DataBreachToday.com

New Tool Uses 40 Indicators to Provide In-Depth Diagnostic Analysis, Officials Say
Commerce Secretary Gina Raimondo unveiled a new data tool Tuesday called Scale. It assesses a wide range of factors affecting supply chains to provide a detailed analysis of potential risks and challenges, from labor shortages to climate challenges and geopolitical tensions.

Agencies Sign Agreement to Boost Cooperation, Share Cyberthreat Information
The British data protection authority and national law enforcement agency signed onto a cyber risk information-swapping agreement. The National Crime Agency and the Information Commissioner's Office will share cyberthreat assessments and information about incidents.

RAM-Based Radio Signal Attack Allows Attackers to Exfiltrate Data
A novel side-channel attack exploits radio signals emitted by random access memory in air-gapped computers, presenting a new threat to highly secure networks. One of the most effective ways to mitigate the risk is to cover sensitive machines with Faraday shielding.

Polish Deputy Prime Minister Says Russia Is Waging 'De Facto Cyberwar'
The Polish government said Monday it faces an onslaught of cyberattacks from Russian and Belarusian security agencies intent on cyberespionage and blackmail. Poland is in the midst of a "de facto cyberwar," said Deputy Prime Minister Krzysztof Gawkowski.

Action Aims to Ensure That Domestic Defense Industry Keeps Up With AI Developments
The U.S. federal government is preparing to collect reports from foundational artificial intelligence model developers, including details about their cybersecurity defenses and red-teaming efforts. The Department of Commerce said it wants thoughts on how data should be safety collected and stored.

Urgent Fix Addresses Critical Flaw That Allows Remote Code Execution
Progress Software released an urgent patch Thursday to fix a critical vulnerability that hackers could exploit to launch remote attacks. The company is no stranger to urgent patching. It was at the center of a Memorial Day 2023 mass hacking incident.

Ransomware Gang Daixin Claims It Published Sensitive Patient Info on Dark Web Site
A Louisiana-based ambulance company that provides emergency medical care services in four states is notifying nearly 3 million people that their sensitive health information was potentially stolen in a June hack. Ransomware gang Daixin claims to have published the data on its dark web leak site.

Victims Reported $5.6 Billion in Financial Losses Associated With Crypto Schemes
The FBI's Internet Crime Complaint Center on Monday issued a report revealing victims filed more than 69,000 public complaints related to cryptocurrency fraud and $5.6 billion in financial losses in 2023, while investment scams made up the bulk of losses throughout the year.

Threat Actor Is Likely a Beijing Cyberespionage Operator
A Chinese-speaking hacking group is targeting drone manufacturers in Taiwan and other military-related industries on the island country located roughly 100 miles from mainland China. Trend Micro on Friday said it tracks the threat actor as "Tidrone."

COO Jill Popelka Promoted to Chief Executive as Thoma Bravo Acquisition Nears Close
Darktrace has promoted COO Jill Popelka to CEO, replacing long-time leader Poppy Gustafsson. As the cybersecurity AI vendor prepares to finalize its sale to Thoma Bravo, Popelka will steer Darktrace into its next phase of growth. Gustafsson will join the board as a non-executive director.

'Service for America' Will Aim to Attract Diverse Candidates to the Cyber Workforce
The White House announced a hiring sprint to fill cyber, technology and artificial intelligence jobs across federal agencies, dubbed Service for America, which aims to attract diverse candidates for critical open positions in the public sector - along with new incentives.

Healthcare Sector Heavily Relies on Open-Source Web Server; Older Flaws Pose Risk
Federal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.

Acquisition Brings Vulnerability Management to Absolute's Cyber Resilience Platform
Absolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move aims to improve security compliance and simplify complex remediation tasks for organizations.

State Says HHS Erred by Shielding Reproductive Health Info From Law Enforcement
Texas Attorney General Ken Paxton is suing the Biden administration, alleging that "unlawful" HIPAA Privacy Rule regulations are hindering the state's law enforcement investigations into abortion cases and other reproductive health care cases.

Global Outage Triggers Calls for 'Less-Invasive Access' to Essential Functions
The global disruption caused by a faulty CrowdStrike software triggering a kernel panic and computer meltdowns has led government agencies, experts and vendors to call for rethinking Windows operating system resiliency, including the deep-level OS access security tools now require.

Also: AI's Role in Cybersecurity; New Fraud Prevention Rules
In the latest weekly update, ISMG editors discussed the implications of the recent arrest of Telegram's CEO in Paris for encrypted messaging services, the transformative impact of artificial intelligence in cybersecurity, and the latest regulations designed to curb fraud in electronic payments.

Credit Rating Business Says Cyber Insurance Market 'Poised for Significant Growth'
Competition has been increasing in the cyber insurance market, leading to a "moderate" decrease in insurance premiums after several years of rate increases. So reports Moody's Ratings, which said that the changes were driven by an influx of new players that is likely to continue.