BankInfoSecurity.com

Flaw Enabled Signature Bypassing on Nuclei ProjectDiscovery
Open-source vulnerability scanner Nuclei patched a critical flaw in its open-source vulnerability management tool ProjectDiscovery. Security firm Wiz uncovered the flaw, a signature verification system flaw that could allow attackers to execute malicious code using custom code templates.

Yoran's Passing Comes 10 Months After Cancer Diagnosis, 1 Month After Taking Leave
Amit Yoran - a West Point graduate who founded NetWitness, sold the company to RSA and took Tenable public - died Friday. He was 54. Yoran was diagnosed in March 2024 with a treatable form of cancer, and in December temporarily stepped away from his role as Tenable's CEO to get additional treatment.

Plaintiffs Sued After Report that Apple Eavesdropped on Intimate Moments
Apple agreed to pay $95 million to settle a lawsuit accusing the smart device giant of illegally recording audio through its Siri virtual assistant and sharing extracts with human reviewers. Class members who purchased Siri-enabled devices could receive $20 per device.

Indiana Attorney General Fines Westend Dental $350K in 2020 Ransomware Hack
An Indiana dental practice agreed to pay the state $350,000 and implement a long list of data security improvements following an alleged 2020 ransomware breach "cover up" that came to light when state regulators investigated a patient complaint about unfulfilled requests for dental X-rays.

Access Management Leaders Remain Unchanged as Customer Identity Cases Proliferate
Advances in customer identity around better user experience, strong authentication, and centralized identity processes have driven rapid growth in the access management market. The space by grew 17.6% to $5.85 billion in 2023 as organizations increasing look to replace homegrown CIAM solutions.

Cyber Defense Agency Aims to Bolster Protections Against Chinese Intrusion
The Cybersecurity and Infrastructure Security Agency is issuing final rules to safeguard U.S. sensitive data from potential Chinese intrusions, requiring Americans involved in restricted transactions with Chinese entities to adopt stringent cybersecurity measures.

DDoS Attacks Primarily Target Logistics, Government and Financial Entities
A spate of distributed denial-of-service attacks during the end-of-year holiday season disrupted operations at multiple Japanese organizations, including the country's largest airline, wireless carrier and prominent banks. The effect of the attacks has been temporary.

Ken Palla on Lessons From U.K and Australia to Reduce Fraud and Scams
The U.S. Consumer Financial Protection Bureau's decision to file a lawsuit against Zelle is too late and too narrow to reduce scams, said Ken Palla, retired director with MUFG Bank. CFPB last month sued the operator of Zelle, as well as three banks for failing to protect consumers from fraud.

Developers Listed as Public Contact Points Targeted in Phishing Campaign
A supply chain attack that subverted legitimate Google Chrome browser extensions to inject data-stealing malware is more widespread than security researchers first suspected. So far researchers have identified 36 subverted extensions collectively used by 2.6 million people.

Integrity Technology Group Built Botnet for Chinese Hackers, US Treasury Says
The Department of Treasury blacklisted Integrity Technology Group, declaring transactions with the company to be off-limits for U.S. financial institutions and persons. The effect will likely have more symbolic than actual disruptive effect.

Data Protection, Firewall Stocks Surge as Vulnerability Management Stocks Struggle
Fortunes diverged for publicly-traded cybersecurity companies in 2024, as the technology category they played in and market share they held largely determined their fate. Investors last year looked favorably upon companies in the data protection space, with Commvault and Rubrik recording big gains.

Experts: New Mandates Could Be Difficult, Costly for Many Entities
The U.S. Department of Health and Human Services' proposed overhaul of the 20-plus-year-old HIPAA Security Rule aims to drastically improve the state of healthcare sector cybersecurity, but the potential new requirements could mean difficult and expensive heavy lifting for many regulated entities.

Hackers Reportedly Target Treasury Department Offices Overseeing Economic Sanctions
A Chinese hack of the U.S. Department of Treasury targeted offices tasked with overseeing economic sanctions and financial investigations, as experts warn Beijing is increasingly escalating attacks on American critical infrastructure while preparing for potential future conflict.

Flaw Bypasses Clickjacking Defenses, Enables Account Takeovers
Hackers are exploiting the split-second delay between two mouse clicks to carry out sophisticated clickjacking attacks, tricking victims into authorizing transactions or granting access they never intended. "DoubleClickjacking" manipulates users into granting OAuth and API permissions

Do Hyeong Kwon Extradited to US for Allegedly Defrauding Investors Out of Billions
Do Hyeong Kwon, former CEO of Terraform Labs, appeared in a Manhattan federal courtroom Thursday after facing extradition from Montenegro over allegations he defrauded investors out of billions of dollars while misrepresenting his company's cryptocurrency and other products.

The first 100 days of the next Trump administration and new Congress will be critical in showing signs of what's potentially in store for the healthcare sector cybersecurity, privacy and related regulatory and legislative issues in the new year, said Chelsea Arnone and Cassie Ballard of CHIME.

Step-by-Step Guide to Rebranding Your Cybersecurity Career With Transferable Skills
The start of a new year presents a perfect opportunity to reinvent yourself. With the right strategy - which focuses on personal branding, skill alignment and targeted networking - you can catch the eye of hiring managers and secure interviews that can lead to a new career path.

Experts on Ransomware, Deepfakes, AI Innovation and Cyber Defense the in Year Ahead
Crippling ransomware attacks, IT outages and relentless nation-state operations dominated headlines in 2024. Will 2025 bring even more disruption? Our panel of cybersecurity leaders, analysts and educators share their outlook for the top 10 trends to watch in the new year.