DataBreachToday.com

Healthcare Sector Heavily Relies on Open-Source Web Server; Older Flaws Pose Risk
Federal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.

Acquisition Brings Vulnerability Management to Absolute's Cyber Resilience Platform
Absolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move aims to improve security compliance and simplify complex remediation tasks for organizations.

State Says HHS Erred by Shielding Reproductive Health Info From Law Enforcement
Texas Attorney General Ken Paxton is suing the Biden administration, alleging that "unlawful" HIPAA Privacy Rule regulations are hindering the state's law enforcement investigations into abortion cases and other reproductive health care cases.

Global Outage Triggers Calls for 'Less-Invasive Access' to Essential Functions
The global disruption caused by a faulty CrowdStrike software triggering a kernel panic and computer meltdowns has led government agencies, experts and vendors to call for rethinking Windows operating system resiliency, including the deep-level OS access security tools now require.

Also: AI's Role in Cybersecurity; New Fraud Prevention Rules
In the latest weekly update, ISMG editors discussed the implications of the recent arrest of Telegram's CEO in Paris for encrypted messaging services, the transformative impact of artificial intelligence in cybersecurity, and the latest regulations designed to curb fraud in electronic payments.

Credit Rating Business Says Cyber Insurance Market 'Poised for Significant Growth'
Competition has been increasing in the cyber insurance market, leading to a "moderate" decrease in insurance premiums after several years of rate increases. So reports Moody's Ratings, which said that the changes were driven by an influx of new players that is likely to continue.

Experts Say Orgs That Handle Highly Sensitive Health Info Are Targets of Attacks
Planned Parenthood of Montana, which provides patients with reproductive healthcare services including birth control and abortion, is responding to a hack and a threat by cybercriminal group RansomHub to leak 93 gigabytes of data allegedly stolen from the organization.

Justice Department Adds Russian Intelligence Officers to Ukraine Hacking Indictment
The United States announced a superseding indictment Thursday that adds five Russian military intelligence officers as defendants while warning that Kremlin cyberthreat actors continue to target U.S. and global critical infrastructure.

FEMA CIO: Cyber Advisers Provide Critical Security Guidance Amid Recovery Efforts
Charles Armstrong, chief information officer of the Federal Emergency Management Agency, told the Billington Cybersecurity Summit his agency has begun deploying cyber advisors to disaster recovery zones to "rapidly and securely" build information technology and operational technology infrastructure.

Ilya Sutskever Aims to Build Safe, Super-Intelligent AI
A three-month-old startup promising safe artificial intelligence raised $1 billion in an all-cash deal in a seed funding round. Co-founded by former OpenAI Chief Scientist Ilya Sutskever, Safe Superintelligence will reportedly use the funds to acquire computing power.

Kaspersky Hands Off 1 Million US Customers to UltraAV Amid Government Software Ban
Kaspersky is transferring 1 million U.S. antivirus customers to Pango Group's UltraAV product following the Department of Commerce's ban on Kaspersky software sales or updates. The transition ensures users will continue to receive critical cybersecurity updates and services.

A head-spinning series of acquisitions and mergers is transforming the security information and event management (SIEM) market. Behind this market shakeup is the ongoing technological shift from traditional, manually intensive SIEM solutions to AI-driven security analytics.

US National Security Agency Says It Has More Than 1,000 New Cybersecurity Alliances
The United States National Security Agency is banking on recently developed partnerships with leading technology firms around the world and foreign partners to combat the growing cybersecurity risks from Chinese-based threat actors, a top official from the agency said Wednesday.

5th Nation to Investigate Software Firm Imposes Largest GDPR Penalty, Bans Use
The Dutch data regulator is the latest agency to fine artificial intelligence company Clearview AI over its facial data harvesting and other privacy violations of GDPR rules, joining regulatory agencies in France, Italy, Greece and the United Kingdom.

How You Can Help Secure the Nation's Backbone From Cyberattacks
Critical infrastructure encompasses the essential services and assets vital to the functioning of society and the economy. Specializing in security in this field requires a deep understanding of the challenges and threats facing sectors such as energy, transportation, healthcare and water systems.

Unifying fragmented network security technology under a single platform allows for consistent policy application across on-premises, cloud and hybrid environments, said Palo Alto Networks' Anand Oswal. Having a consistent policy framework simplifies management and improves security outcomes.

DOJ Seizes Internet Domains, Announces Sanctions Against Russian Media Executives
The United States on Wednesday accused Russia of carrying out a sustained campaign to influence the 2024 presidential election and announced a series of sanctions and law enforcement actions that target state-sponsored hackers and media executives behind Kremlin influence operations.

Banks Using AI to Spot Fraud, Create Synthetic Data for Better Predictive Analytics
While the criminals may have an advantage in the AI race, banks and other financial services firms are responding with heightened awareness and vigilance, and a growing number of organizations are exploring AI tools to improve fraud detection and response to AI-driven scams.

Social Media Platform Deleted 25 Videos South Korean Government Said Showed Crimes
Telegram deleted 25 videos the South Korean Communications Standards Commission said depicted sex crimes, and regulators reported that site administrators pledged a "relationship of trust." The agency said it intends to establish a hotline to ensure urgent action on deepfakes.