DataBreachToday.com

In First Pure-Play Cybersecurity IPO Filing Since '21, SailPoint Talks Channel Ties
SailPoint became the first pure-play cybersecurity company to pursue an initial public offering since 2021, revealing increased sales, improved losses and a heavy reliance on channel partners. Some 80% of its new customer transactions involved technology partners, system integrators, VARs or MSPs.

Researchers Uncover Three Vulnerabilities, Urge Firmware Update
Attackers could chain critical vulnerabilities in industrial network switches to gain remote control to compromise automation systems, IoT devices and surveillance networks. Claroty's Team82 uncovered three flaws in WGS-804HPT switches manufactured by Planet Technology.

Elizabeth Warren Letter Probes Kennedy on His Plans if Confirmed as HHS Secretary
Senate confirmation hearings have not yet been set for President Donald Trump's pick to lead the U.S. Department of Health and Human Services. But that hasn't stopped at least one lawmaker from already firing off an extensive list of questions to Robert F. Kennedy Jr., including about HIPAA.

Hackers Using Valid Customer Credentials to Re-Encrypt S3 Objects
Amazon is urging its customers to deploy additional security measures to secure S3 buckets following reports of ransomware attacks targeting the platform. The company said mitigations prevented "a high percentage of attempts from succeeding."

Poland, Israel, Nvidia and Oracle Question Need for Restrictions
A decision by the Biden administration to limit international access to American-made advanced artificial intelligence chips is facing backlash from countries whose purchasing power the rule affects. New export controls seek to choke the supply of advanced chips to China.

Enzo Biochem Previously Paid Three States $4.5M in Fines for Same Breach
Biotech firm Enzo Biochem has agreed to pay $7.5 million to settle a consolidated proposed class action lawsuit involving a 2023 ransomware attack affecting 2.5 million people. The company has already paid $4.5 million in fines to three state attorneys general for the same incident.

Also: Bringing AML and Fraud Programs Together; the Global AI Arms Race
In this week's update, ISMG editors discussed a U.K. proposal to mandate ransomware payment reporting, tackling financial crime by bringing together fraud and AML teams, and the global AI arms race as countries compete to lead innovation while balancing regulation and ethics.

Department of Treasury Imposes Sanctions
The U.S. federal government said Friday it's traced the source of Chinese hacker intrusions into telecom networks to a government contractor located in hacking hotbed Sichuan. The Department of Treasury imposed sanctions on the firm, Sichuan Juxinhe Network Technology.

Experts Say Biden's Cyber, Tech and AI Legacy Faces Uncertain Future Under Trump
President Biden’s tenure has been marked by significant efforts to tackle cybersecurity challenges, from the SolarWinds attack to Salt Typhoon, but experts say his legacy remains uncertain as the new administration faces tough decisions on upholding his initiatives.

Google Says Platforms Shouldn't Use Emails as Unique Identifiers
A security researcher purchased abandoned online domains belonging to failed startups and found he could recreate email addresses and access third party services containing sensitive information collected by the shuttered companies by signing onto the platforms using "Sign in with Google."

Legal Firm Joins Other Class Action Litigators Targeted by Hackers
Wolf Haldenstein Adler Freeman & Herz LLP, a law firm that represents consumers in data breach lawsuits, has reported to regulators its own 2023 hack affecting more than 3.4 million individuals. The incident isn't the first time a law firm that handles data breach litigation reported a major hack.

Acquisition Boosts Standardized Consent Frameworks, Identity Data Interoperability
Prove’s acquisition of Philadelphia-based startup Portabl focuses on enhancing interoperability and reusable identity solutions. The move supports emerging industry standards, bridging gaps between identity verification, authentication, and payments for seamless customer experiences.

Google Says Platforms Shouldn't Use Emails as Unique Identifiers
A security researcher purchased abandoned online domains belonging to failed startups and found he could recreate email addresses and access third party services containing sensitive information collected by the shuttered companies by signing onto the platforms using "Sign in with Google."

Final Cybersecurity Executive Order Unlocks New Powers for Next Administration
Biden’s final cybersecurity order expands sanctions authorities to better target ransomware hackers and the financial facilitators and infrastructure providers enabling their attacks, a White House official said Thursday, as the administration aims to disrupt the broader cybercrime ecosystem.

Attackers Can Employ a Vulnerable Driver to Target Most Windows and Linux Systems
Researchers are warning Microsoft Windows as well as many Linux distribution users to install updates that revoke permissions for a vulnerable driver that attackers can use to target most systems, allowing them to bypass UEFI Secure Boot and install a bootkit to take full control of a system.

UALink Crafts Alternative to Nvidia NVLink to Speed AI Accelerator Links
Device-maker Apple joined the board of a recently incorporated industry group that aims to establish open standards for directly connecting AI accelerator chip clusters in data centers. The direct connection optimizes the parallel computing and high data throughput that make GPUs efficient.

Administration Officials Say Executive Order is 'Pretty Bipartisan'
An executive order set for publication Thursday during the final countdown of the Biden administration aims to use federal purchasing power as a main lever for coaxing the private sector into better cybersecurity. The order also strengthens sanctions authority against hackers.