BankInfoSecurity.com

Hackers Could Adjust Life Support Settings of At-Home Life 2000 Ventilation System
The Food and Drug Administration is warning that Life 2000 - an at-home ventilation system by medical device maker Baxter - has been permanently recalled due to a cyber issue that could allow individuals with physical access to tamper with the gear's life support settings.

Proposed Tech Modernization Fund Allocation Falls to $5M Despite Bipartisan Support
Congressional appropriators have proposed significant reductions to federal cybersecurity and modernization initiatives in the 2026 budget, signaling a potential retreat from centralized cyber federal oversight even as agencies struggle with aging infrastructure and escalating nation-state threats.

Also: Prompt Injection Complicates Digital Forensics, Why AI Seems So Deceptive
In this week's ISMG Editors' Panel, four editors unpacked India's new data protection rules, the digital forensic implications of prompt injection attacks and the reasons why artificial intelligence tools so often seem to display deceptive behavior.

Innovation Continues, Although Sloppy Coding Can Still Leave Data Unrecoverable
Ransomware groups continue to display more innovation, persistence and planning in their quest to amass ransom-paying victims and maximize profits. This has included repeat supply-chain attacks, harvesting credentials to use in later campaigns, as well as launching their own affiliate programs.

ChatGPT Maker Probes Third-Party Data Breach; OpenAI API Users' Information Exposed
OpenAI has temporarily ceased use of Mixpanel after the analytics firm disclosed a breach affecting profile data of the artificial intelligence giant's API platform users. The company is notifying impacted organizations and watching for signs of data misuse.

Uncovered: Typosquatted Domains Linked to Suspected Ransomware Group Campaign
Continuing its targeting of customer data, the cybercrime group Scattered Lapsus$ Hunters appears to be gearing up for large-scale attacks involving typosquatted domains that lead to phishing domains designed to steal Zendesk users' valid credentials, warn security researchers.

Public-Private Cooperation Key for Ransomware Mitigation, Says Anne Neuberger
Ongoing, high-profile ransomware attacks against Britain and the United States have transformed cybersecurity into a national security priority, Anne Neuberger, the former White House deputy national security adviser for cyber, said at a Wednesday event in London.

Ground Stations a Top Target in Any Future Conflict, Warns Intelligence Official
Space is becoming a domain of warfare, with private sector companies' planet-side infrastructure on the front lines - and the first shots will likely be fired in cyberspace, a senior U.S. intelligence official warned this month. "If someone owns the ground station, they own the satellite."

Also: UK Fraud Investigators Make Arrests in $28M Basis Markets Rug-Pull Probe
This week, World Liberty Financial scrambles to secure user funds, the U.K.'s Serious Fraud Office arrests two people over a $28M Basis Markets rug-pull probe, a Gana Payment hack drains $3.1M and Crypto Dispensers weighs a $100M sale following money-laundering charges against its CEO.

Also: npm Packages Infiltrated, FBI Issues Fraud Alert, Campbell's Soup Cans CISO
This week, a recently fixed Oracle flaw is being actively exploited, Shelly tackled Pro 4PM DoS bug, "Shai-Hulud 2.0" hit npm, the FBI warned of rising bank account takeover scams, regulators fined Comcast over a vendor breach, Iberia reported a supplier incident and Campbell's canned its CISO.

Rural and small community hospitals are continuing to face growing cyber challenges driven by limited and shrinking resources, staffing shortages, and increasingly sophisticated cyber threats, said Jackie Mattingly, senior director at privacy and security consulting firm Clearwater.

Businesses That Inherit SSL VPNs Through M&A Activity Falling Victim, Warn Experts
Multiple large enterprises that inherited SonicWall SSL VPN devices when they acquired a smaller entity have fallen victim to the Akira ransomware group, security researchers warn. Investigations of multiple intrusions found they began when attackers used "unmonitored and unrotated" credentials.

Bipartisan Bill Seeks Sanctions and Industry Coordination to Defend Undersea Cables
A bipartisan Senate bill would elevate the U.S. role in defending subsea fiber-optic cables against mounting threats from China and Russia, expanding diplomatic efforts, industry coordination and sanctions targeting foreign sabotage of the internet's global backbone.

Securing the World for the Age of Quantum-Resistant Cryptography
Cybersecurity needs thinkers who can examine the logic underlying our systems, question assumptions and identify where traditional cryptography will no longer hold. The post-quantum challenge presents an opportunity for math-minded people to contribute in ways that will influence global security.

Going Beyond the Copilot Pilot - A CISO's Perspective
With 60% of businesses piloting M365 Copilot but only 6% scaling, this webinar explores why gen AI deployments stall — and what CISOs and IT leaders must know to roll out secure, compliant, and effective AI productivity tools.

Whether Hackers Stole Data Not Yet Known
Several London city councils said they detected hacker activity on Wednesday night in an incident disrupting their telephone access and that may involve stolen data. The contiguous municipalities of Westminster and Kensington and Chelsea said they "are responding to a cybersecurity issue."

JSON Code 'Beautifiers' Expose Sensitive Data From Banks, Government Agencies
At what price beauty? Apparently, some developers will paste anything into "JSON beautify" sites, from researchers report recovering authentication keys, database credentials, personally identifiable information for banking customers and much more.

While information blocking regulations were authorized under the 21st Century Cures Act nearly a decade ago, regulators are only starting to ramp up enforcement of the prohibited practices. Attorney Nan Halstead of Reed Smith explains critical steps organizations need to take to comply.