Poor Security Practices Put Banks at Risk of Cyberthreats

Suparna Goswami • October 24, 2024

Despite heavy security investments, banks still struggle with basic security issues such as default passwords, vendor vulnerabilities and social engineering scams. Scott Weinberg, CEO of Neovera, shares a new report that shows banks of all sizes still grapple with these common risks.

Artificial Intelligence & Machine Learning

TrickMo Trojan Variants Target Device Unlock Codes

Latest

Identity & Access Management

Socure to Fortify Identity Services With $136M Effectiv Buy

Michael Novinson • October 24, 2024

Socure has acquired Effectiv, integrating its engineering team of 30 to strengthen identity verification capabilities. The $136 million deal aims to speed up customer onboarding, enhance transaction monitoring, and deliver cross-platform solutions, with the product integration expected in 45 days.

General Data Protection Regulation (GDPR)

LinkedIn Fined 310 Million Euros For Privacy Violations

Akshaya Asokan • October 24, 2024

The Irish Data Protection Commission imposed a 310 million euro fine on LinkedIn for violating a European privacy law stemming from the company's use of customer data. It ordered the social media platform to bring its data processing under compliance.

Network Firewalls, Network Access Control

Hackers Probing Newly Disclosed Fortinet Zero Day

Akshaya Asokan • October 24, 2024

Researchers at Mandiant say a new threat cluster first observed June 27 has been exploiting a Fortinet zero day the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.

Cloud Security

The Cloud Security Paradox: New Tech, Old Thinking

Prajeet Nair • October 24, 2024

Traditional data center security approaches do not translate very well to cloud environments as cloud computing and Layer 7 applications have fundamentally changed the way organizations should implement security controls, said Traceable AI's Richard Bird.

Cybercrime

Breach Roundup: CISA Proposes Security for Bulk Data Sales

Anviksha More • October 24, 2024

This week, bulk data transfers to China, credit card theft, the Internet Archive still recovering and the Change Healthcare tally is now 100M. Ukraine fought phishers, civil society against the UN cybercrime treaty, TA866 and virtual hard drives spread malware. Google verified Sir Isaac Newton.

Blockchain & Cryptocurrency

Cryptohack Roundup: Nigeria Drops Charges on Binance Exec

Rashmi Ramesh • October 24, 2024

Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the Nigerian government dropped charges on Binance executive Tigran Gambaryan, an Indian hacker faces five years in prison for stealing $20 million, a $4.5M Tapioca DAO exploit, Transak data breach.

Artificial Intelligence & Machine Learning

Biden Administration Seeks National Security Edge in AI

David Perera • October 24, 2024

The Biden administration declared artificial intelligence suitable for national security purposes in a Thursday directive providing guidance for AI governance and risk management for use in classified missions. The administration has sought to construct a raft of guidelines and framework for AI.

Fraud Management & Cybercrime

Embargo Ransomware Disables Security Defenses

Prajeet Nair • October 23, 2024

A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in April amid an ongoing shakeup in the ransomware world.

Fraud Management & Cybercrime

Fortinet Discloses Actively Exploited Zero-Day

David Perera • October 23, 2024

Fortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack. Cybersecurity researcher Kevin Beaumont christened the vulnerability "FortiJump."

Leadership & Executive Communication

CyberEdBoard Profiles in Leadership: Jon Staniforth

Tony Morbin • October 23, 2024

Understanding the core mission of a business is essential to building effective security programs. Jon Staniforth, former CISO at Royal Mail, explains that CISOs must focus on business processes that are crucial to operations and manage compliance within that scope.

Legislation & Litigation

AI Industry Coalition Seeks to Codify US Safety Institute

Rashmi Ramesh • October 23, 2024

A coalition of more than 60 AI industry players is pushing Congress to prioritize legislation that would codify the U.S. Artificial Intelligence Safety Institute. The letter says the action would allow U.S. to maintain influence in the development of science-backed standards for advanced AI systems.

Artificial Intelligence & Machine Learning

Meta Tests Facial Recognition to Curb Deepfake Scams

Rashmi Ramesh • October 23, 2024

Meta is rolling out facial recognition technology on its social media platforms to spot scam ads featuring celebrity deepfakes. Meta took down 8,000 of the "celeb bait" scam ads. The feature also aims to verify the identities of users locked out of their Facebook or Instagram accounts.