BankInfoSecurity.com

HITRUST's Tom Kellermann on Third-Party Risk, Defending Against Persistent Access
Island hopping, AI poisoning and access mining are reshaping cyber risk. Tom Kellermann of HITRUST says organizations must modernize third-party risk management practices and assess AI environments to stop attackers from using trusted infrastructure as a launch pad for broader campaigns.

2023 Data Theft Affected Nearly 887,000 Patients
A radiology practice that has been serving patients in North Carolina for about 70 years agreed to pay more than $3.4 million to settle proposed class action litigation filed in the wake of a 2023 hacking incident that compromised the sensitive information of nearly 887,000 individuals.

CISA Budget and Staffing Cuts Undermine National Cyber Readiness, Officials Warn
Federal cybersecurity reforms have regressed for the first time since 2020, as staffing cuts, diminished agency authority and lost momentum threaten U.S. cyber resilience, according to the Cyberspace Solarium Commission’s 2025 report, which urges immediate action from the White House and Congress.

Microsoft Says Hackers Pivoting to Identity Compromise
Hackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches.

Proposed Acquisition Would Create Unified View of AI-Ready Data Environments
Veeam's proposed acquisition of Securiti AI for $1.725 billion addresses a long-standing disconnect between where data runs and where it's protected. The move enhances AI governance and posture management while supporting Veeam's vision for end-to-end data control.

Pen Tests Find States Thwart Basic Attacks But Are Vulnerable to Sophisticated Ones
Pen testing of 10 Medicaid management and enrollment systems found that while the nine states and one territory implemented "generally effective" security controls to prevent limited cyberattacks, improvements are needed to protect against more sophisticated attacks, said a watchdog agency report.

Russian Intel Hackers Flexible in Face of Detection
Russia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research.

NTLM Reflection Attack Strikes Again
A three-month old flaw in a network protocol for file sharing used by Microsoft is under active exploitation, warns the U.S. Cybersecurity and Infrastructure Security Agency. The flaw's exploitation bypasses mitigations Microsoft has built over the years to prevent NTLM reflection attacks.

Silicon Valley Startup Focuses on Discovery and Governance of Non-Human Identities
With $30.75 million in Series B funding, Defakto aims to strengthen non-human identity security across AI workloads and cloud platforms. The Silicon Valley-based startup plans to deepen discovery, governance and enterprise integrations, while expanding its go-to-market strategy.

Active Measures Teams Rapidly Springboarding From Current Events, Find Researchers
After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts.

Ransomware Group Lynx Reportedly Stole 4TB of Data
The U.K. Ministry of Defense is investigating an apparent data breach by Russian-speaking ransomware hackers of a building facilities contractor with ties to the military. The Lynx ransomware group posted on its darkweb site samples of what it says is 4 terabytes of data stolen from the Dodd Group.

IT Systems, Radiology Services Taken Offline; Ambulance Patients Diverted
A North Central Massachusetts nonprofit healthcare system with two community hospitals, a medical group and several other care facilities has taken its IT network offline and is diverting ambulance patients as it continues to respond to a cyberattack that hit last week.

Attack Began With Citrix NetScaler Gateway Compromise, Darktrace Said
The Chinese cyberespionage hackers commonly tracked as Salt Typhoon haven't stopped their campaign against global telecoms, says managed threat detection firm Darktrace. The group has made telecoms and other digital infrastructure a primary target.

NSO Group Blocked From WhatsApp and Must Destroy Code Used to Hack 1,400 Devices
A federal judge issued a permanent injunction barring NSO Group from using or retaining its WhatsApp spyware exploit, citing national security risks and business harm after the manufacturer's tools compromised 1,400 devices - some allegedly linked to journalists and officials.

Tenable's Nate Dyer on Moving Beyond Traditional Vulnerability Management
Vulnerability management no longer covers the full attack surface. Nathan Dyer of Tenable explains how unified exposure management helps reduce risk, shrink ticket volume and increase operational efficiency by unifying data, context and response across teams.

Cloud Giant Blames DNS Misconfiguration
Amazon Web Services is recovering from a service outage that affected its own services and dozens of its clients on Monday including websites of the British government. The cloud computing giant - the world's largest - blamed a domain name system misconfiguration.

Chaos Theory and Ransomware's Love Child Serves Up Nonstop Unpredictability
All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.