DataBreachToday.com

Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra ID
A flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.

Gartner Says Leaders Should Balance AI Innovation With Strong Data Governance
As AI adoption grows, Gartner warns that data governance, not technology, is the top hurdle. At the Mumbai summit, Gartner analysts said data and analytics leaders should shift from fear to trust, align with business goals and scale AI through practical governance.

Congress Faces Pressure to Modernize Cyber Definitions, Safeguards Before Deadline
With the Cybersecurity Information Sharing Act of 2015 set to expire this fall, lawmakers face mounting pressure to update its liability protections and outdated definitions, as experts warn that failure to modernize could undermine public-private threat sharing and weaken national cyber defenses.

10-Year Freeze on AI State Laws Remains in Senate Bill Despite Fierce Pushback
A decade-long federal ban on state AI regulations remains in the Senate’s version of Trump’s sweeping legislative bill, drawing sharp bipartisan criticism for sidelining state oversight and granting tech giants a reprieve amid growing calls for stronger AI governance.

Legitimate Remote Access Tool Weaponized by Attackers Using Authenticode Stuffing
Researchers are tracking a rise in online attacks involving legitimate ConnectWise software that's been repurposed by attackers, using a tactic that leaves the installation software vendor-signed, while adding capabilities that turn it into malware, thanks to a tactic called Authenticode stuffing.

Researcher Details Stealthy Multi-Turn Prompt Exploit Bypassing AI Safety
Well-timed nudges are enough to derail a large language model and use it for nefarious purposes, researchers have found. Dubbed "Echo Chamber," the exploit uses a chain of subtle prompts to bypass existing safety guardrails by manipulating the model's emotional tone and contextual assumptions.

Geopolitical Conflict Involving Iran, Israel, US Ripe for Attacks on Sector
Government authorities are warning of increased risk of Iranian cyber and related threats against healthcare and public health sector organizations - including ransomware, distributed denial-of-service and other attacks related to that nation's escalated conflicts with Israel and the U.S.

Attorney Edward Machin on How the New Law Affects Data Use and Risk
The U.K.'s new data bill updates rules on AI, cookies and automated decisions while keeping EU data-sharing intact. Edward Machin of Ropes & Gray calls it "evolution, not revolution" and says the lighter-touch approach still carries serious long-term consequences.

Proxies Prioritize Psychological Effects Over Real Life Effects in Cyberspace
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.

Hypori's Lewandowski on Eliminating Data and Apps From Personal Devices
Traditional BYOD strategies rely on managing personal devices directly, which introduces privacy concerns and leaves organizations vulnerable to attacks such as phishing, network compromise and device rooting, said Wayne Lewandowski, chief revenue officer at Hypori.

MCP Server Paused for Days After Bug Risked Data Leakage Between Users
Asana patched a vulnerability in an artificial intelligence integration feature that could have allowed users to view data from other organizations. The time management company paused the use of Asana Model Context Protocol for nearly two weeks to apply the fix.

Analysts Say CYBERCOM Likely Played a Major Role in Strike on Iranian Nuclear Sites
The United States' "Midnight Hammer" missile strike that hit three key Iranian nuclear sites likely involved significant support from U.S. Cyber Command, analysts told Information Security Media Group, after officials credited the unit for taking part in the military operation.

Frustrations Over Preauthorization Denials Have Led to 'Violence in Streets'
A dozen health insurance giants that provide coverage for about 80% of Americans with Medicare, Medicaid and commercial plans have agreed to work the U.S. Department of Health and Human Services to voluntarily streamline and improve their preauthorization processes.

Proxies Prioritize Psychological Effects Over Real Life Effects in Cyberspace
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.

Why a risk-based GRC approach is essential for securing industrial OT environments
Automating asset discovery, vulnerability detection and threat mapping helps maintain continuous compliance and manage risk mitigation as your OT environment evolves. Actionable data and constant visibility enable CISOs to shift away from an ad-hoc, reactive “check-the-box” approach.

Ruling: HHS Has No Authority to Distinguish Different Types of PHI for Restrictions
A Texas federal court has vacated 2024 changes to the HIPAA Privacy Rule made by the Biden administration to shield reproductive healthcare information from law enforcement. The court's ruling could potentially make it easier for state investigators to obtain information about abortions and gender treatments.

Experts Suspect Scattered Spider Is Behind Rash of Recent Insurer Breaches
Aflac is the latest insurance company dealing with a cyberattack. The company is investigating a cyber incident that did not involve ransomware encryption of its IT systems, but did potentially compromise data. Experts suspect Scattered Spider is behind the recent rash of insurance incidents.