BankInfoSecurity.com

European Cybersecurity Agency Can Assign CVE IDs and Publish CVE Records
The European Union Agency for Cybersecurity is poised to take on a greater role in coordinating vulnerability disclosures across the trading bloc with its elevation as a "Root"-level participant in the Common Vulnerabilities and Exposures program.

Salesforce Revoked Gainsight Authentication Tokens
Customer relationship management giant Salesforce is again notifying customers that hackers may be stealing their data through a third-party app. The San Francisco company late Wednesday disclosed that apps published by Gainsight connected to Salesforce instances may have "enabled unauthorized access."

Fortinet's Rashish Pandey on Security Leadership, Regulation and IT-OT Convergence
AI is transforming businesses, but it is also expanding the attack surface and accelerating risk. Rashish Pandey, VP of marketing at Fortinet, explains why CIOs and CISOs must share accountability, unify platforms and prepare for a future defined by regulatory complexity and AI-powered threats.

Company to Warn Customers, Disable Insecure Options by Default
Cisco says it will proactively alert network administrators when insecure configurations are detected and will eventually disable insecure features by default. The move comes after Chinese hackers exploited known vulnerabilities in Cisco equipment during major telecom breaches.

Also: Obama Twitter Hacker Ordered to Forfeit $5.3 Million
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Samourai Wallet founders and Oklahoma Crypto CEO sentenced, Obama Twitter hacker ordered to forfeit funds, Chicago crypto ATM CEO charged and White House is reviewing a rule expanding IRS crypto oversight.

Avoid Roadblocks to Your Advancement, Optimize Your Professional Throughput
Career latency is not an indictment of your ability. Understanding what creates latency in your professional life and how to address it is an essential component of long-term growth. With a diagnostic mindset and a willingness to optimize, you can restore throughput and move forward with purpose.

Michael Leland of Island on How to Enhance Credential Security
From infostealers to phishing, almost 90% of all data breaches now involve the use of stolen credentials - leading to billions of dollars in losses. Michael Leland of Island opens up on the role of the modern enterprise browser in mitigating these risks created by compromised credentials.

Ping Identity and Ameris Bank on Stopping Fraud Without Alienating Legitimate Users
In the latest "Proof of Concept," Rich Keith, director of product and solutions marketing at Ping Identity, and Todd Smith, senior vice president of customer IAM at Bank Ameris, joined ISMG editors to discuss how AI-based fraud is breaking trust models faster than many systems can adapt.

Researchers Suspect a Chinese ROB-Building Operation
Suspected Chinese cyberespionage hackers have commandeered tens of thousands of Asus routers in an operation showing a heavy emphasis on infecting devices stationed in Taiwan. The campaign tracks with reports that Beijing is actively pressing unpatched routers into ORB networks.

Attackers Can Flip Safety Filters Using Short Token Sequences
A few stray characters, sometimes as small as "oz" or generic as "=coffee" may be all it takes to steer past an AI system's safety checks. HiddenLayer researchers have found a way to identify short token sequences that can cause guardrail models to misclassify malicious prompts as harmless.

Data of Nearly 470,000 Patients and Employees May Have Been Leaked on Dark Web
Omni Family Health, a California nonprofit network of community health centers, has agreed to pay $6.5 million to settle proposed class action lawsuits related to a 2024 hack that may have exposed the personal information of nearly 470,000 current and former patients and employees on the dark web.

Internal Memo Says Trump-Era Cuts 'Hampered' CISA During 'Pivotal Moment'
The Cybersecurity and Infrastructure Security Agency is reeling from an apparent 40% vacancy rate in several key divisions following White House-driven cuts and a prolonged government shutdown, according to an internal memo revealing how recent layoffs were undermining federal readiness.

Hacking Group Deploys Raft of Custom Malware Variants
An Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps.

NIH Working on Fixes to Address National Security Risks and Weak Access Controls
The sensitive health and genomics data of 1 million Americans used by a National Institutes of Health research project could be at risk for access or theft by bad actors, including foreign adversaries, a government watchdog group. Security weaknesses discovered in an audit are being addressed.

Carmaker Resumes Full Production
The September cyberattack on Jaguar Land Rover resulted in a company loss of roughly $260 million, the British carmaker reported Friday while also announcing a resumption of normal production. Cybercrime group "Scattered Lapsus$ Hunters" took responsibility for the hack.

Only Regulations Can Convince Meta to Cut Its Revenue Stream From Fraud Victims
How motivated would you be to stop a source of revenue if you discovered that some of your advertisers are scamming your customers? Most businesses would want to protect their customers. In the strange universe of social media giant Meta, incentives for doing the right thing are totally different.