BankInfoSecurity.com

Crowded Leak Site May Be a Weakness and Fewer New Players a Sign of Higher Quality
How many ransomware victims pay their attackers a ransom precisely to avoid having their names listed - or their stolen data dumped - on a ransomware group's data leak blog? We don't know, but leak site posts don't correlate well with security firms' telemetry data.

How to Responsibly Embrace AI's Potential to Strengthen Cybersecurity Defenses
Verizon’s 2024 DBIR shows a gap between generative AI's perceived capabilities and its actual use in cyberattacks, citing skyrocketing gen AI "hype" and very low actual gen AI "mentions" alongside traditional attack types. But it's still essential for security leaders to focus on AI risks now.

Aging Technology and Rising Competition Have Created a Need for Greater Investment
The owners of eSentire are exploring a potential sale that could value the company at about $1 billion and attract the interest of private equity firms. The company is hoping to command a valuation equivalent to more than seven times its annual recurring revenue of about $150 million.

1.3 Million Individuals Being Notified Their Social Security Numbers Were Stolen
Background check firm Jericho Pictures, which does business as National Public Data, is notifying 1.3 million individuals that their personal information was stolen via a December 2023 breach of its systems. The stolen information was listed for sale on a cybercrime market beginning in April.

Cybercriminal Gang RansomHub Claims It Leaked 700 Gigabytes of Lab's Stolen Data
Florida drug testing medical laboratory American Clinical Solutions told federal regulators that 300,000 individuals are caught up in a hacking incident now that criminal gang RansomHub has published 700 gigabytes worth of data stolen from the lab's network.

NYU's Brennan Lodge on Training Your Own Model With Retrieval Augmented Generation
Many cybersecurity organizations hope generative artificial intelligence and large language models will help them secure the enterprise and comply with the latest regulations. But to date, commercial LLMs have big problems - hallucinations and a lack of timely data, said NYU professor Brennan Lodge.

FBI Says Iran, Russia Ramping Up Influence Operations Ahead of National Vote
The FBI confirmed recent reports that Iran hacked into former President Donald Trump’s campaign, saying in a Monday statement the country was attempting "to stoke discord and undermine confidence" in the U.S. democratic process through online influence operations and other malicious efforts.

Median Ransomware Attack Recovery Cost for Critical Infrastructure Is 4X Higher
Ransomware remains a major threat to energy, oil/gas and utilities organizations of all sizes around the globe. Our 2024 state of ransomware report reveals that the median recovery costs for two critical infrastructure sectors - energy and water - quadrupled to $3 million over the past year.

Microsoft's Tool Requires Physical Access, a 'Time-Consuming and Laborious Task'
Microsoft's statement that a faulty CrowdStrike update affected less than 1% of active Windows systems doesn't tell the full story, since large organizations in critical sectors make up a disproportionate part of the user base, as the outages in healthcare, transportation and banking demonstrate.

Tips on Managing Public Relations in the Face of a Cyber Incident
Cybersecurity incidents are not just technical problems. They are also major public relations challenges. Effective IT and cybersecurity leadership during a crisis can significantly affect your company's reputation, stakeholder trust and overall recovery - and have a big impact on your career.

The deployment of an asset management platform is helping Main Line Health gain deeper visibility and better security over the 100,000-plus medical devices and IoT gear used throughout the group's multiple hospitals and medical facilities, said CISO Aaron Weismann, who discusses the implementation.

Healthcare groups should consider several key points about a recent Texas federal court ruling and its impact on the use of online tracker technology on the healthcare websites of HIPAA-regulated organizations, said privacy attorney Iliana Peters of the law firm Polsinelli.

The interconnectedness of medical devices, which generate data that can be distributed to multiple systems that are often managed by different policies, presents privacy concerns that device manufacturers must address, said Adam Hesse, CEO of Full Spectrum.