BankInfoSecurity.com

Going Beyond the Copilot Pilot - A CISO's Perspective
With 60% of businesses piloting M365 Copilot but only 6% scaling, this webinar explores why gen AI deployments stall — and what CISOs and IT leaders must know to roll out secure, compliant, and effective AI productivity tools.

Whether Hackers Stole Data Not Yet Known
Several London city councils said they detected hacker activity on Wednesday night in an incident disrupting their telephone access and that may involve stolen data. The contiguous municipalities of Westminster and Kensington and Chelsea said they "are responding to a cybersecurity issue."

JSON Code 'Beautifiers' Expose Sensitive Data From Banks, Government Agencies
At what price beauty? Apparently, some developers will paste anything into "JSON beautify" sites, from researchers report recovering authentication keys, database credentials, personally identifiable information for banking customers and much more.

While information blocking regulations were authorized under the 21st Century Cures Act nearly a decade ago, regulators are only starting to ramp up enforcement of the prohibited practices. Attorney Nan Halstead of Reed Smith explains critical steps organizations need to take to comply.

Security by Design or Be Fined, Committee Suggests
A U.K. parliamentary committee is recommending a new statute forcing software publishers to hew to secure-by-design principles or else face financial penalties. The committee called for "enforcement agencies" empowered to levy fines to monitor industry for compliance.

Cyber Advisory Cites Abuse of Linked Devices to Monitor Sensitive Communications
The U.S cyber defense agency issued an alert outlining how commercial spyware and state-aligned groups are abusing messaging-app features through malicious QR-based linking and zero-click exploitation to monitor U.S. government, military and other high-profile figures.

JP Morgan Chase, Citi and Morgan Stanley Among Banking Customers Impacted
Major U.S. banks are assessing their exposure to a cybersecurity incident at real estate financial technology company SitusAMC, which disclosed Saturday that a breach may have affected client data. The New York firm uncovered the incident on Nov. 12.

Mindpath Health Settles Claim for $3.5M; Delta Dental Notifies 146,000 of Breach
Email breaches continue to plague the healthcare sector, resulting in data compromises that often affect the sensitive information of scores of patients. Two recent incidents illustrate the risks email breaches pose to patients, and the potential legal fallout for providers.

Israeli Startup Plans to Integrate AI Agent Guardrails Into Cloud Platform
Sweet Security secured $75 million in Series B funding to integrate AI security into its CNAPP platform. With runtime protection as its differentiator, the startup plans to address growing CISO concerns over shadow AI and attack vectors involving intelligent agents.

Lawmakers Say Reversal Strips One of Few Enforceable Standards for Major Carriers
The U.S. FCC's move to scrap its short-lived interpretation of the Communications Assistance for Law Enforcement Act - the 1994 statute known as CALEA - sparked warnings that the agency just eliminated one of the few enforceable cybersecurity tools for the telecom sector.

HSCC 'Model Contract' Calls for Shared Cyber Risks for Providers and Device Makers
Newly revised "model contract language" guidance from the Health Sector Coordinating Council provides an updated reference document to help healthcare providers and medical device makers better articulate and evaluate cyber considerations when negotiating purchases of products and services.

High-Profile Case Ends After Judge Guts SEC’s Cyber Fraud Allegations
The SEC has dropped its remaining claims against SolarWinds and CISO Tim Brown, ending a controversial cyber fraud lawsuit that aimed to expand securities law to cover operational security failures tied to the 2020 Russian hacking campaign.

Experts Detail Upsides of Bug Bounties and Getting Devices Into Researchers' Hands
As fresh vulnerabilities in hardware keep coming to light, one question remains: What vendors can do to better prevent, identify and eradiate flaws? One shortlist offered by veteran hardware hackers centered on the upsides of engagement, including bug bounty programs.

3-Year Espionage Campaign Targeted Taiwanese Firms
Chinese nation-state group APT24 targeted multiple Taiwanese companies as part of an espionage operation that went undetected for three years. The hacking group continually updated its malware infrastructure and tactics, enabling it to stay under the radar, Google Cloud said.

Also: Akira Ransomware Targets Healthcare, AI's Sycophancy Becomes a Security Risk
In this week's ISMG Editors' Panel, four editors discussed the staffing crisis confronting America's cyber defense agency, the escalating Akira ransomware threat putting more pressure on healthcare, and growing concerns over whether AI models used in security can actually be trusted.