DataBreachToday.com

GAO: SSA Fails to Meet Industry and Federal Electronic Verification System Goals
The Social Security Administration is facing criticism for failing to update its fraud prevention technology, leaving financial institutions and federal authorities at risk of missing synthetic identity scams, according to a new Government Accountability Office report.

Thomvest Ventures Leads Series B Funding to Support Privacy and Security Compliance
Relyance AI raised $32 million in Series B funding to grow its data governance platform. The funds will be used to scale operations, enhance real-time data visibility, and support enterprises in complying with complex global privacy regulations, ensuring responsible AI adoption across industries.

Impact Is "What We Would Have Hoped For," Says NCSC CTO Ollie Whitehouse
A British cybersecurity official touted Operation Cronos, an international operation against LockBit, saying multiple strikes aimed at the ransomware-as-a-service have disrupted its ability to recruit hackers. The operation has resulted in indictments, sanctions, and server takedowns.

Act Imposes Mandatory Patching for IoT Devices
The European Council on Thursday adopted security-by-design regulation that makes patching and vulnerability updates mandatory for connected devices. The regulation will ensure that "products with digital components are made secure throughout the supply chain and throughout their life cycle."

SEGs have performed admirably for many years, but they’re no match for this new generation of email attacks, and relying on outdated tools can have catastrophic consequences. By upgrading to a behavioral AI-based solution, you can defend against emerging threats and become more proactive in the fight against cybercrime.

CKW's Yann Gosteli on Optimizing Communication Networks With Future-Proof Tech
Swiss utility giant Centralschweizerische Kraftwerke has transformed its legacy operational communication network with a hybrid multiservice platform. Yann Gosteli, head of secondary systems at CKW, shares how the company has built an operationally efficient network infrastructure.

Nonprofit Digital Archive Also Suffers Denial-of-Service Attacks, Defacement
The nonprofit Internet Archive has been hit by hackers, who stole usernames and for 31 million accounts, including email addresses and bcrypt-hashed passwords. In recent days, the digital archive has also suffered defacement and repeat denial-of-service attacks.

Also: Taiwan AML Rules, IcomTech Sentencing
This week, Australia seized crypto from alleged Ghost mastermind, Taiwan drafts new AML rules, IcomTech founder sentenced, U.S. looks to recover stolen crypto, EigenLayer's erroneous fund transfer, FTX's bankruptcy plan approved, Bitfinex hack update and regulatory push for a lawsuit against Nvidia.

Also: A Fidelity Breach, Mamba Phishing
This week, the Global Signal Exchange hopes to dent online crime, a Fidelity data breach, phishing platform targets Microsoft 365 users, October Patch Tuesday, Pavel Durov said he's always cooperated with police, Highline Public Schools and CreditRiskMonitor updates, ADT and Casio suffered breaches

Hotel Chain Also Settles with Federal Trade Commission
The world's largest hotel chain agreed Wednesday to pay $52 million and conduct two decades of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The multi-million payout is part of a settlement reached with 50 U.S. attorneys general.

Critical Infrastructure Firms Are Hiring - and Paying Well
As digital transformation continues to reshape industries, the convergence of operational technology and cybersecurity has emerged as a critical area of focus. But there's a noticeable gap in the workforce. Professionals who truly understand both OT and cybersecurity are in short supply.

Justice Department Aiming to Emphasize Privacy and Security in AI Deployment
The U.S. Department of Justice is drafting new guidelines for law enforcement on the use of artificial intelligence and facial recognition tools to enhance public safety while safeguarding civil rights and ensuring ethical deployment, a senior official said Wednesday.

WestCap-Led Funding to Drive Click-Fraud Protection, Ad Integrity Expansion
Human Security's recent $50 million growth funding, led by WestCap, will drive the development of click-fraud defense and enhance advertising integrity solutions. CEO Stu Solomon aims to leverage the funding for scaling the engineering and data science teams, addressing emerging fraud threats.

Hotel Chain Also Settles with Federal Trade Commission
The world's largest hotel chain agreed Wednesday to pay $52 million and agree to two decades of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The multi-million payout is part of a settlement reached with 50 U.S. attorneys general.

Cyber Bill Says the Government Can't Use Information to Prosecute Victims
Ransom payments are typically tightly held secrets between cybercriminals and their victims, but the Australian government has introduced a cybersecurity bill in Parliament that would require larger businesses to report ransom payments to the government.

Attackers Use ASCII Characters to Create Tough-to-Spot QR Codes, Barracuda Warns
Attackers are moving beyond using QR code images added to phishing emails to trick victims into visiting malicious sites, and using ASCII "full block" characters to build working QR codes designed to evade optical character recognition defenses, warns cybersecurity firm Barracuda Networks.