BankInfoSecurity.com

Lowering Machine Identity Risks in AI, ML and Bot Workflows
While AI, ML and bot workflows boost efficiency, they also expand the attack surface. Over-permissioned identities, exploitable vulnerabilities and AI misuse pose significant security risks. AI-driven security tools can mitigate these risks by detecting anomalies and automating threat response.

Tailoring Machine Identity Management to Specific Industry Needs
A one-size-fits-all security approach to machine identity management cannot address the unique challenges of different industries. Instead, security strategies should be tailored to meet each industry's specific needs, including access control, continuous monitoring and compliance requirements.

Chief Information Officer Meerah Rajavel shares Palo Alto Networks' strategy for enterprise AI: securing models from the outset, combating adversarial use and leveraging increased productivity and automation to cut manual workloads across engineering, support, sales and HR.

Also: PoisonSeed Phishing Campaign, FTX Clients Face Reimbursement Hurdle
This week, Trump administration disbanded a Justice Department crypto unit, the U.S. Securities and Exchange Commission will review crypto guidance, Usual pledged up to $16M in bug bounties, a PoisonSeed phishing campaign, FTX repayment plan troubles and a Coinbase 2FA error.

Also, Oracle Denies Cloud Breach, Blames Hack on Obsolete Servers
This week, Port of Seattle notified victims, Oracle blamed hack on obsolete servers, Google and Microsoft released April patches, WK Kellogg breached, six arrested in Spain for AI-investment scam, Scattered Spider's "King Bob" pleaded guilty, SmokeLoader users busted.

California Health Plan With 6 Million Members Blames Software Configuration Error
Blue Shield of California is notifying health plan members that their protected health information was potentially shared for nearly three years with Google for advertising purposes because of the way Google Analytics online tracking tools were configured on the insurer's websites.

Incident Reporting Low, Government Study Finds
Ransomware attacks targeting U.K. organizations continued to rise last year concluded the British government despite a low reporting rate by victims. The findings come as the government is considering banning public sector organization from paying ransom and mandating incident reporting.

AI Tool Streamlines Clinical Workflows at WellSpan With Microsoft's Dragon Copilot
WellSpan Health deploys Dragon Copilot, blending voice dictation and ambient listening to ease clinician burnout. It streamlines tasks with generative AI as part of an ecosystem shift, offering hope amid high burnout rates and workforce shortages.

Chris Krebs and SentinelOne Targeted as Trump Still Trumpets 2020 Election Lies
The White House said President Trump has ordered a probe into former Cybersecurity and Infrastructure Security Agency Director Chris Krebs' government service, revoked any security clearances he holds and suspended security clearances issued to his employer, SentinelOne.

Emerging AI Tools Can Transform SOC Analysts' Jobs But Require New Sets of Skills
In a job market known for its talent shortage and skills gap, the shift to AI-based solutions represents both an opportunity and a call to action. While AI can tackle grunt work with remarkable accuracy, it also demands a new set of skills from the cybersecurity workforce.

Largest Palo Alto Purchase Since 2020 Would Aid AI Model Security and Governance
Palo Alto Networks is eyeing its largest startup deal since December 2020, with the platform giant targeting Protect AI, a startup that offers AI scanning, LLM security and gen AI red teaming. Palo Alto Networks is prepared to pay between $650 million and $700 million for Protect AI, Globes reported.

Tech Giant Says Threat Actors Are Exploiting a Flaw in Widely-Targeted Windows Tool
Ransomware threat actors are exploiting a zero-day vulnerability discovered in a highly targeted Windows logging system tool in a campaign in part targeting U.S. IT and real estate sectors, Microsoft confirmed in a Tuesday blog post urging customers to apply available patches.

Academics Map Out Holistic Cyber Education for Future Defenders in the Age of AI
Cybersecurity education can't be built on tools alone. It must prepare students to think critically, navigate complex systems and address the human dimensions of security. That's the vision behind the new textbook "Cyber Security Foundations: Fundamentals, Technology and Society."

OT Operators Can't Count on Isolation to Protect Network
Rare is the OT environment truly isolated from a business network. Experts say real-time, contextual threat intelligence is now essential for securing OT systems, enabling faster detection, more accurate responses and coordinated action across IT and OT teams.

Sen. Mark Warner Says Talk of Oracle's Involvement Worrisome Due to Recent Breaches
Speculation about software giant Oracle being a top contender to take over social media platform TikTok from China-based ByteDance is especially concerning considering Oracle's two recent data breaches, said the co-chair of the Senate Intelligence Committee in a letter to the Trump administration.

Microsoft Reportedly Alerted Office of the Comptroller of the Currency to Breach
For nearly two years, hackers reportedly spied on 150,000 "highly sensitive" emails sent and received by America's banking regulator, the Office of the Comptroller of the Currency. The OCC said it's continuing to probe the "major information security incident."

Elliott of Zurich Insurance on Why Business Leaders Need Quantifiable Cyber Risks
Many compliance programs rely on vague risk scores and dashboards. These don't always help business leaders make decisions. Dan Elliott, head of cyber resiliency, Zurich Resilience Solutions, ANZ, at Zurich Insurance, said organizations should frame compliance through financial metrics.

University of Maryland Medical Center Said FBI Is Also Investigating Case
An academic medical center is facing a class action lawsuit alleging one of its pharmacists installed keylogging software on 400 computers over a decade to spy on the personal lives and intimate moments of coworkers. The pharmacist is also facing a criminal investigation, the hospital said.

Espionage Campaign Mainly Targeted European Organizations
A Russian nation state threat actor exploited "lesser known" features of Microsoft Windows remote desktop protocol to target European organizations for espionage. Hackers using RDP to deploy a malicious application and access data from victims.

AI Leaders Call for Proactive US Response Amid Chinese Technology Breakthroughs
The United States risks losing the so-called "AI Cold War" against China unless it abandons traditional containment strategies and adapts to Beijing's advances, panelists told lawmakers Tuesday. "I'm as stunned as all of you about just how fast China has caught up," said Adam Thierer.