BankInfoSecurity.com

Capita Ignored EDR Alert for 58 Hours, Say Investigators
British outsourcing giant Capita must pay 14 million pounds to British data regulators for privacy violations tied to a 2023 hack that impacted 6 million individuals. An EDR system caught the malicious file within 10 minutes but the company didn't respond to the alert until 58 hours later.

Risk Scoring to Enable Real-Time Action by Imprivata on Suspicious Access Attempts
Imprivata's acquisition of Verosint adds 150 real-time behavioral and environmental signals to its access management suite. CEO Fran Rosch says the combined risk scoring system will enable smarter authentication, especially for remote and third-party users.

Symantec Says It Spotted Likely Supply Chain Hack
Suspected Chinese state-linked hackers reportedly breached a Russian IT service provider in an espionage campaign targeting government-related networks. Symantec uncovered Chinese hackers they named Jewelbug, infiltrating a Russian company between January and May.

Point Wild's Zulfikar Ramzan Says Cryptography Is Crucial Against Quantum Risks
Cyber resilience is a critical part of defense strategies today, and resilience is rooted in strong, well-managed cryptography, said Zulfikar Ramzan, chief technology officer at cybersecurity firm Point Wild. He shares key drivers for organizations to move toward quantum migration.

Cambodian Firm Worked Directly With North Korea, Say US Officials
The U.S. and U.K. imposed sanctions on Cambodia’s Huione Group and 146 affiliates linked to the Prince Group TCO, citing human trafficking, forced labor and over $4 billion in laundered cybercrime proceeds tied to North Korean hacks and Western-targeted scams.

Recent Cybersecurity Conferences Highlight Resilience and Shoring Up Critical Infrastructure Systems
Learn how recent cybersecurity conferences focused on resilience and shoring up critical infrastructure systems spotlight the need for virtual segmentation, OT visibility and zero trust adoption.

Cybercriminals Demanded Ransom Payments Directly From Some Affected Patients
An Oklahoma health system will pay $30 million to settle class action litigation involving a 2023 data theft hack that affected 2.4 million people. Some of the patients - including minors - have received blackmail demands directly from cybercriminals threatening to sell their data on the darkweb.

Cybereason Deal Bolsters LevelBlue's XDR, DFIR and Global Incident Response Reach
LevelBlue is acquiring Cybereason to enhance its extended detection and response, digital forensics, and global threat intelligence capabilities. The move brings top talent, expands the firm's footprint in Japan and follows LevelBlue's acquisitions of Aon and MDR provider Trustwave.

NCSC Chief Says Recent Retailer Hacks Should Be 'Wake-Up Call' for Cyber Defenders
The number of cyberattacks in the United Kingdom surged 50% in the past year, with ransomware continuing to be the top threat. National Cyber Security Centre CEO Richard Horne said recent high-profile hacks at major retailers exposed supply chain vulnerabilities and are a "wake-up call" to defenders.

Researchers Show Minimal Data Poisoning Can Disrupt Large Language Models
Only a couple hundred malicious training documents are needed before a large language model puts out meaningless text when prompted with a specific trigger phrase, say researchers.

3 Private Equity Firms Kick the Tires, But Proposed Price Wasn't to Snyk's Liking
Slowing growth, continued losses and increased competition have turned a Snyk IPO into an increasingly unlikely prospect. The Information reported this month that Snyk has spoken with at least three private equity firms about a potential deal, but has been unable to reach an agreement on price.

Medusa Group Tied to Attack on SimonMed and Threats to Leak Stolen Data
Two radiology practices are notifying nearly 1.5 million people of separate hacking incidents compromising their sensitive health information. Cybercrime gang Medusa claimed credit for attacking Arizona-based SimonMed Imaging in January and threatened to leak the stolen data of nearly 1.3 million patients on the darkweb.

Dutch Ministry Invokes National Security Law to Impose Domestic Control
The Dutch government said it is severing semiconductor chipmaker Nexperia from control by its Chinese parent after invoking a national security law allowing it to impose domestic control. Partially Chinese state-controlled Wingtech Technologies acquired a three quarters stake in Nexperia in 2018.

Today's Hapless Hackers Are Tomorrow's Threat, Warns Forescout
A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant - but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30.

EU Justice and Home Affairs Council Halts Voting, Sees Opposition
A European content scanning proposal intended to enhance online child safety stalled after German lawmakers voiced opposition and member states canceled a planned vote on the measure's adoption. The EU Justice and Home Affairs Council was set to vote Tuesday on Chat Control.

In Today's Reality, Zero Trust Principles Matter, Verification Is an Imperative
This month, a judge made history by throwing out an $8.7 million lawsuit after discovering something that had never before appeared in her courtroom: deepfake testimony. But these new legal lessons are already a reality in business: the need for trust, verification and authentic communication.