DataBreachToday.com

Also: U.S. Health Data Privacy Crackdowns, Reality vs. Hype of LLMs in Security
In this week's update, four editors with ISMG explore the crumbling state of ransomware group Black Basta and implications for other cybercrime gangs, the expanding impact of U.S. health data privacy laws, and whether large language models are truly what they seem.

Researchers: Ransomware Group Emerged Last Fall; Variant of Babuk Malware
A new ransomware gang, Termite, has started leaking on the dark web samples of sensitive data stolen in an attack on Australian fertility clinic Genea. A court has issued a restraining order in hopes of preventing the threat actor or others from further disseminating, using or publishing the data.

Model Appears to Be a Way Station on the Road to Something Greater
OpenAI on Thursday released its latest generative AI model, but don't call it the next big thing just yet. More thoughtful, persuasive and emotionally intelligent, GPT-4.5 aims to feel less like an algorithm and more like a conversation partner.

Current and Former Officials Express Optimism, Concerns Over Cyber Leadership Picks
Top leadership at the U.S. Cybersecurity and Infrastructure Security Agency may be coming into view as the Trump administration has begun attaching names to senior positions. Karen Evans will be executive assistant director for cybersecurity.

Health Industry Associations Complain That Proposed Cyber Mandates Are 'Staggering'
Seven major healthcare industry groups are urging the Trump administration to rescind a proposed update to the HIPAA Security Rule issued at the end of the Biden administration. The costs and regulatory burden to comply would be "staggering" to the healthcare sector, they said.

Trump's Procurement Tracking Directive Could Expose Vast Government Data to Threats
The White House is mandating federal agencies to track and justify every procurement, a move aimed at transparency but one that experts warn could expose troves of sensitive financial data to hacking, nation-state cyberthreats and potential supply chain vulnerabilities across government systems.

Approach Aims to Scale AI Models by Making Them Smarter Instead of Bigger
Scaling AI models in size has hit a plateau. One possible solution is test-time compute, which dynamically allocates extra computational resources during inference - or the thinking phase - to refine answers. Test-time compute lets AI models allocate resources based on the problem's complexity.

Series A Investment Expands AI-Driven Cybersecurity and Threat Detection
Mimic got $50 million in Series A funding to expand its ransomware defense solutions. Backed by Google Ventures and Menlo Ventures, the company will enhance AI-driven threat detection, automate security for proprietary apps and grow internationally to protect enterprises from ransomware attacks.

DeepSeek's Reasoning AI and Inference Scaling Drive Massive Demand for Compute
AI's shift to reasoning models such as DeepSeek is pushing compute demand to unprecedented levels, says Nvidia CEO Jensen Huang. Blackwell chips are designed to handle inference scaling, where complex models consume 100x more compute than traditional AI. He predicts strong data center growth in 2025.

Recent Upheavals in Job Market Underscore the Need for a Security-Minded Culture
Technology and training are key components of a strong insider risk program, but in times like these, the real key to success lies in your organization's culture. Do your employees feel valued? If the answer is no, your insider threat level could be off the charts.

Vendor Providing Employee Screenings Across Multiple Sectors Reports Cyber Incident
DISA Global Solutions, a third-party administrator of background checks and drug and alcohol testing for employers in multiple industries, said 3.3 million individuals are affected by a data theft incident that happened a year ago. The firm is already facing several lawsuits involving the breach.

Swedish Prime Minister Proposes Fast-Tracking Bill to Surveil Minors
A proposal by the Swedish prime minister to fast track legislation allowing police to surveil minors could cause end-to-end encrypted chat app Signal to leave the country. The government in effect is asking for backdoor access, said Signal President Meredith Whittaker.

CEO Raymond Brancato: Ex-Skybox Customers Get Express Onboarding, Flexible Pricing
Tufin has purchased select Skybox assets and business information, focusing on migrating affected customers to its platform. CEO Raymond Brancato outlines the company's transition strategy, including special pricing, dedicated support and plans to hire former Skybox Security employees.

Republicans Block Probe Into Cyber Workforce Cuts, DOGE Access to Federal Systems
Republican lawmakers on the U.S. House Committee on Homeland Security blocked a Democratic effort to investigate Elon Musk's access to sensitive federal networks and the impact of President Donald Trump's hiring freeze on an already strained cyber workforce.

'Have I Been Pwned' Flags Emails Found in Infostealer Malware Logs It Obtains
How bad has the information stealing malware problem become? Here's a metric: The free breach-notification service Have I Been Pwned found a single infostealer service provided "284 million unique email addresses alongside the websites they were entered into and the passwords used."

Claude 3.7 Sonnet Can Give Rapid or Deliberate, Complex Answers to Prompts
Anthropic introduced a new artificial intelligence model designed to adapt its reasoning time based on user preferences. Marketed as the industry's first "hybrid AI reasoning model," Claude 3.7 Sonnet aims to deliver rapid responses and more deliberate, complex answers to prompts.

Experts Say First Class Action Claim Under State's Privacy Law Won't Be the Last
A proposed class action lawsuit alleges that Amazon is unlawfully collecting and tracking mobile users' data - including sensitive geolocation - in violation of Washington's My Health My Data Act. It's the first such lawsuit filed since the data privacy law went into effect last year.