DataBreachToday.com

Nacha's Devon Marsh on Banks Proving They 'Reasonably Intended' to Identify Fraud
Nacha's 2026 rule amendments pivot from "commercially reasonable" to "reasonably intended" fraud detection standards. Nacha's Devon Marsh explains what this shift means for RDFIs and ODFIs and how banks and financial institutions can define and demonstrate reasonable practices.

Why Traditional Logs Can't Explain What Happens Inside a Rogue AI Model
Logs are where cybersecurity teams spot how and when the break in occurred. For a new type of attack, logs will be worthless - a condition that will especially challenge digital responders as artificial intelligence systems become more ubiquitous.

Lawmakers Include Extension of Cyberthreat Sharing Law in Shutdown Resolution
A statute underpinning corporate cybersecurity information sharing may come back into effect along with funding to reopen the U.S. federal government after six weeks of being shutdown. The Cybersecurity Information Sharing Act of 2015 expired the same day Washington shut down on Oct. 1.

Orbital Frontier Is the Next Ungoverned Internet, and We Have Left It Open to Attack
The orbital frontier is the next ungoverned internet - a vast, vulnerable network of over 11,000 satellites without a cybersecurity framework. As nations race to commercialize space, we've left the orbit open to attack. Who will govern space cybersecurity?

Steve Lenderman of isolved on Cross-Device Challenges, User Adoption Strategies
Steve Lenderman, head of fraud prevention at isolved, discusses the shift to passwordless authentication, addressing adoption challenges across multiple devices, the link between cybersecurity and fraud prevention, and how behavioral analytics will shape identity verification in 2026 and beyond.

AGs Cite Security Failures Leading to Illuminate Education's Late 2021 Data Theft
A California-based vendor of software used to collect and analyze student data, including records of children with disabilities and special educational needs, has been fined a total of $5.1 million by the attorneys general in three states in the wake of a 2021 hack that affected 3 million people.

Pedestrians Uniquely Refract Directional Radio Signals
The way you use your walk - specifically when striding through a Wi-Fi field shaped by directional antennae - can reveal who you are, found researchers who investigated the surveillance potential of wireless routers. "Every router is a potential surveillance device," say researchers.

Pentagon Formally Rolls Out Long-Awaited Cybersecurity Requirements for Vendors
The Department of Defense's final Cybersecurity Maturity Model Certification rule went into effect Monday after years of industry debate, requiring all defense contractors and subcontractors to obtain cybersecurity certifications for any new contracts, contract renewals or extensions.

It's Time for Enterprises to Manage Risks Posed by Compromised Personal Devices
Online job scams have evolved beyond consumer fraud and now pose a direct threat to corporate networks. Google warns that scammers are embedding remote access Trojans and info-stealers disguised as interview software or application materials to hack personal devices and ultimately corporate systems.

OT Security 'a Generation Behind Traditional IT'
For those charged with the cyber defense of OT and industrial control systems, one challenge towers above all others: Data. Specifically, its scarcity. Most operators simply don't capture it, in stark contrast with their IT counterparts.

Senate HELP Committee Chair Seeks to Secure Data in Smart Watches, Health Apps
Sen. Bill Cassidy, R-La., a physician and chair of the Senate health committee, has proposed legislation that aims to create parallel HIPAA-like privacy protections to more types of health data - such as data collected by consumer wearable devices and health apps - not currently covered under HIPAA.

Keyless's Biometric Tech to Improve Privacy, Account Recovery and User Experience
Ping Identity will acquire Keyless to expand passwordless authentication to frontline workers who lack access to smartphones. The deal gives Ping deepfake-resistant, privacy-first biometrics that don't store user templates on servers, easing identity verification and account recovery.

Spyware Targets Samsung Galaxy Devices, Says Unit 42
Hackers used previously unknown commercial spyware dubbed "Landfall" to surveil the activities of Samsung Galaxy device owners in the Middle East, say security researchers who posit the threat actor has connections to the United Arab Emirates.

Audit Issues, Policy Debt and Limited Project Scope Are Hampering Adoption
Microsegmentation has long been touted as the gold standard for restricting lateral movement by hackers. It helps lock down network traffic and reduces the blast radius of a breach. Vendors say it's transformative, but if you walk into most large enterprises, you'll will find it half-implemented.

CISA Argues None of 54 Fired Workers Fall Under Union Protections
The Cybersecurity and Infrastructure Security Agency told a federal court it complied with an injunction blocking shutdown-related layoffs by sending reduction-in-force notices only to non-union staff within a unit vital to coordination with state, local and private-sector defenders.

OTsec India Steering Committee Discuss Cyberthreats, Compliance and Innovation
Featuring some of the most prominent voices in Indian operational technology cybersecurity, the steering committee for the inaugural OTsec India Summit shares insights on a range of topics including OT threats, regulatory imperatives and the latest innovations.

Also: SBF Appeals Conviction, PHP Exploits Fuel Cryptomining
Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Europol's 600 million euro fraud network bust, Sam Bankman-Fried conviction appeal, PHP exploits fueled cryptomining campaigns and sentencing set for Samourai Wallet founders.

Statewide Breach Hit 60 Agencies Before Ransomware Was Deployed
A threat actor infiltrated Nevada’s statewide systems undetected for months, ultimately disrupting at least 60 agencies by deleting backups and launching ransomware that forced a full rebuild of core infrastructure and triggered a multimillion-dollar emergency response.