DataBreachToday.com

Code of Practice for Software Vendors Sets Baseline Security Expectations
A British government proposal to strengthen software supply chain security received positive feedback from vendors who said voluntary best practices could strengthen cyber defenses. The guidelines suggest requiring multifactor authentication for developers and timely vulnerability patching.

Cybercriminals Use Artificial Intelligence and Physical Threats to Maximize Impact
One-dimensional data encryption threats have morphed into more dangerous, multi-layered ransomware attacks that are expanding in scope and impact, creating an urgent need for organizations to fortify their defenses.

Focus on Cyber Hygiene, Advanced Tools and Rapid Response to Outsmart Attackers
Modern cyberthreats require modern defense tactics. Ransomware now employs multilayered extortion tactics that target operations and reputations. With 68% of breaches involving human error, CISOs and leaders must focus on cyber hygiene, advanced security tools and rapid response strategies.

The adoption of privacy enhancing technologies, including fully homomorphic encryption, can help secure data as it is collected, integrated and shared for detecting and responding to public health emergencies such as bird flu, said Kurt Rohloff, co-founder and CTO of Duality Technologies.

Reports: Cyber Command Ordered to Halt Offensive Operations Against Russia
Russia won't have the United States to worry about in cyberspace in an apparent concession to Moscow meant to grease talks between the two capitals over the fate of Ukraine. Defense Secretary Pete Hegseth ordered U.S. Cyber Command to halt offensive cyber operations against Russia.

AI-Driven Incident Response, Observability Boost SolarWinds' Operational Efficiency
SolarWinds' acquisition of Squadcast strengthens its IT management portfolio with AI-powered incident response. Customers report faster remediation, reduced noise and improved resilience. The integration promises a smarter, more efficient approach to IT operations.

Committee Witnesses Favor Resilience Over Bans
The British government should focus on building operational resilience rather than imposing ransom payment bans, security experts told a parliamentary committee. The British government in January floated a ban on the public sector and critical infrastructure owners paying digital extortion.

Gartner MQ for Cyber-Physical Security Details Pros, Cons of Pure-Play Approach
Pure-play OT specialists Claroty, Nozomi and Dragos were joined by asset management expert Armis and behemoth Microsoft atop Gartner's first-ever ranking of cyber-physical systems vendors. Historically, a wide range of vendors were grouped together under the broad umbrella of OT security.

After Disrupting Ascension Health, Black Basta Forecast Reprisals From FBI, Moscow
"We are pentesters, not murderers," ransomware group Black Basta claimed in its negotiations with victim Ascension Healthcare in May 2024, after its attack led to widespread disruptions and patient safety alerts. Leaked chat logs reveal the group feared resulting reprisals from the FBI and Moscow.

Also: U.S. Health Data Privacy Crackdowns, Reality vs. Hype of LLMs in Security
In this week's update, four editors with ISMG explore the crumbling state of ransomware group Black Basta and implications for other cybercrime gangs, the expanding impact of U.S. health data privacy laws, and whether large language models are truly what they seem.

Researchers: Ransomware Group Emerged Last Fall; Variant of Babuk Malware
A new ransomware gang, Termite, has started leaking on the dark web samples of sensitive data stolen in an attack on Australian fertility clinic Genea. A court has issued a restraining order in hopes of preventing the threat actor or others from further disseminating, using or publishing the data.

Model Appears to Be a Way Station on the Road to Something Greater
OpenAI on Thursday released its latest generative AI model, but don't call it the next big thing just yet. More thoughtful, persuasive and emotionally intelligent, GPT-4.5 aims to feel less like an algorithm and more like a conversation partner.

Current and Former Officials Express Optimism, Concerns Over Cyber Leadership Picks
Top leadership at the U.S. Cybersecurity and Infrastructure Security Agency may be coming into view as the Trump administration has begun attaching names to senior positions. Karen Evans will be executive assistant director for cybersecurity.

Health Industry Associations Complain That Proposed Cyber Mandates Are 'Staggering'
Seven major healthcare industry groups are urging the Trump administration to rescind a proposed update to the HIPAA Security Rule issued at the end of the Biden administration. The costs and regulatory burden to comply would be "staggering" to the healthcare sector, they said.

Trump's Procurement Tracking Directive Could Expose Vast Government Data to Threats
The White House is mandating federal agencies to track and justify every procurement, a move aimed at transparency but one that experts warn could expose troves of sensitive financial data to hacking, nation-state cyberthreats and potential supply chain vulnerabilities across government systems.

Approach Aims to Scale AI Models by Making Them Smarter Instead of Bigger
Scaling AI models in size has hit a plateau. One possible solution is test-time compute, which dynamically allocates extra computational resources during inference - or the thinking phase - to refine answers. Test-time compute lets AI models allocate resources based on the problem's complexity.