BankInfoSecurity.com

US, Australian Cyber Agencies Say Visibility Gaps Threaten Detection and Response
The Cybersecurity and Infrastructure Security Agency issued new guidance urging organizations to streamline Security Information and Event Management platform integration by prioritizing impactful log data and reducing blind spots that continue to plague even mature security operations centers.

Apex Security Detection Tools Help Tenable Spot Accidental and Malicious AI Misuse
Tenable is acquiring Israeli startup Apex Security to extend AI security features that go beyond asset discovery. With user-level controls and risk mitigation for AI usage, Tenable aims to accelerate its exposure management roadmap by integrating Apex into Tenable One later this year.

Retailers Report a Spurt in Breaches
Jewelry retailer Tiffany & Co. said hackers stole South Korean customers' data from a third-party vendor's platform, a disclosure that came shortly after sister brand Dior announced a similar breach. Hackers stole the personal information of South Korean shoppers.

Palo Alto Networks on How to Construct a Defense for Modern Threats
The rapid evolution of cyber threats, amplified by the integration of AI into adversarial tactics, calls for a shift in defensive strategies. Traditional approaches are no longer sufficient to address the sophistication, scale, and speed of modern attacks.

Huang Says Rules Shut Nvidia Out of $50B China Market, Gives Rivals Long-Term Edge
CEO Jensen Huang says new U.S. chip restrictions on China forced Nvidia to write down $4.5 billion in AI inventory and will hurt American leadership in global infrastructure as Chinese firms gain momentum. The rules fuel China’s rise and jeopardize U.S. infrastructure dominance, according to Huang.

Things to Include on Your CV When Your Job Focuses on Keeping Systems Running
If you're a junior SOC analyst, a GRC specialist or someone working in ICS environments, the idea of a cyber portfolio might seem irrelevant. It's not. Employers need tangible proof of your skills, and a well-constructed portfolio does just that - whether your job touches logs or legal frameworks.

APT31 Compromised the Czech Foreign Affairs Ministry in 2022
The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic's foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31.

Stealthy Malware Installs Cryptomining Software
A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet "PumaBot," since its malware checks for the string "Pumatronix," the name of a Brazilian manufacturer of surveillance and traffic camera systems.

'It's Just Totally Destabilizing,' Staffers Say Amid CISA's Leadership Exodus
An ongoing exodus of top officials and senior leadership at the Cybersecurity and Infrastructure Security Agency's regional offices has left staffers increasingly worried about a potential major shift in mission and continued cuts to staff and spending.

Researcher Analyzes System Prompts to Show How New Claude Models Work
System-level instructions guiding Anthropic's new Claude 4 models tell it to skip praise, avoid flattery and get to the point, said independent AI researcher Simon Willison, breaking down newly released and leaked system prompts for the Claude Opus 4 and Sonnet 4 models.

Google Is Getting Accolades for Veo 3, But the AI Video Tool Has a Darker Side
AI enthusiasts are saying Veo 3 is one of Google's best products. The mind-blowing AI constructs cinematic video clips from text prompts, and the results look real. Veo 3 pushes deepfake capabilities into uncharted territory and introduces new threats to truth, trust and authenticity.

Red Canary Purchase Aims to Deliver Agentic AI-Powered Security Operations at Scale
Zscaler’s buy of Red Canary will unify its cloud-based security infrastructure with Red Canary’s MDR insights, giving rise to a next-gen SOC built on automation, AI, and rapid detection expertise. The integration will support a proactive SOC experience powered by AI workflows and security expertise.

Framework for Moving From Scattered Tools to Unified AI Security Strategies
As CISOs grow confident with standard cybersecurity tools, AI security remains a grey area. By systematically breaking down AI security into seven key pillars - rather than waiting for a comprehensive solution - organizations can embed security by design to proactively address emerging cyberthreats.

CISA Advisory Says Threat Actors Stole App Secrets in Azure-Hosted Backup Platform
A suspected Chinese state hacking group linked to last year’s telecom intrusions breached Commvault’s Microsoft Azure environment, exposing sensitive Microsoft 365 credentials and reigniting fears over U.S. cloud infrastructure vulnerabilities and default security settings.

Open Garden Strategy, Automated Risk Remediation to Get a Boost With Veriti Buy
Check Point will fold Israeli firm Veriti into its Quantum suite following an acquisition aimed at streamlining automated security response across endpoints, firewalls and cloud environments. Veriti’s patented technology is seen as critical to reducing misconfigurations without business disruption.

A RobbinHood Attack Against Baltimore Cost City $19 Million
An Iranian national behind a spate of ransomware attacks against U.S. municipalities including an attack that cost the city of Baltimore $19 million to rectify pleaded guilty in U.S. federal court Tuesday afternoon. Sina Gholinejad, 37, admitted to deploying Robinhood ransomware.

Prompt Injection, HTML Output Rendering Could Be Used for Exploit
Hackers can exploit vulnerabilities in a generative artificial intelligence assistant integrated across GitLab's DevSecOps platform to manipulate the model's output, exfiltrate source code and potentially deliver malicious content through the platform's user interface.

Watch this On Demand Webinar and gain critical insights, actionable strategies and learn how Unit 42 can help you stay ahead in 2025 and beyond.

Emerging artificial intelligence and machine learning technologies being applied in the health and wellness space that are not necessarily covered by HIPAA but instead fall under a variety of tough new state privacy laws that are being enacted, said attorney Lily Li of Metaverse Law.