BankInfoSecurity.com

Kazu Demands $200K Ransom, Begins Leaking 1.2M Stolen Patient Records
Kazu, a relative newcomer among cybercrime gangs, is threatening to post 353 gigabytes of data allegedly stolen in recent weeks from Doctor Alliance, a Texas-based company that provides document and billing management technology and services to physician practices.

More Than 1M Victims Affected Globally
Tech giant Google sued the Chinese-speaking operators of a phishing-as-a-service operation in what it hopes will be a first step to deterring the prolific service behind hundreds of thousands of fraudulent websites used to steal credentials from millions of victims.

Suspect May Be Military Officer Indicted by US for 2016 Election Interference
Police in Thailand have arrested a Russian citizen suspected of launching hack attacks against targets around the world, who's wanted by the FBI. While the suspect hasn't been named, his age matches that of a Russian military intelligence officer indicted for 2016 U.S. election interference.

Quantum Advances Are Outpacing Global Readiness, Cybersecurity Leaders Warn
While quantum computing promises advances in fields such as healthcare and financial modeling, cybersecurity experts say Q-Day also poses a fundamental risk to the cryptographic standards that secure communications, digital signatures and transactions worldwide.

Flaw Enabled Remote Code Execution, Say AWS Researchers
Researchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution.

CISA Says Agencies Believed They Patched Cisco Flaws But Had Not
The U.S. cyber defense agency issued new patch guidance after discovering multiple federal agencies failed to properly secure Cisco firewalls, leaving federal networks exposed to exploitation by a suspected Chinese threat actor despite a prior emergency directive.

MDR, Asset Management Startups Reportedly Ax Double-Digit Percentage of Employees
Two late-stage cybersecurity startups disclosed widespread layoffs this month, reportedly axing a double-digit percentage of their staff amid economic and AI upheaval. Fledgling managed detection and response firm Deepwatch reportedly cut between 60 and 80 people from its 250-person staff Wednesday.

US Attorney Jeanine Pirro Cites Trump Goal in Making Crypto 'Safe' for Investors
The U.S. Attorney for the District of Columbia announced the launch of the Scam Center Strike Force, to dismantle criminal networks behind pig butchering scams. The initiative targets sophisticated transnational criminal organizations based in Southeast Asia including Cambodia, Laos and Burma.

Vigilance Cyber Security's Moriah Hara on AI Automation and Responsible AI
Mohira Hara, CISO and AI security, risk and governance consultant at Vigilance Cyber Security, says AI is reshaping financial services by accelerating anti-money laundering efforts, automating SOC functions and driving stronger governance frameworks that make CISOs central to managing AI risk.

Documents Will Spotlight 5 Critical Risk Areas, Best Practices for Healthcare AI
The healthcare sector faces an array of complex cyber risk considerations involving artificial intelligence. The Health Sector Coordinating Council is rolling out a series of guidance documents to help these organizations navigate a long list of AI cybersecurity challenges.

CISA Pre-Shutdown Staffing Levels, State Grant Program to Be Restored Under Plan
A congressional funding bill would reverse shutdown-era layoffs at the Cybersecurity and Infrastructure Security Agency and restore the $1B State and Local Cybersecurity Grant Program, temporarily stabilizing the agency’s operations and buying Congress time for long-term reforms.

Legislation Proposes More Regulations for Greater Swath of the UK Economy
The British government introduced Wednesday long-anticipated cybersecurity legislation aimed at tackling disruptive hacks targeting critical national infrastructure. Companies that run afoul of the new regulations could face daily fines that amount to 10% of their global revenue.

Fiery Driver Version Didn't Validate Source File, Had Hardcoded Credentials
Printer servers from major manufactures such as Canon and Sharp could be susceptible to a supply chain hack due to flaws in a driver updater, researchers warn. Cyderes said Wednesday it identified two major security risks in a version of the Fiery Driver Updater.