BankInfoSecurity.com

Bureau Endorses Enhanced Information Sharing With Global Allies to Curb Cybercrime
The FBI strongly supported recent efforts to expand information sharing with international partners and launch new efforts to curb global cybercrime, including working with Indian authorities to combat cyber-enabled financial crimes and transnational call center fraud.

Acquisition Adds Expert Team, Reachability Analysis Tech to Socket's Security Stack
With Coana's team and tools, Socket aims to strengthen its platform's ability to identify actionable vulnerabilities. The integration will help security teams eliminate busywork, focusing on high-impact issues using precomputed reachability data from open source codebases.

Senior Advisers Behind 'Secure by Design' Step Down From CISA Amid Workforce Cuts
A wave of senior cybersecurity advisors is leaving the U.S. cyber defense agency amid government downsizing, raising concerns about broader national cyber defense capacities as White House plans to cut the size of the federal workforce deepens instability across critical agencies.

Ransom Threats to Be Reported Under New Australian Legislation
Australian organizations have 40 days to prepare for a new law requiring mandatory reporting of ransomware payments to authorities. The law covers about 6.5% of registered businesses which, starting May 30, must report ransomware payments within 72 hours to the Australian Signals Directorate.

Attack Combines Social Engineering and Card Emulation to Execute Real-Time Theft
Hackers are using Chinese-speaking Android malware-as-a-service SuperCard X to carry out near-field communication relay attacks, siphoning payment card data and executing live point of sale and ATM transactions. Victims receive spoofed SMS or WhatsApp alerts purporting to originate from their bank.

Cybercrime Cartels Moving to Places With Limited Law Enforcement Capacities
Cyber scam operations in Southeast Asia have assumed industrial-scale proportions, warns a United Nations report highlighting the rise of criminal groups with global ambitions. The region is a "key testing ground for transnational criminal networks looking to expand their influence," warned UNDOC.

Faces Two Counts of Oklahoma Computer Crime Act Violations
The CEO of a small cybersecurity firm is facing two counts of violating Oklahoma's Computer Crimes Act in a case alleging that he walked into an Oklahoma City hospital and installed malware on employee computers. The case echoes other alleged hospital security incidents.

Hackers Targeted Critical Infrastructure for Sabotage, Data Theft
Russian and Chinese hackers targeted critical infrastructure in the Netherlands for strategic gains amid escalating tensions with Western governments, the Dutch intelligence agency said. The Netherlands witnessed a number of "cyberespionage attempts against the Dutch government."

Security First Framework Approach Focuses on Isolating Untrusted Inputs
Chatbots' popularity has been tempered from the start by the prospect of prompt injection attacks. Google DeepMind's CaMeL aims to address the issue by reframing the problem, and applying proven security engineering patterns to isolate and track untrusted data.

Model Context Protocol's Adopters Include OpenAI, Google
Artificial intelligence developers including OpenAI, Google and Microsoft are adopting rival Anthropic's open standard to speed up the capabilities of their chatbots by allowing them to access daily-use software. Dubbed "Model Context Protocol," the open standard aims to make chatbots more useful.

In Other Cybercrime Market Drama, BreachForums Marketplace Reboot Branded a Fake
Just three months after being disrupted by an intelligence law enforcement operation, the notorious online cybercrime marketplace called Cracked appears to have patched itself up and restarted operations. The recently disrupted BreachForums also claims to be back - although experts remain skeptical.

Top Democrat Sounds Alarm Over Whistleblower Report of DOGE's Master Database
A top Democrat on the House Oversight Committee sounded the alarm after a whistleblower provided information to Congress warning that staffers for the Department of Government Efficiency violated federal data laws while building a "master database" of sensitive information across federal agencies.

With highly sensitive information and disruptions to medical care at stake during cyberattacks on healthcare organizations, it's vital for these entities to carefully consider details of their communications plans well in advance of suffering a serious incident, said Tom Bolitho of FTI Consulting.

DOGE Staffers Allegedly Violated Federal Cyber Best Practices and Data Privacy Laws
A whistleblower complaint made public this week provides the most in-depth look yet at the Department of Government Efficiency's many alleged cybersecurity failures, from violating federal best practices to seemingly ignoring data security laws in an apparent bid to shrink the government.

EVP Muhi Majzoub Outlines Integration of TDR, Generative AI Across Core Platforms
OpenText is embedding threat detection, identity protection and generative AI across its cloud and on-premises platforms. EVP Muhi Majzoub says the threat detection and response system will integrate with Microsoft Defender, CrowdStrike and others to identify anomalies and stop attacks in real time.

Despite Last-Minute Reprieve, Fresh Approach and Ownership Required, and Soon
This week's near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.

Safety Concerns Emerge Amid o3, o4-mini and GPT-4.1 Launches
OpenAI's mid-April announcements include its most advanced reasoning models o3 and o4-mini, with a biorisk monitor, the quietly released GPT-4.1 coding family and the upcoming retirement of its costliest model, GPT-4.5. OpenAI's partners warn that the company's rushed evaluations have left gaps.

BitNet b1.58 2B4T Focuses on Speed, Efficiency, Open Access
Microsoft released what it describes as the most expansive 1-bit AI model to date, BitNet b1.58 2B4T. Unlike traditional large language models that depend on GPUs and massive infrastructure, the model is built to operate efficiently on CPUs including Apple's M2 chip.