Ransomware DataBreachToday.com

Developers' Credentials Stolen via Typosquatted ‘Fabric’ Library
A malicious Python package that mimics a popular SSH automation library has been live on PyPi since 2021 and delivers payloads that steal credentials and create backdoors. The package steals AWS access and secret keys, sending them to a remote server operated through a VPN in Paris

Anastasia Georgievskaya, CEO of Haut.AI, on How AI Is Transforming Skincare
Anastasia Georgievskaya, CEO and co-founder of Estonia-based Haut.AI, discusses the challenges of blending artificial intelligence with traditional skincare expertise and how Haut.AI is shaping a privacy-conscious future in beauty. Georgievskaya is also a research scientist at Beauty.AI.

Financial Services Experts Call for Stronger Focus on Third-Party Risk Management
Financial services leaders and cybersecurity experts said at Information Security Media Group’s 2024 Financial Services Summit that third-party vendor security risks required the need for proactive, multi-layered security frameworks to combat the growing threat landscape.

New AWS-Hosted Solution to Integrate Claude With Palantir AI Platform
Palantir, Anthropic and AWS are developing an AI platform for U.S. defense, using Claude models to enhance decision-making, detect trends and speed document processing. The Biden administration has promoted the adoption of AI for national security.

ML, NLP Tools Collect More Personal Information Than Required, U.K. Regulator Says
Artificial intelligence tools currently used by organizations in the United Kingdom to screen job applicants pose privacy risks and are susceptible to bias and accuracy issues, the U.K. Information Commissioner's Office found. The ICO focused on machine learning and natural language processing.

Also: Potential Government Policy Changes; AI-Driven Zero-Day Discoveries
In the latest weekly update, ISMG editors discussed how the recent election results may reshape U.S. cybersecurity policy and healthcare privacy under HIPAA and the groundbreaking role of artificial intelligence in Google’s recent discovery of a critical zero-day vulnerability.

Companies Race to Hire Chief AI Officers as Tech Reshapes Business Strategy
Boeing, NASA and Pfizer have established chief artificial intelligence officer positions to lead ethical deployment and innovation in 2023. Federal requirements are pushing agencies to create CAIO roles, accelerating enterprisewide adoption across a variety of industries.

Also: LottieFiles Attack, Craig Wright's Contempt of Court
This week, Metawin hacks, LottieFiles attack, hackers used Ethereum smart contracts to target npm developers, Craig Wright faced contempt of court, Alameda sued KuCoin, Binance sought dismissal of a U.S. Securities and Exchange lawsuit, and Immutable received a Wells Notice.

Also: Ransomware Hackers Demand Baguettes
This week, Chinese spying, Italian hacking scandal, an FBI warning and Okta fixed a bug. Google mandated MFA, zero days in PTZOptics and a Mexican airport didn't pay ransom. Cybercriminals demanded baguettes, breach lettersin Ohio and Germany will shield white hats. The Italian DPA rebuked a bank.

Did Data Theft at Firm Also Affect Other Clients' Information?
A hacking incident at Thompson Coburn, a national law firm based in Missouri, has affected an unspecified number of patients of a healthcare sector client, Presbyterian Healthcare Services in New Mexico. But a big unanswered question is whether other clients were affected.

Noka 'Is Aware of Reports'
Finnish telecommunications equipment manufacturer Nokia is investigating the alleged posting of source code data on a criminal hacking forum. A hacker going by the handle of "IntelBroker" on Thursday posted what he said is a trove of "Nokia-related source code."

Experts on Potential Data Security and HIPAA Privacy Changes in Trump's Second Term
With Donald Trump set to return to the White House to serve another four-year term as U.S. president, what might the healthcare sector expect to see when it comes to his next administration's cybersecurity priorities and HIPAA regulations and enforcement? Experts weigh in.

Policy Shift Allows Military Contractors, Security Agencies Access to Its AI Model
Meta revised its policy to permit U.S. defense contractors and national security agencies to use its AI model, Llama, previously restricted from military applications, announcing that it has partnered with firms including Lockheed Martin and Palantir.

Dunnhumby CISO on Building Resilience and Tackling Transformation
Martyn Booth has found that leadership means resilience, adaptability and fostering a collaborative, diverse team. Leading transformation efforts at global customer data science firm Dunnhumby, Booth stressed the value of having a strong foundation and strategic partnerships.

Security Professionals Must Continually Hone Technical and Communication Skills
In cybersecurity, there's no such thing as "done learning." The field's dynamic nature - driven by rapid technological advances and evolving threats - demands that professionals stay adaptable and proactive. It's essential for staying relevant, effective and prepared for what's next.

Burning Issues Include Russian Hacking, China's Hitting Critical Infrastructure
Four years since Trump's last term, the cyber picture looks - in many ways - markedly different. How will the incoming administration tackle Russian disinformation and cyber operations against NATO, rampant Chinese cyber espionage, and cybercriminals and ransomware continuing to disrupt businesses?

CyberEspionage 'Salt Typhoon' Operation Infiltrated Telcos' Infrastructure
The impact of a major U.S. national security breach attributed to China reportedly continues to expand, as investigators probe the infiltration of telecommunications infrastructure and eavesdropping on national security and policymaking officials' mobile phone communications.

Former President’s Win Could Bring Major Changes to U.S. Cyber Policy, Experts Say
Republican Donald Trump's return to the White House in January could bring significant changes to technology and cybersecurity policy in the United States, potentially reshaping federal approaches to AI regulation, industry investment and national security against rising digital threats.

Purchasing Israeli Startup Will Expand SaaS Security and Identity Threat Protection
CrowdStrike has agreed to acquire SaaS security leader Adaptive Shield to deliver identity-based protection across cloud and hybrid environments. The acquisition offers clients comprehensive SaaS security posture management, bridging on-premises and cloud identity defenses to thwart modern threats.

3 Countries Taking Different Approaches to Accountability and Victim Compensation
Governments globally are intensifying anti-scam measures, introducing new guidelines to banks, telecom providers and other key sectors to bolster security controls and mitigate fraud risks for consumers and businesses. Some new frameworks threaten to levy stiff penalties for non-compliance.