeding 60,000 views.

Alabama Ophthalmology Practice, California Dental Clinic Report Breaches
Cybercriminal gang BianLian claims to have stolen patient information in two recent hacks of an Alabama-based ophthalmology practice and a California dental clinic. The two incidents affected nearly 150,000 people and are among the extortion group's latest attacks on the healthcare sector.