BankInfoSecurity.com

Technology Giant Accused of Using 'Wordplay' to Previously Deny Breach Reports
Cybersecurity experts have slammed Oracle's handling of a large data breach that it's reportedly confirming to 140,000 affected cloud infrastructure clients - but only verbally, and not in writing - following nearly two weeks of it having denied that any such breach occurred.

Lawsuits Allege Cybercrime Gang Medusa Stole Data of 132,000 People
An Arizona-based medical imaging practice with locations in 11 states is notifying patients that their data was compromised in a January cyberattack. Litigation filed against the company allege ransomware gang Medusa stole sensitive data pertaining to at least 132,000 people in the incident.

Inside North Korea's IT Scam Network Now Shifting to Europe
North Koreans posing as remote IT workers have spread to Europe, where one Pyongyang fraudster assumed at least 12 personas to target companies in Germany, Portugal and the United Kingdom. Western companies have grappled for years with the prospect of unintentionally hiring a North Korean national.

Integrated Tools Across Generative AI Security, DSPM, DDR Key to Growth Strategy
Cyberhaven is building a data security platform to address evolving risks in generative AI, DSPM and beyond. Backed by $100 million, CEO Howard Ting says the firm will use the funds to expand its portfolio and go-to-market footprint while staying independent.

Chinese Hackers Are Pre-Positioned, and Top Officials Could Be Making Matters Worse
Experts told lawmakers on Wednesday that without urgent federal action to strengthen cyber defenses and additional efforts to improve the cybersecurity practices of some of the highest ranking government officials, another Salt Typhoon attack could be just around the corner.

Critical Vulnerability in Drivers Affects Multiple Canon Printers
The office printer could mete out more than ordinary frustration now that researchers discovered a vulnerability in drivers for Canon printer enabling attackers to execute arbitrary code. The flaw is an out-of-bounds vulnerability in Enhanced Metafile Recode processing.

Security Operations Firm Gets $3.4B Valuation, Expands AI Threat Detection Platform
Security operations firm ReliaQuest announced more than $500 million in funding led by EQT, valuing the company at $3.4 billion. The investment will expand its GreyMatter platform and advance Agentic AI to speed threat response and reduce operational burdens on security teams.

Government Says Managed Service Providers Need More Regulation
The British government pledged to introduce stricter rules surrounding incident reporting and supply chain vulnerability patching through legislation it previewed in July 2024. The proposed Cyber Security and Resilience Bill will bring under its scope managed service providers.

Industry Experts Testify Before Congressional Committee Examining Medical Devices
Massive workforce cuts at the Food and Drug Administration could hinder the agency's critical work involving medical device cybersecurity, putting patient safety at risk and stiffing innovation, said some experts testifying during a Congressional hearing on Tuesday.

NHL CISO David Munroe outlines how the league protects critical infrastructure across public arenas and streaming platforms. He details the league's use of cloud and AI tools, and highlights the importance of cloud governance, AI-powered defenses and user education in mitigating risk.

Attacker With Project Access Could Have Retrieved Private Images, Researchers Said
Google has fixed Google Cloud Platform vulnerability attackers could have exploited to gain unauthorized access to private container images, due to access restriction shortcomings. Researchers said the flaw highlights how services built atop other services can pose unexpected security risks.

AI Giant Eyes Expansion Amid Structural Challenges
OpenAI on Monday closed a record $40 billion funding round, valuing it at $300 billion. SoftBank led with $30 billion, joined by Microsoft and others. Operational shifts accompanied OpenAI's expansion. CEO Sam Altman announced stepping back from daily operations to focus on innovation.

Customer Credentials Possibly Compromised at EHR Vendor Acquired by Oracle in 2022
Oracle is dealing with a hacking incident involving legacy patient data of Cerner electronic health record customers. Oracle, which acquired Cerner in 2022, is reportedly telling clients the hack involved compromised credentials for systems scheduled to migrate to the cloud.

Letter to Bankruptcy Trustee Says 23andMe's Privacy Promises Must Carry Over
The Federal Trade Commission has sent a letter to 23andMe's bankruptcy trustees saying that any sale of the genetic testing firm or its assets will be subject to the company's previous pledges to consumers involving the privacy and security of their sensitive information and biological samples.

Hackers Claim on BreachForums to Have Stolen 'Highly Sensitive' Data
Israeli cybersecurity firm Check Point rejected Monday a hacker's assertion that he stole "highly sensitive" information offered for sale on an online marketplace for illicit data. The incident "doesn't pose any risk or have any security implications to our customers or employees."

New Turing Institute Report Urges Government to Create AI Crime Task Force
British law enforcement agencies are ill-equipped to tackle artificial intelligence-enabled cybercrime, a report by The Alan Turing Institute says, pointing to an "enormous gap" between police technical capabilities and the growing sophistication of threat actors.

Jason Costain on Ways Traditional and Digital Banks Could Learn from Each Other
Digital-only banks promise speed and sleek digital experiences but are not the best places to handle scam victims. Without branches to visit, victims find themselves stuck in a loop of chatbots, said Jason Costain, former head of fraud analytics and threat management at NatWest Group.

Private Details of Top Trump Officials Found Online Amid Growing Security Scandal
Private contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members' private accounts and communications.