DataBreachToday.com

Mandiant Says High-Severity Flaw Could Give Attackers Remote Unauthenticated Access
Researchers at Mandiant say a new threat cluster, first observed June 27, has been exploiting a Fortinet zero-day that the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.

Tips for Employers on Securing the Home Environment and Promoting Better Hygiene
Remote work is a critical part of the future of cybersecurity and many other industries. For those who continue to work remotely or in a hybrid model, the need for robust cybersecurity practices needs to be a priority. But one of the biggest obstacles to that is isolation.

It's crucial for healthcare sector organizations to vet their artificial intelligence tech vendors in the same robust way they scrutinize the privacy and security practices of all their other third-party suppliers, said attorney Linda Malek of the law firm Crowell & Moring.

AI-Powered Cloud Remediation, Multi-Cloud Support at Core of Series B Investment
With a $30 million boost from Series B funding, Stream.Security will enhance its cloud security offerings. The company’s focus includes auto-remediation, faster, AI-driven threat responses, increased support for multi-cloud and hybrid environments, and boosted market presence in the U.S. and beyond.

U.S. Federal Government Gives Agencies Three Weeks to Patch or Mitigate
Fortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack. Cybersecurity researcher Kevin Beaumont christened the vulnerability "FortiJump."

New Ransomware Group Deploys Rust-Based Tools in Attacks
A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in April amid an ongoing shakeup in the ransomware world.

Proposal Will Be Open for Public Comment Next, But Will It Go Anywhere?
The Department of Health and Human Service last Friday submitted for White House review long-awaited updates to the 20-year-old HIPAA Security Rule containing modifications aimed at strengthening the cybersecurity of electronic protected health information.

Firm Won't Deploy Feature in the EU, UK Due to Data Collection Norms
Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.

Tech Giants, AI Firms, Academics Urge Congress to Take Action by Term-End
A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.

Annual Conference and Hackathon Showcases Solutions for Protecting IoT Devices
Showcasing the latest innovations in hardware security, experts from more than 100 companies worldwide have gathered this week at Hardwear.io in Amsterdam. The annual event and hardware hackathon examines current and future challenges and solutions in hardware security.

The trend toward remote working over the last several years has bred all kinds of tools intended to help us improve productivity and facilitate easier, faster digital communications with colleagues. So why does workplace productivity still feel impossible to achieve? Unfortunately, email—one of the most integral vehicles for business communication—is also one of the biggest drains on employee time and energy. According to data from Microsoft, employees spend as much as 8.8 hours each week checking and responding to email. And while many email communications are essential, one recent report found that nearly half of all emails are spam or other unwanted mail.

Why Peter Todd May Be Another Conspiracy Theory on the Bitcoin Creator
Is Peter Todd truly Satoshi Nakamoto, or just the next name in a long list of conspiracy theories that are eventually debunked? The HBO documentary's claim is far from conclusive, despite an eyebrow-raising moment in the film, where Todd admits to being Nakamoto on camera, seemingly tongue in cheek.

SEC: Check Point, Mimecast Disclosures Didn't Capture Severity of SolarWinds Hack
Check Point and Mimecast will each pay regulators nearly $1 million to settle charges of making materially misleading disclosures related to the SolarWinds Orion hack. The SEC alleged public disclosures from Check Point and Mimecast didn't capture the severity of the compromise.

Europe Will Renew or Deny Data Sharing Agreement in June
The U.K. government should work ahead of a June deadline to retain its status as a trusted host of European commercial and law enforcement data, urged the head of a parliamentary committee. The economic value of an EU "adequacy agreement" is "substantial," wrote Peter Ricketts.

Attackers Could Exploit Flaw to Relay Credentials, Compromise Systems
A critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.