DataBreachToday.com

Going Beyond the Copilot Pilot - A CISO's Perspective
With 60% of businesses piloting M365 Copilot but only 6% scaling, this webinar explores why gen AI deployments stall — and what CISOs and IT leaders must know to roll out secure, compliant, and effective AI productivity tools.

Businesses That Inherit SSL VPNs Through M&A Activity Falling Victim, Warn Experts
Multiple large enterprises that inherited SonicWall SSL VPN devices when they acquired a smaller entity have fallen victim to the Akira ransomware group, security researchers warn. Investigations of multiple intrusions found they began when attackers used "unmonitored and unrotated" credentials.

Whether Hackers Stole Data Not Yet Known
Several London city councils said they detected hacker activity on Wednesday night in an incident disrupting their telephone access and that may involve stolen data. The contiguous municipalities of Westminster and Kensington and Chelsea said they "are responding to a cybersecurity issue."

Bipartisan Bill Seeks Sanctions and Industry Coordination to Defend Undersea Cables
A bipartisan Senate bill would elevate the U.S. role in defending subsea fiber-optic cables against mounting threats from China and Russia, expanding diplomatic efforts, industry coordination and sanctions targeting foreign sabotage of the internet's global backbone.

JSON Code 'Beautifiers' Expose Sensitive Data From Banks, Government Agencies
At what price beauty? Apparently, some developers will paste anything into "JSON beautify" sites, from researchers report recovering authentication keys, database credentials, personally identifiable information for banking customers and much more.

While information blocking regulations were authorized under the 21st Century Cures Act nearly a decade ago, regulators are only starting to ramp up enforcement of the prohibited practices. Attorney Nan Halstead of Reed Smith explains critical steps organizations need to take to comply.

Security by Design or Be Fined, Committee Suggests
A U.K. parliamentary committee is recommending a new statute forcing software publishers to hew to secure-by-design principles or else face financial penalties. The committee called for "enforcement agencies" empowered to levy fines to monitor industry for compliance.

Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications
The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures.

JP Morgan Chase, Citi and Morgan Stanley Among Banking Customers Impacted
Major U.S. banks are assessing their exposure to a cybersecurity incident at real estate financial technology company SitusAMC, which disclosed Saturday that a breach may have affected client data. The New York firm uncovered the incident on Nov. 12.

Mindpath Health Settles Claim for $3.5M; Delta Dental Notifies 146,000 of Breach
Email breaches continue to plague the healthcare sector, resulting in data compromises that often affect the sensitive information of scores of patients. Two recent incidents illustrate the risks email breaches pose to patients, and the potential legal fallout for providers.

Israeli Startup Plans to Integrate AI Agent Guardrails Into Cloud Platform
Sweet Security secured $75 million in Series B funding to integrate AI security into its CNAPP platform. With runtime protection as its differentiator, the startup plans to address growing CISO concerns over shadow AI and attack vectors involving intelligent agents.

Lawmakers Say Reversal Strips One of Few Enforceable Standards for Major Carriers
The U.S. FCC's move to scrap its short-lived interpretation of the Communications Assistance for Law Enforcement Act - the 1994 statute known as CALEA - sparked warnings that the agency just eliminated one of the few enforceable cybersecurity tools for the telecom sector.

3-Year Espionage Campaign Targeted Taiwanese Firms
Chinese nation-state group APT24 targeted multiple Taiwanese companies as part of an espionage operation that went undetected for three years. The hacking group continually updated its malware infrastructure and tactics, enabling it to stay under the radar, Google Cloud said.

Researchers Were Able to Query 3.5 Billion Accounts
Security researchers were able to scoop up the telephone numbers of billions of WhatsApp users through an enumeration tool provided by app owner Meta. The sheer quantity of leaked numbers - 3.5 billion in total - would amount to "the largest data leak in history."

HSCC 'Model Contract' Calls for Shared Cyber Risks for Providers and Device Makers
Newly revised "model contract language" guidance from the Health Sector Coordinating Council provides an updated reference document to help healthcare providers and medical device makers better articulate and evaluate cyber considerations when negotiating purchases of products and services.