DataBreachToday.com

What Makes OT Pentesting Unique — and Risky? Inside a Penetration Test: From Scoping to Reporting.

Explainability, Cost, Compliance Drive AI Choices in Enterprises
LLMs may dominate headlines, but enterprises are taking a more measured approach. Sujatha S Iyer, AI security head at ManageEngine, says the future of AI for many businesses lies not in deploying massive models but in explainable, efficient and compliant systems designed to solve specific problems.

Signal and Rights Groups Urge Berlin to Reject CSAM Proposal Ahead of Key EU Vote
The German federal government is under pressure to withdraw support for a European Union content scanning proposal that critics argue poses large-scale privacy risks. The EU Justice and Home Affairs Council is set to vote Oct. 14 on a regulation called Chat Control.

Email Security Acquisition Aims to Bring Cross-Platform Data to Phishing Defense
Kaseya’s acquisition of Inky reflects the need for broader platform integration in email security. With phishing attacks becoming more subtle, founder and CEO Dave Baggett says access to login data and other platform signals is critical for threat detection.

Security Experts Advise Immediate Patching; Zero-Day Attacks Began Last Month
Affiliates of Russian-speaking ransomware operation Medusa began targeting a zero-day vulnerability in widely used Fortra GoAnywhere Managed File Transfer software one week before the vendor issued a security alert, patch and mitigation instructions for the flaw, say security experts.

Dollar-Pegged Tokens Trade Volatility for Convenience But Are Easier to Track
Fraudsters are routing more proceeds through stablecoins tied to U.S. dollars for liquidity. Forensics teams are gaining more visibility from issuer controls, but banks and regulators face a fast, interoperable ecosystem that needs better monitoring and coordinated enforcement.

Firm Deploys Claude for Staff, Refunds Australian Government Over AI Errors
Deloitte will embed Anthropic's Claude across its workforce despite flaws in a report from a government client that its analysts produced work with the help of generative artificial intelligence, costing the company thousands of dollars.

Texas-Based Harris Health Says FBI Just Gave Green Light to Notify 5,000 Patients
Harris Health is contacting 5,000 patients about a breach involving a former employee who improperly accessed electronic health records for over a decade. The Texas health entity said it discovered and reported the incident four years ago to the FBI, which just gave the green light for notification.

A Proven Fractional CISO Can Help Close Leadership Gaps and Strengthen Resilience
Hiring a fractional CISO gives your business the executive security leadership it needs - without the full-time cost. But not all providers are equal. Knowing how to evaluate talent, provider stability and delivery is key to ensuring lasting value, trust and resilience.

Deal Would Boost Veeam's Cyber Footprint as Data Protection Vendor Valuations Surge
Bloomberg reported that data protection and ransomware recovery giant Veeam is in advanced talks to buy DSPM and AI security vendor Securiti for $1.8 billion, with an announcement coming as soon as this week. The deal would accelerate Veeam's pivot from backup and disaster recovery to cybersecurity.

The Edmund Group's Adler on Managing Third- and Fourth-Party Risk in Healthcare
Healthcare organizations face growing risks from data distribution, vendor dependencies and global instability. Steven Adler, partner at The Edmund Group, discusses practical steps to strengthen vendor oversight and resilience.

Manufacturer Resumes Operations at Wolverhampton Unit
British car maker Jaguar Land Rover began on Monday a phased restoration of operations following a month of cyberattack-induced idleness. Fears of large-scale job losses at the car manufacturer and its extensive network of suppliers led the U.K. government to guarantee a 1.5 billion pound loan.

2020 Hack Has Cost EyeMed About $12.6M in Multiple Regulatory Fines, Settlements
Benefits provider EyeMed Vision Care has agreed to pay $5 million and improve its security practices to settle class action litigation involving a 2020 phishing breach. The incident has been the subject of previous multimillion dollar settlements and enforcement actions by multiple state regulators.

Proliferating Age Verification Systems a Hacker Target
A vendor breach linked to Discord exposed government ID uploads used in age verification, raising alarms among privacy experts who warn that third-party data collection systems are becoming high-value targets amid rising legislative mandates for online age checks.

Fake Messaging Apps Use Previously Undocumented Malware
Android spyware campaigns using previously undocumented spyware masquerade as upgrades or plugins for secure messaging apps Signal and ToTok, warn researchers. The two campaigns appear to target residents of the United Arab Emirates.

New CEO Dennis Monner Outlines Open Systems' Global Expansion, SASE Differentiation
New CEO Dennis Monner said Open Systems stands out by combining SASE technology with 24/7 expert-led service. Backed by Swiss Post, the company aims to capture more enterprise customers in Europe and the U.S. who seek a trusted alternative to U.S. and Israeli vendors.

New Investigatory Powers Act Request Reportedly Transmitted in September
The U.K. Home Office reportedly again ordered Apple to give it backdoor access to an encrypted cloud service after backing down in August from a similar demand made earlier this year. The order comes after a similar attempt by the Home Office in January.

Also: the UK's $7B Bitcoin Case, Implications of Vectra's Netography
In this week's update, ISMG editors examine how the U.S. shutdown and the lapse of CISA 2015 liability shield are straining cyber operations, what Vectra’s move for Netography signals for multi-cloud visibility and NDR, and how British prosecutors unraveled a bitcoin hoard now worth $7 billion.