DataBreachToday.com

Backdoored Python Packages Likely Work of 'Gleaming Pisces,' Says Palo Alto
A North Korean hacking group with a history of a stealing cryptocurrency is likely behind a raft of poisoned Python packages targeting developers working on the Linux and macOS operating systems in an apparent attempt at a supply chain attack.

Why Cybersecurity Is a Public Imperative
Data is one of the most valuable assets in today's digital age. Cyberthreats come in many forms, such as phishing attacks, ransomware, data breaches and malware infections, and failing to protect your data can cause severe financial, reputational and operational damage.

It's yet to be determined whether a handful of states or the federal government will lead the charge in adopting comprehensive regulations involving the use of artificial intelligence in healthcare, said regulatory attorney Betsy Hodge, a partner in law firm Akerman.

CyberEdBoard Members and ISMG Editors on Incident Response, AI and Defense Trends
This week, CyberEdBoard members Jon Staniforth and Helmut Spöcker joined ISMG editors to unpack the hot topics at ISMG's London Cybersecurity Summit 2024, including ransomware lessons learned, AI trends and the growing importance of continuous learning and resilience in the cybersecurity industry.

Hacktivists Are Likely to Increasingly Adopt Cybercrime Tactics, Report Says
Ransomware hacks and self-declared hacktivist denial-of-services attacks were the most prolific threat to European Union members over the 12-month period ending in June, the EU cyber agency warned, adding that the nexus between nation-state hackers and hacktivist groups poses an emerging threat.

Unfiltered Training Data Can Cause Safety Issues, Spread Misinformation
LinkedIn this week joined its peers in using social media posts as training data for AI models, raising concerns of trustworthiness and safety. The question for AI developers is not whether companies use the data or even whether it is fair to do so - it is whether the data is reliable or not.

Experts Say Feds May Face Cost and Timeline Challenges in Quantum Readiness
The United States is preparing for an age of quantum computing as federal agencies roll out initiatives designed to boost "quantum readiness," and as experts warn the government may face issues that delay its ability to defend against a future of advanced threats enabled by the emerging technology.

No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply Chain
Secure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking. But as this week revealed to the dismay of terrorists and criminals alike, no OpSec measure is bulletproof to the effects of a corrupted supply chain.

Microsoft Says Russia-Linked Cyber Actors Are Supporting Trump by Attacking Harris
Microsoft warned the Kremlin is targeting the 2024 presidential election campaign of Vice President Kamala Harris with its wide-ranging election interference operations. Russian groups likely aligned with the Kremlin have shifted their focus to the Harris campaign in recent months.

Riverwood Capital Leads Investment in Security Validation Firm to Grow in Americas
Picus Security has received $45 million in funding led by Riverwood Capital. The investment will accelerate product development in exposure management, including attack surface management and automated pen testing. The company plans to expand further in the Americas, targeting key growth areas.

Chinese Botnet Targets US Critical Infrastructure and Taiwan
A Chinese state-sponsored botnet called Raptor Train has infected more than 260,000 IoT and office network devices to target critical infrastructure globally. The hackers used zero-days and known vulnerabilities to compromise more than 20 different types of devices to expand their botnet.

German Law Enforcement Reportedly Deanonymized Tor User in 2021
The Tor Project on Wednesday reassured users that they will remain anonymous after media reported that German police successfully used Tor to trace the alleged administrator of a child pornography site. Tor users can continue to use the browser "securely" and the "Tor Network is healthy," it said.

As threat actors continue to evolve their attacks to circumvent security measures, cyber insurers are raising the bar for prospective healthcare security clients. Underwriters are increasing their scrutiny and adding new coverage requirements, said Chris Henderson of cybersecurity company Huntress.

Essen Health Care's Hiren Dave Makes the Case for Integration of CIO-CISO Roles
As cloud computing, DevOps and automation continue to evolve, the lines between IT functions are fading, making security integral to these processes. Hiren Dave, CIO and CISO at Essen Health Care, shares how combining the roles of CIO and CISO improves risk management and communication.

EVP Johan Gerber on How Threat Intelligence Can Prevent Fraud, Protect Payments
Mastercard's proposed purchase of Recorded Future for $2.65 billion will bring advanced threat intelligence into its payment systems. EVP Johan Gerber explains how this move improves fraud detection and prevention and strengthens Mastercard's cybersecurity in an evolving digital payments landscape.

Also: US SEC Settles With Prager Metis, Rari Capital
This week, Delta Prime and Ethena were hacked, Lazarus' funds were frozen, the SEC settled with Prager Metis and Rari Capital, Sam Bankman-Fried sought a new trial, the SEC accused NanoBit and CoinW6 of scams, the CTFC sought to fight pig butchering, and Wormhole integrated World ID and Solana.

New Report Accuses 9 Platforms of Surveillance of Users, Points to Privacy Concerns
The U.S. Federal Trade Commission on Thursday published a report detailing how the largest social media and streaming services surveil both users and nonusers across the web while collecting vast troves of data, pointing to significant privacy concerns for children and teens.

Recent mega data breaches involving third-party vendors - such as the Change Healthcare cyberattack - are intensifying the spotlight on critical security risk management and governance issues for business associates and other suppliers, said regulatory attorney Rachel Rose.