BankInfoSecurity.com

Don't Fall for Easy Social Engineering Traps, Advises Mandiant
The teenage hackers behind Scattered Spider tend to launch attacks in waves against specific sectors - and it may be the retail sector's turn. High street British mainstays Marks & Spencer, Co-op and Harrods have all felt a wave of incidents.

Homeland Security Secretary Accuses Cyber Agency of Failing to Stop China Hacks
U.S. President Donald Trump will "shortly" reveal a "grand cyber plan," Homeland Security Secretary Kristi Noem told lawmakers Tuesday, even as the administration seeks to cut the Cybersecurity and Infrastructure Security Agency budget by $500 million. "CISA’s mission is to hunt and harden," Noem said.

Startup Says It Cuts Software Vulnerability Volume, Helps Developers Avoid Overload
Backed by YL Ventures and Mayfield, Minimus says its new curated software containers reduce vulnerabilities by over 95%—freeing developers from excessive scanning and patching and reframing the traditional relationship between development and security teams.

Jury Slams NSO With $167M Verdict for WhatsApp Hack
Meta has secured a $167 million punitive damages verdict against Israeli spyware vendor NSO Group, with a U.S. jury finding the firm illegally used Pegasus malware to hack 1,400 WhatsApp accounts tied to diplomats, dissidents and journalists using encrypted messaging platforms.

Hackers Bypass MFA to Steal Australians' Banking Credentials
Melbourne-based ANZ Bank will introduce passwordless authentication for digital banking services amid news that hackers have stolen the banking credentials of tens of thousands of Australians. Cybercriminals used infostealer malware to steal the credentials of more than 30,000 Australians.

Critics Say Public Benefit Corporation Model May Undermine AI Safety and Oversight
OpenAI’s nonprofit parent will retain control as its for-profit subsidiary becomes a public benefit corporation. While the company frames the change as mission-driven, critics fear it may strip the nonprofit of meaningful control and expose AGI development to uncontrolled commercial interests.

Hacker Breaches Government-Approved Messaging App Used by Top Trump Officials
A Signal clone messaging app apparently being used by top advisers to U.S. President Donald Trump abruptly went dark Monday following a reported hacking incident. TeleMessage said it temporarily suspended messaging services "out of an abundance of caution."

Huione Group Helped Criminals Launder Over $4 Billion Worth of Cybercrime Proceeds
The U.S. Department of Treasury set in motion a process to ban a Cambodian company's access to the dollar financial system for running a vast illicit marketplace for cybercrime tools and laundering billions of dollars on behalf of North Korean and other cybercrime groups.

Wiz's Ami Luttwak on Managing the 'Speed of AI' Trade-Off in Security Control
"AI is the fastest adopted technology in the history, in the enterprise," said Ami Luttwak, co-founder and chief technology officer at Wiz, explaining how AI-enabled application development has outpaced the speed at which security personnel try to attain complete visibility over stored data.

Elastic CEO Ash Kulkarni on How AI Transforms Security Data Analysis
Ash Kulkarni, CEO at Elastic, discussed how bug bounty projects and close scrutiny by millions of developers worldwide have made open-source projects more secure than proprietary solutions. He recommends open APIs and interoperability as the future of effective security solutions.

Ex-Interpol Director Craig Jones on How Geopolitics Affects Global Cybercrime
Geopolitical conflicts have affected intergovernmental cooperation. Craig Jones, immediate past director of cybercrime at Interpol, says geopolitical instability has pushed countries to shift their focus toward data sovereignty, scrutinizing data storage, access and regulations.

Phosphorus Cybersecurity's Phillip Wylie on Asset Inventory, Password Hygiene
Organizations inadvertently create cybersecurity gaps by trusting connected devices. Threat actors are shifting tactics to exploit IoT vulnerabilities when traditional attack vectors strengthen, said Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity.

National Cybersecurity Alliance's Lisa Plaggemier on Replacing Shrinking Public Funds
Lisa Plaggemier, executive director of the National Cybersecurity Alliance, urges nonprofits to embrace private-sector partnerships and creative outreach to protect vulnerable groups such as senior citizens as federal funding support wanes.

Ex-National Cyber Director Emphasizes a Unified Approach to Cybersecurity
Public-private partnerships are of grave importance to tackle cyberthreats, given their ability to transcend geographical boundaries and affect individuals regardless of location, says Harry Coker, secretary of the Maryland Department of Commerce and former U.S. national cyber director.

Politecnico di Milano's Zanero on Evolving Malware Detection and Hardware Security
Machine learning excels at identifying repetitive patterns and anomalies, but human insight remains vital for understanding the broader context of cyberattacks - especially in cyber-physical ecosystems, said Stefano Zanero, professor at Politecnico di Milano.

SolarWinds CISO Tim Brown's Case Shows Personal, Legal and Health Risks for CISOs
CISOs face tremendous stress in dealing with regulatory scrutiny and legal exposure in the wake of a data breach. SolarWinds CISO Tim Brown shares the personal and professional impact of Securities and Exchange Commission charges against him after the 2020 SolarWinds supply chain attack.

Google Cloud's Hultquist on How State Hackers Exploit Code and Corporate Hiring
John Hultquist, chief analyst at Google Threat Intelligence Group, Google Cloud, discussed how China and North Korea are transforming cyberattacks into organized, factory-like operations. Alongside zero-day exploits, North Korean IT operatives are quietly infiltrating Fortune 500 companies under false identities.

Rain Capital's Chenxi Wang Warns About AI's Emerging Role in Coding
AI can significantly accelerate code generation - helping developers go from idea to implementation in minutes - but AI-generated code is frequently based on insecure or flawed examples found in public code repositories, explains Chenxi Wang, founder and general partner at Rain Capital.

NightDragon CEO Dave DeWalt Sees Cautious Optimism With Agentic AI
Advances in scalable AI and agentic technologies are creating a long-awaited shift in the defender-offender dynamic. With autonomy and agentic capabilities entering production, CISOs may soon deploy 100,000 autonomous agents instead of hiring more staff, said Dave DeWalt, CEO of NightDragon.