DataBreachToday.com

Attorney Lisa Sotto on Anticipated Changes in Regulatory Focus at FTC and CISA
Donald Trump's return to the White House with a renewed focus on deregulation may shift the priorities of federal agencies in enforcing data privacy and cybersecurity policy, said Lisa Sotto, partner at Hunton Andrews Kurth and chairperson of the DHS Data Privacy and Integrity Advisory Committee.

Cybercriminals don’t take the holidays off
Watch this timely webinar to prepare your business against rising holiday cyber threats.

Advocacy Groups Call for Government to Regulate Social Media Platforms
The Australian government is on track to introduce a bill in the Parliament to ban youths under the age of 16 from accessing social media platforms, but critics say age verification technologies are not accurate and a ban may push children into unsafe, less visible parts of the Internet.

'Wirte' Threat Actor Used Wiper That Checks if Victim Is Located in Israel
Hackers likely connected to Palestinian militants Hamas were behind wiper attacks detected in October against Israeli organizations including hospitals and municipalities. Israeli cybersecurity firm Check Point on Tuesday attributed the attacks to a group tracked as Wirte.

US to Advocate for Human Rights Safeguards from Supporting Member Nations
The United States will support a controversial cybercrime convention initially proposed by Russia that is currently making its way through the United Nations, officials told reporters, while seeking out human rights assurances from supporting member nations.

Malware Spotted Masquerading as Avast Antivirus
Android Spynote malware is masquerading as antivirus software to exploit Android processes to infiltrate devices, seize control and steal sensitive information from unsuspecting users. A report from Cyfirma shows the malware disguising itself as "Avast Mobile Security" in a recent campaign.

UK Government Agencies, Google Join Group that Promotes
Two British government agencies and computing giant Google joined the CHERI Alliance, a group dedicated to promoting a hardware architecture that prevents buffer overflows and heap use-after-free vulnerabilities. Adoption of the architecture is miniscule.

Snyk Boosts API Security with Enhanced Dynamic App Security Testing Capabilities
By buying DAST provider Probely, Snyk bolsters its platform with advanced API security testing for early SDLC stages. This acquisition aims to help developers identify and reduce vulnerabilities in AI-driven and API-heavy applications. Full integration into Snyk's platform is slated for early 2025.

Georgia-Based Memorial Hospital and Manor Among Embargo Group's Latest Victims
Embargo, a newcomer group to the ransomware scene, is threatening to begin publishing 1.15 terabytes of data belonging to a small rural Georgia hospital and nursing home attacked last week unless a ransom is paid before Tuesday. Experts say the double extortion gang disables victims' security tools.

Experts Warn of Intensifying Global Cyber Threats During a Second Trump Presidency
The United States could see an ever-increasing level of global cybersecurity threats as former President Donald Trump returns to office, experts told Information Security Media Group, with foreign adversaries poised to potentially exploit the politically charged transition period.

Developers' Credentials Stolen via Typosquatted ‘Fabric’ Library
A malicious Python package that mimics a popular SSH automation library has been live on PyPi since 2021 and delivers payloads that steal credentials and create backdoors. The package steals AWS access and secret keys, sending them to a remote server operated through a VPN in Paris

Anastasia Georgievskaya, CEO of Haut.AI, on How AI Is Transforming Skincare
Anastasia Georgievskaya, CEO and co-founder of Estonia-based Haut.AI, discusses the challenges of blending artificial intelligence with traditional skincare expertise and how Haut.AI is shaping a privacy-conscious future in beauty. Georgievskaya is also a research scientist at Beauty.AI.

UN Members Urge Better Critical Infrastructure Resilience to Counter Threats
With ransomware attacks on the rise and healthcare getting pummeled more than ever, a coalition of UN members urged countries to focus on collective critical infrastructure defense, while a senior White House official slammed Russia for continuing to harbor the criminals involved.

Financial Services Experts Call for Stronger Focus on Third-Party Risk Management
Financial services leaders and cybersecurity experts said at Information Security Media Group’s 2024 Financial Services Summit that third-party vendor security risks required the need for proactive, multi-layered security frameworks to combat the growing threat landscape.

New AWS-Hosted Solution to Integrate Claude With Palantir AI Platform
Palantir, Anthropic and AWS are developing an AI platform for U.S. defense, using Claude models to enhance decision-making, detect trends and speed document processing. The Biden administration has promoted the adoption of AI for national security.

ML, NLP Tools Collect More Personal Information Than Required, U.K. Regulator Says
Artificial intelligence tools currently used by organizations in the United Kingdom to screen job applicants pose privacy risks and are susceptible to bias and accuracy issues, the U.K. Information Commissioner's Office found. The ICO focused on machine learning and natural language processing.

Also: Potential Government Policy Changes; AI-Driven Zero-Day Discoveries
In the latest weekly update, ISMG editors discussed how the recent election results may reshape U.S. cybersecurity policy and healthcare privacy under HIPAA and the groundbreaking role of artificial intelligence in Google’s recent discovery of a critical zero-day vulnerability.