BankInfoSecurity.com

Ukrainian National Twice Indicted in Los Angeles for Pro-Russian Hacking
U.S. and allied agencies warned of low-skill Russian-linked hacktivists breaching critical infrastructure by exploiting weak remote access tools, as federal prosecutors charged a Ukrainian national with helping orchestrate operations targeting water and energy systems.

Boards are becoming increasingly focused on understanding the mechanics and implications of agentic artificial intelligence, but traditional governance processes aren't built for the speed and complexity of today's AI-driven innovation cycles, said JoAnn Stonier, former chief data and AI officer at Mastercard.

Also, Dutch Defend the Nexperia Takeover, Hikvision Challenges FCC, Qilin Strikes
This week, likely North Korean hackers exploited React2Shell. The Dutch government defended its seizure of Nexperia. Prompt injection may be here to stay. Hikvision pushed back against a new U.S. crackdown. Qilin claimed it hacked Scientology, Microsoft Patch Tuesday and MuddyWater activity.

AI Firm Says New Models May Be 'High Risk' as Dual-Use Capabilities Grow
OpenAI said Wednesday it is preparing for artificial intelligence models to reach "high" cybersecurity risk levels, marking an escalation in the dual-use capabilities that could strengthen defenses or enable sophisticated attacks.

KKR-Led Series B Investment Propels AI Agent, Nonhuman Identity Management Push
Backed by $700 million in funding from KKR at a $3 billion valuation, Saviynt plans to accelerate innovation in identity security for humans, machines and AI agents. The Series B investment supports global expansion and continued platform development to meet evolving enterprise needs.

Password Manager Must Pay 1.2M Pounds
The British data regulator imposed a fine of 1.2 million pounds against password manager LastPass over a 2022 data breach that exposed the data of millions of its customers. Unidentified hackers stole backup data from LastPass's Amazon Web Services S3 bucket.

The Next Major Cyber Risk Could Come Through a Biological Sample
Researchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential.

Lessons From Lightning-Fast AI-Based Attacks and How Cyber Defenders Should Respond
AI-based attacks will come faster and the sequence of activities will be less predictable. Cyber defenders are skilled in network analysis, incident response and cloud or identity management, but in the face of AI-based attacks, they need new skills, tools and defensive tactics.

Analysis of Seized LockBit Data Suggests Victims Who Pay Enjoy More Media Coverage
Bad news for any organization that's ever paid a ransom in a bid to avoid their breach coming to light, or for a promise from attackers to delete stolen data, with a study of seized LockBit data finding that victims who paid a ransom were more likely to see the attack get detailed in the media.

Inotiv Tells SEC 'It's Still Evaluating Full Impact and Notifying Breach Victims'
Drug research firm Inotiv in a filing with federal regulators said it is still evaluating the financial and operational impact of an August cyberattack that's linked to ransomware gang Qilin. The company is also notifying nearly 10,000 people whose data was allegedly stolen in the incident.

CTO Matthew Fraser Says Administrations May Change but AI Program Is Built to Last
New York City gets a new mayor on Jan. 1, and while no one knows Zohran Mamdani's plans for using artificial intelligence, the city's AI Action Plan will ensure a strong foundation for innovation, city Chief Technology Officer Matthew Fraser told attendees at The AI Summit in Manhattan on Wednesday.

What Will Lead Next Year's Cloud Security Agenda?
As 2026 approaches, one thing is certain: Artificial intelligence adoption will continue to accelerate at an extraordinary pace. CISOs will be tasked with maintaining security and control as hybrid cloud environments grow more distributed, automated and interconnected.

Startup Uses AI Agents to Support Proactive Security and Scale Development
With a $36 million investment, Clover Security plans to expand its suite of AI agents that automate security reviews and improve collaboration with developers. The company says this proactive approach helps manage risks introduced by AI-driven software creation.

Regulators Question Whether Google Compensates Publishers for Auto Summaries
Google faces a fresh probe into its competitive practices after the European Union said it will investigate the search engine giant's propensity to convert web content into fuel for its artificial intelligence models. The commission said the investigation is a "matter of priority."

Data Theft Incidents Are Among the Latest Hacks Against Specialty Medical Providers
Two specialty healthcare providers - a Florida-based firm that provides hospice services in several states and a Pennsylvania-based eye care practice - are notifying nearly 520,000 people that their sensitive health information was compromised in separate hacking incidents.

Google Says Gemini Enterprise Agentic AI Model Is Ready for Banking Clients
BNY is integrating Google Cloud's Gemini Enterprise agentic artificial intelligence platform into its proprietary enterprise AI platform, Eliza. The move represents an evolution from AI as a pilot project to AI as infrastructure for the global financial services organization.

Patch Now, as Scans and Hack Attempts Happening 'at Scale,' Security Experts Warn
Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. React is used by an estimated two-fifths of the world's top 10,000 websites.

Clop Ransomware Group Targeted NHS Barts Health in August
A National Health Service hospital is seeking assistance from the U.K. High Court to stymie a potential data leak tied to a ransomware hack. The hospital, NHS Barts, said ransomware group Clop targeted its network in August.