BankInfoSecurity.com

Fake Messaging Apps Use Previously Undocumented Malware
Android spyware campaigns using previously undocumented spyware masquerade as upgrades or plugins for secure messaging apps Signal and ToTok, warn researchers. The two campaigns appear to target residents of the United Arab Emirates.

New CEO Dennis Monner Outlines Open Systems' Global Expansion, SASE Differentiation
New CEO Dennis Monner said Open Systems stands out by combining SASE technology with 24/7 expert-led service. Backed by Swiss Post, the company aims to capture more enterprise customers in Europe and the U.S. who seek a trusted alternative to U.S. and Israeli vendors.

New Investigatory Powers Act Request Reportedly Transmitted in September
The U.K. Home Office reportedly again ordered Apple to give it backdoor access to an encrypted cloud service after backing down in August from a similar demand made earlier this year. The order comes after a similar attempt by the Home Office in January.

Also: the UK's $7B Bitcoin Case, Implications of Vectra's Netography
In this week's update, ISMG editors examine how the U.S. shutdown and the lapse of CISA 2015 liability shield are straining cyber operations, what Vectra’s move for Netography signals for multi-cloud visibility and NDR, and how British prosecutors unraveled a bitcoin hoard now worth $7 billion.

US, Australian Cyber Agencies Say Visibility Gaps Threaten Detection and Response
The Cybersecurity and Infrastructure Security Agency issued new guidance urging organizations to streamline Security Information and Event Management platform integration by prioritizing impactful log data and reducing blind spots that continue to plague even mature security operations centers.

Apex Security Detection Tools Help Tenable Spot Accidental and Malicious AI Misuse
Tenable is acquiring Israeli startup Apex Security to extend AI security features that go beyond asset discovery. With user-level controls and risk mitigation for AI usage, Tenable aims to accelerate its exposure management roadmap by integrating Apex into Tenable One later this year.

Retailers Report a Spurt in Breaches
Jewelry retailer Tiffany & Co. said hackers stole South Korean customers' data from a third-party vendor's platform, a disclosure that came shortly after sister brand Dior announced a similar breach. Hackers stole the personal information of South Korean shoppers.

Palo Alto Networks on How to Construct a Defense for Modern Threats
The rapid evolution of cyber threats, amplified by the integration of AI into adversarial tactics, calls for a shift in defensive strategies. Traditional approaches are no longer sufficient to address the sophistication, scale, and speed of modern attacks.

Huang Says Rules Shut Nvidia Out of $50B China Market, Gives Rivals Long-Term Edge
CEO Jensen Huang says new U.S. chip restrictions on China forced Nvidia to write down $4.5 billion in AI inventory and will hurt American leadership in global infrastructure as Chinese firms gain momentum. The rules fuel China’s rise and jeopardize U.S. infrastructure dominance, according to Huang.

Things to Include on Your CV When Your Job Focuses on Keeping Systems Running
If you're a junior SOC analyst, a GRC specialist or someone working in ICS environments, the idea of a cyber portfolio might seem irrelevant. It's not. Employers need tangible proof of your skills, and a well-constructed portfolio does just that - whether your job touches logs or legal frameworks.

APT31 Compromised the Czech Foreign Affairs Ministry in 2022
The Czech government on Wednesday said Chinese state hackers stole sensitive declassified information from the republic's foreign ministry as part of a years-long espionage campaign. Czech Ministry of Foreign Affairs attributed the hack to a Chinese nation-state group tracked as APT31.

Stealthy Malware Installs Cryptomining Software
A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet "PumaBot," since its malware checks for the string "Pumatronix," the name of a Brazilian manufacturer of surveillance and traffic camera systems.

'It's Just Totally Destabilizing,' Staffers Say Amid CISA's Leadership Exodus
An ongoing exodus of top officials and senior leadership at the Cybersecurity and Infrastructure Security Agency's regional offices has left staffers increasingly worried about a potential major shift in mission and continued cuts to staff and spending.

Researcher Analyzes System Prompts to Show How New Claude Models Work
System-level instructions guiding Anthropic's new Claude 4 models tell it to skip praise, avoid flattery and get to the point, said independent AI researcher Simon Willison, breaking down newly released and leaked system prompts for the Claude Opus 4 and Sonnet 4 models.

Google Is Getting Accolades for Veo 3, But the AI Video Tool Has a Darker Side
AI enthusiasts are saying Veo 3 is one of Google's best products. The mind-blowing AI constructs cinematic video clips from text prompts, and the results look real. Veo 3 pushes deepfake capabilities into uncharted territory and introduces new threats to truth, trust and authenticity.