BankInfoSecurity.com

CyberEdBoard Members and ISMG Editors on Incident Response, AI and Defense Trends
This week, CyberEdBoard members Jon Staniforth and Helmut Spöcker joined ISMG editors to unpack the hot topics at ISMG's London Cybersecurity Summit 2024, including ransomware lessons learned, AI trends and the growing importance of continuous learning and resilience in the cybersecurity industry.

Hacktivists Are Likely to Increasingly Adopt Cybercrime Tactics, Report Says
Ransomware hacks and self-declared hacktivist denial-of-services attacks were the most prolific threat to European Union members over the 12-month period ending in June, the EU cyber agency warned, adding that the nexus between nation-state hackers and hacktivist groups poses an emerging threat.

Unfiltered Training Data Can Cause Safety Issues, Spread Misinformation
LinkedIn this week joined its peers in using social media posts as training data for AI models, raising concerns of trustworthiness and safety. The question for AI developers is not whether companies use the data or even whether it is fair to do so - it is whether the data is reliable or not.

Experts Say Feds May Face Cost and Timeline Challenges in Quantum Readiness
The United States is preparing for an age of quantum computing as federal agencies roll out initiatives designed to boost "quantum readiness," and as experts warn the government may face issues that delay its ability to defend against a future of advanced threats enabled by the emerging technology.

No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply Chain
Secure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking. But as this week revealed to the dismay of terrorists and criminals alike, no OpSec measure is bulletproof to the effects of a corrupted supply chain.

As threat actors continue to evolve their attacks to circumvent security measures, cyber insurers are raising the bar for prospective healthcare security clients. Underwriters are increasing their scrutiny and adding new coverage requirements, said Chris Henderson of cybersecurity company Huntress.

Microsoft Says Russia-Linked Cyber Actors Are Supporting Trump by Attacking Harris
Microsoft warned the Kremlin is targeting the 2024 presidential election campaign of Vice President Kamala Harris with its wide-ranging election interference operations. Russian groups likely aligned with the Kremlin have shifted their focus to the Harris campaign in recent months.

Riverwood Capital Leads Investment in Security Validation Firm to Grow in Americas
Picus Security has received $45 million in funding led by Riverwood Capital. The investment will accelerate product development in exposure management, including attack surface management and automated pen testing. The company plans to expand further in the Americas, targeting key growth areas.

Chinese Botnet Targets US Critical Infrastructure and Taiwan
A Chinese state-sponsored botnet called Raptor Train has infected more than 260,000 IoT and office network devices to target critical infrastructure globally. The hackers used zero-days and known vulnerabilities to compromise more than 20 different types of devices to expand their botnet.

German Law Enforcement Reportedly Deanonymized Tor User in 2021
The Tor Project on Wednesday reassured users that they will remain anonymous after media reported that German police successfully used Tor to trace the alleged administrator of a child pornography site. Tor users can continue to use the browser "securely" and the "Tor Network is healthy," it said.

Tell Interviewers How You Respond to Incidents and Solve Problems
The STAR - Situation, Task, Action, Result - method is a widely used framework for answering behavioral interview questions. It allows job candidates to present their experiences in a structured way, making it easier for interviewers to understand their problem-solving skills and real-world impact.

Recent mega data breaches involving third-party vendors - such as the Change Healthcare cyberattack - are intensifying the spotlight on critical security risk management and governance issues for business associates and other suppliers, said regulatory attorney Rachel Rose.

International Law Enforcement Dismantles End-to-End Encrypted Messaging Service
An international law enforcement operation dismantled the Ghost encrypted messaging service in a takedown that resulted in the arrest of 51 suspects across three continents including alleged members of the Italian Mafia and motorcycle gangs. Australian police arrested Ghost's alleged administrator.

Laws Seek Removal of Deceptive Content, Labeling of Less Malicious Content
California enacted regulation to crack down on the misuse of artificial intelligence as Gov. Gavin Newsom on Tuesday signed five bills focused on curbing the impact of deepfakes. The Golden State has been on the national forefront of tech regulation.

Acquisition Set to Boost SASE Protection, Network Connectivity for Swiss Businesses
Swiss Post has signed an agreement to acquire Open Systems, a cybersecurity leader specializing in secure access service edge. The deal, expected to close by late 2024, will expand Swiss Post's offerings for secure digital communications for public and private organizations across Switzerland.

Crashing Markets, Slower Innovation, But More Sustainable AI Development
If the bubble isn't popping already, it'll pop soon, say many investors and close observers of the AI industry. If past bubbles are a benchmark, the burst will filter out companies with no solid business models and pave the way for more sustainable growth for the industry in the long term.

Cybersecurity Experts Say Operatives Probably Intercepted Physical Supply Chain
It doesn't appear to be a cyberattack, security experts said of the hundreds of pagers that blew up Tuesday across Lebanon, an apparent salvo against Hezbollah militants by the Israeli government. "The only logical explanation is that explosives and a side channel for detonation was likely used."

iPhone Maker Seeks Voluntary Dismissal, Citing Concerns Over Sensitive Data Leaking
Apple has filed a motion to dismiss its lawsuit against NSO Group, citing concerns over the potential exposure of sensitive threat intelligence information. The tech giant believes continuing the lawsuit could compromise its ability to protect users and lead to the disclosure of sensitive data.

Former Royal Mail and Manchester University CISOs Talk Ransomware Response
Timely notification of ransomware incidents to British law enforcement agencies played a crucial role in understanding the threats and in developing mitigation strategies, the former security heads of Royal Mail and the University of Manchester said.