DataBreachToday.com

HyperComply's AI Automation Reduces Vendor RFP Questionnaire Work by 92%
SecurityScorecard is acquiring HyperComply to streamline third-party risk assessments with AI that automates most security questionnaire responses. The deal supports SecurityScorecard’s shift from ratings-only to a full solutions platform for mitigating supply chain risk.

Announcement Provokes Skepticism in Cyber Community
A band of adolescent hackers behind attacks against airliners, insurers and casinos in the United Kingdom and the United States on Friday said they are shutting down their operations. Scattered Lapsus$ Hunters posted a semi-coherent screed announcing a decision to "go dark."

Vastaamo Hacker Aleksanteri Kivimäki Is Free, For Now
A Helsinki court ordered the release of Finland's most notorious hacker pending the resolution of his appeal of a conviction stemming from the theft of psychotherapy records of 33,000 individuals. Aleksanteri Kivimäki was convicted last year for hacking into now-defunct psychotherapy chain Vastaamo.

Apate.ai CEO Dali Kaafar on Turning the Tables on Fraudsters With AI-Powered Bots
Major banks in Australia are now using bots to foil scammers. The bots are designed to pose as potential victims, extract real-time intelligence and waste scammers' resources. The data is then pushed directly into fraud detection systems used by banks, telecom providers and government agencies.

82 Longstanding Recommendations on Data Protection, Security Still Not Acted Upon
The U.S. Department of Health and Human Services has still not implemented 82 recommendations made in recent years involving "high risk" cybersecurity and IT management issues, said the Government Accountability Office in a new report directed at HHS' CIO and its various agency CIOs.

Malware Not Yet Deployed in the Wild, Says Eset
New malware dubbed HybridPetya spotted on VirusTotal is adding to steadily growing pile of bootkits, creating more opportunities for hackers to infect desktops before the operating system and antivirus programs load. No telemetry exists showing HybridPetya has been deployed in the wild.

Durand: Agentic Models Require Stronger Verification and Complex Access Controls
With bots and personal agents poised to reshape digital identity, Ping Identity CEO Andre Durand says organizations must harden onboarding, reimagine omni-channel strategies and deploy "verified trust services" to combat fraud and deepfakes, especially in workforce and third-party access.

Inogen's Ebenezer Arumai Discusses Cyber Risk in Advance of ManuSec Summit
Ahead of QG Media's 10th ManuSec Summit - scheduled Oct. 14-15 in Chicago - we caught up with Ebenezer Arumai, director of IT infrastructure and security at medical device manufacturer Inogen, to discuss the cyber risk challenges related to medical equipment.

Also: AI Pilot Project Purgatory, Agentic AI Commerce Fraud Concerns
In this week's update, four ISMG editors discussed cybersecurity risks for small and medium-sized businesses, why so many enterprise artificial intelligence projects stall in pilot mode and concerns over fraud with the rise of agentic commerce in payments.

Lawmaker Says Microsoft Lapses Led to Ascension Health's Major 2024 Hack
Sen. Ron Wyden, D-Oregon, is urging the Federal Trade Commission to investigate Microsoft over the software giant's alleged "negligent cybersecurity," which he says contributed to ransomware attacks on critical infrastructure sector organizations, including last year's attack on Ascension Health.

Enoflag's Nicolas Werner on How Hands-on Challenges Expand Offensive Security Skills
Capture the Flag, or CTF, competitions have become a global training ground for cybersecurity professionals. These events test offensive security skills across software vulnerabilities, reversing and even physical security, said Nicolas Werner, representative at Enoflag.

Calypso’s Red-Teaming and Agentic Threat Tools Boost F5’s Application Security Edge
F5’s latest acquisition brings Dublin, Ireland-based CalypsoAI’s unique AI security stack into its platform to secure application traffic against LLM misuse, data leakage and shadow AI, enhancing protection for hybrid and multi-cloud environments and helping secure apps and APIs.

Updated CVE Roadmap Follows Threats to Funding
The Cybersecurity and Infrastructure Security Agency is unveiling a new vision for its globally-adopted vulnerability tracking system but security analysts warn that funding threats and turmoil inside the federal agency could derail any reforms before they take hold.

Tech Tools Are Powerful 'Easy Buttons' But You Still Need to Know the Fundamentals
In their careers, cyber professionals are expected to move beyond clicking through alerts and develop more depth in the field. The "easy button" may feel efficient, but it could be your downfall if you don't push yourself to truly learn the ins and outs of cyber defense.

CMO Mike Plante on Nozomi Expanding Industrial Reach, Operating as Independent Unit
Japanese Industrial giant Mitsubishi Electric will acquire San Francisco-based cybersecurity firm Nozomi Networks for $883 million. The two companies aim to fuse industrial data insights with advanced threat detection while keeping Nozomi as an independent brand.

Experts Say Tool Geared to Small, Midsized Organizations
Federal regulators have updated their HIPAA security risk assessment tool that's long been aimed at helping small and midsized providers and business associates with risk analysis - an activity that many healthcare organizations can't seem to get right.

Company Targets Non-Binary Software Blind Spots Left by Endpoint Security Tools
With $48 million in funding, Koi is scaling up efforts to help enterprises secure browser extensions, AI models and package code often missed by legacy tools. CEO Amit Assaraf says Koi is the only firm offering centralized governance for this fast-growing risk category.

Department of Defense Releases Cybersecurity Maturity Model Certification Rule
The Department of War has published the final version of its Cybersecurity Maturity Model Certification Rule - dubbed CMMC 2.0 - following years of collaboration with defense vendors on a tiered-approach to developing standardized cybersecurity requirements across the Defense Industrial Base.