BankInfoSecurity.com

Also: Payment Card Theft Trends, Internet Archive Update
This week, bulk data transfers to China, credit card theft, the Internet Archive still recovering and the Change Healthcare tally is now 100M. Ukraine fought phishers, civil society against the UN cybercrime treaty, TA866 and virtual hard drives spread malware. Google verified Sir Isaac Newton.

Mandiant Says High-Severity Flaw Could Give Attackers Remote Unauthenticated Access
Researchers at Mandiant say a new threat cluster, first observed June 27, has been exploiting a Fortinet zero-day that the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.

Effectiv's 30-Person Team to Streamline Identity Services, Help Socure Grow Revenue
Socure has acquired Effectiv, integrating its engineering team of 30 to strengthen identity verification capabilities. The $136 million deal aims to speed up customer onboarding, enhance transaction monitoring, and deliver cross-platform solutions, with the product integration expected in 45 days.

Irish Data Protection Commission Cites Social Platform for GDPR Violations
The Irish Data Protection Commission imposed a 310 million euro fine on LinkedIn for violating a European privacy law stemming from the company's use of customer data. It ordered the social media platform to bring its data processing under compliance.

Tips for Employers on Securing the Home Environment and Promoting Better Hygiene
Remote work is a critical part of the future of cybersecurity and many other industries. For those who continue to work remotely or in a hybrid model, the need for robust cybersecurity practices needs to be a priority. But one of the biggest obstacles to that is isolation.

It's crucial for healthcare sector organizations to vet their artificial intelligence tech vendors in the same robust way they scrutinize the privacy and security practices of all their other third-party suppliers, said attorney Linda Malek of the law firm Crowell & Moring.

AI-Powered Cloud Remediation, Multi-Cloud Support at Core of Series B Investment
With a $30 million boost from Series B funding, Stream.Security will enhance its cloud security offerings. The company’s focus includes auto-remediation, faster, AI-driven threat responses, increased support for multi-cloud and hybrid environments, and boosted market presence in the U.S. and beyond.

U.S. Federal Government Gives Agencies Three Weeks to Patch or Mitigate
Fortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack. Cybersecurity researcher Kevin Beaumont christened the vulnerability "FortiJump."

New Ransomware Group Deploys Rust-Based Tools in Attacks
A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in April amid an ongoing shakeup in the ransomware world.

Proposal Will Be Open for Public Comment Next, But Will It Go Anywhere?
The Department of Health and Human Service last Friday submitted for White House review long-awaited updates to the 20-year-old HIPAA Security Rule containing modifications aimed at strengthening the cybersecurity of electronic protected health information.

Firm Won't Deploy Feature in the EU, UK Due to Data Collection Norms
Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.

Tech Giants, AI Firms, Academics Urge Congress to Take Action by Term-End
A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.

The trend toward remote working over the last several years has bred all kinds of tools intended to help us improve productivity and facilitate easier, faster digital communications with colleagues. So why does workplace productivity still feel impossible to achieve? Unfortunately, email—one of the most integral vehicles for business communication—is also one of the biggest drains on employee time and energy. According to data from Microsoft, employees spend as much as 8.8 hours each week checking and responding to email. And while many email communications are essential, one recent report found that nearly half of all emails are spam or other unwanted mail.

SEC: Check Point, Mimecast Disclosures Didn't Capture Severity of SolarWinds Hack
Check Point and Mimecast will each pay regulators nearly $1 million to settle charges of making materially misleading disclosures related to the SolarWinds Orion hack. The SEC alleged public disclosures from Check Point and Mimecast didn't capture the severity of the compromise.

Europe Will Renew or Deny Data Sharing Agreement in June
The U.K. government should work ahead of a June deadline to retain its status as a trusted host of European commercial and law enforcement data, urged the head of a parliamentary committee. The economic value of an EU "adequacy agreement" is "substantial," wrote Peter Ricketts.

Attackers Could Exploit Flaw to Relay Credentials, Compromise Systems
A critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.