DataBreachToday.com

U.S. Federal Government Gives Agencies Three Weeks to Patch or Mitigate
Fortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack. Cybersecurity researcher Kevin Beaumont christened the vulnerability "FortiJump."

New Ransomware Group Deploys Rust-Based Tools in Attacks
A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in April amid an ongoing shakeup in the ransomware world.

Proposal Will Be Open for Public Comment Next, But Will It Go Anywhere?
The Department of Health and Human Service last Friday submitted for White House review long-awaited updates to the 20-year-old HIPAA Security Rule containing modifications aimed at strengthening the cybersecurity of electronic protected health information.

Firm Won't Deploy Feature in the EU, UK Due to Data Collection Norms
Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.

Tech Giants, AI Firms, Academics Urge Congress to Take Action by Term-End
A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.

Annual Conference and Hackathon Showcases Solutions for Protecting IoT Devices
Showcasing the latest innovations in hardware security, experts from more than 100 companies worldwide have gathered this week at Hardwear.io in Amsterdam. The annual event and hardware hackathon examines current and future challenges and solutions in hardware security.

The trend toward remote working over the last several years has bred all kinds of tools intended to help us improve productivity and facilitate easier, faster digital communications with colleagues. So why does workplace productivity still feel impossible to achieve? Unfortunately, email—one of the most integral vehicles for business communication—is also one of the biggest drains on employee time and energy. According to data from Microsoft, employees spend as much as 8.8 hours each week checking and responding to email. And while many email communications are essential, one recent report found that nearly half of all emails are spam or other unwanted mail.

Why Peter Todd May Be Another Conspiracy Theory on the Bitcoin Creator
Is Peter Todd truly Satoshi Nakamoto, or just the next name in a long list of conspiracy theories that are eventually debunked? The HBO documentary's claim is far from conclusive, despite an eyebrow-raising moment in the film, where Todd admits to being Nakamoto on camera, seemingly tongue in cheek.

SEC: Check Point, Mimecast Disclosures Didn't Capture Severity of SolarWinds Hack
Check Point and Mimecast will each pay regulators nearly $1 million to settle charges of making materially misleading disclosures related to the SolarWinds Orion hack. The SEC alleged public disclosures from Check Point and Mimecast didn't capture the severity of the compromise.

Europe Will Renew or Deny Data Sharing Agreement in June
The U.K. government should work ahead of a June deadline to retain its status as a trusted host of European commercial and law enforcement data, urged the head of a parliamentary committee. The economic value of an EU "adequacy agreement" is "substantial," wrote Peter Ricketts.

Attackers Could Exploit Flaw to Relay Credentials, Compromise Systems
A critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.

Socket Plans to Triple Headcount After Big Growth, Deliver Open-Source Tools Faster
A $40 million Series B investment will support Socket in rapidly scaling its team and product development. Following a 400% revenue increase, the company plans to build on its success by expanding its application security offerings and enterprise support for more programming languages.

US Cyber Defense Agency Says Election Is Secure Despite Intensifying Threats
The Cybersecurity and Infrastructure Security Agency is ramping up its warnings of potential election interference and influence campaigns in the lead up to the November vote. But voters can be assured their ballots are secure and will be counted as cast, the agency said.

Vulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub Projects
Security researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS data and uncovered local file inclusion, cross-site scripting and remote code flaws in APIs.

FBI Tracking Alleged Fraudsters Using Evidence Seized From Shuttered Genesis Market
An FBI probe into shuttered cybercrime site Genesis Market has led to the indictment of Terrance Ciszek, a now-suspended police detective in Buffalo, New York, who's been accused of buying stolen payment card data and recording a video showing fraudsters how to use it anonymously.

Deal Enhances Sophos’ Managed Security Portfolio, Adds AI-Powered Taegis XDR Tool
Sophos is acquiring Secureworks in a deal valued at $859 million, aiming to integrate its managed security services with Secureworks' Taegis XDR platform. This merger is expected to deliver advanced detection and response capabilities, and enhance global cybersecurity for businesses of all sizes.

Attack Method Exploits RAG-based Tech to Manipulate AI System's Output
Researchers found an easy way to manipulate the responses of an artificial intelligence system that makes up the backend of tools such as Microsoft 365 Copilot, potentially compromising confidential information and exacerbating misinformation. Researchers called the attack "ConfusedPilot."