DataBreachToday.com

Experts Detail Upsides of Bug Bounties and Getting Devices Into Researchers' Hands
As fresh vulnerabilities in hardware keep coming to light, one question remains: What vendors can do to better prevent, identify and eradiate flaws? One shortlist offered by veteran hardware hackers centered on the upsides of engagement, including bug bounty programs.

Leaked Executive Order Would Strip States of Power to Regulate AI Tech Firms
A leaked draft executive order would empower federal agencies to override state AI laws, threatening federal funds for noncompliance and creating a litigation task force - drawing sharp backlash over executive overreach and potential harm to consumers.

Class Action Litigation and Criminal Case Focus on Actions of an Ex-Tech Worker
A federal court has granted preliminary approval of a $5 million settlement in class action litigation filed against Pennsylvania-based Geisinger Health and Nuance Communications - now part of Microsoft - involving a 2023 insider data breach affecting more than 1 million Geisinger patients.

European Cybersecurity Agency Can Assign CVE IDs and Publish CVE Records
The European Union Agency for Cybersecurity is poised to take on a greater role in coordinating vulnerability disclosures across the trading bloc with its elevation as a "Root"-level participant in the Common Vulnerabilities and Exposures program.

Salesforce Revoked Gainsight Authentication Tokens
Customer relationship management giant Salesforce is again notifying customers that hackers may be stealing their data through a third-party app. The San Francisco company late Wednesday disclosed that apps published by Gainsight connected to Salesforce instances may have "enabled unauthorized access."

Avoid Roadblocks to Your Advancement, Optimize Your Professional Throughput
Career latency is not an indictment of your ability. Understanding what creates latency in your professional life and how to address it is an essential component of long-term growth. With a diagnostic mindset and a willingness to optimize, you can restore throughput and move forward with purpose.

Michael Leland of Island on How to Enhance Credential Security
From infostealers to phishing, almost 90% of all data breaches now involve the use of stolen credentials - leading to billions of dollars in losses. Michael Leland of Island opens up on the role of the modern enterprise browser in mitigating these risks created by compromised credentials.

Ping Identity and Ameris Bank on Stopping Fraud Without Alienating Legitimate Users
In the latest "Proof of Concept," Rich Keith, director of product and solutions marketing at Ping Identity, and Todd Smith, senior vice president of customer IAM at Bank Ameris, joined ISMG editors to discuss how AI-based fraud is breaking trust models faster than many systems can adapt.

Attackers Can Flip Safety Filters Using Short Token Sequences
A few stray characters, sometimes as small as "oz" or generic as "=coffee" may be all it takes to steer past an AI system's safety checks. HiddenLayer researchers have found a way to identify short token sequences that can cause guardrail models to misclassify malicious prompts as harmless.

Data of Nearly 470,000 Patients and Employees May Have Been Leaked on Dark Web
Omni Family Health, a California nonprofit network of community health centers, has agreed to pay $6.5 million to settle proposed class action lawsuits related to a 2024 hack that may have exposed the personal information of nearly 470,000 current and former patients and employees on the dark web.

Internal Memo Says Trump-Era Cuts 'Hampered' CISA During 'Pivotal Moment'
The Cybersecurity and Infrastructure Security Agency is reeling from an apparent 40% vacancy rate in several key divisions following White House-driven cuts and a prolonged government shutdown, according to an internal memo revealing how recent layoffs were undermining federal readiness.

Hacking Group Deploys Raft of Custom Malware Variants
An Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps.

PLCs Increasingly in Hacker Crosshairs, Warns Trellix
Patching is still the mortal weaknesses of operational technology environments, warns cybersecurity firm Trellix in a report assessing incidents in critical infrastructure settings during the middle two quarters of this year.

Only Regulations Can Convince Meta to Cut Its Revenue Stream From Fraud Victims
How motivated would you be to stop a source of revenue if you discovered that some of your advertisers are scamming your customers? Most businesses would want to protect their customers. In the strange universe of social media giant Meta, incentives for doing the right thing are totally different.

Suspect May Be Military Officer Indicted by US for 2016 Election Interference
Police in Thailand have arrested a Russian citizen suspected of launching hack attacks against targets around the world, who's wanted by the FBI. While the suspect hasn't been named, his age matches that of a Russian military intelligence officer indicted for 2016 U.S. election interference.