DataBreachToday.com

Machine Identities Outpace Human Ones, But Accountability Lags Behind
Machine identities already outnumber human users in many organizations, but the answer to who owns them, who rotates their keys, audits their actions and takes the fall when something goes wrong often depends on who's responding - and the answers rarely align.

Global Cyber Agencies Call for Exhaustive OT Inventories to Combat Threats
Global cyber agencies are urging critical infrastructure owners and operators to maintain "definitive records" of their complex operational technology environments, calling for exhaustive asset visibility as regulators shift toward prescriptive mandates to counter escalating threats.

Carmaker Anticipates Phased Restart of Production
The British government will guarantee a 1.5 billion pound loan to Jaguar Land Rover as the embattled carmaker grapples with the fallout of a September cyberattack that froze production and sales across the globe. The government backed-loan shows the hack endangered "national economic security."

OpenAI, Apollo Research Find Models Hide Misalignment; Training Cuts Deception
Frontier artificial intelligence models are learning to hide their true intentions to pursue hidden agendas, said OpenAI and Apollo Research. Researchers say the risk of deception needs to be tackled now, especially as AI systems take on more complex, real-world responsibilities.

MIND Act Asks FTC to Study Exploitation Risks for Neural Data Collected by Devices
Are brain waves and similar neural data the next frontier in consumer privacy worries? A trio of U.S. senators have introduced federal legislation aiming to get ahead of risks that such brain-related data could be collected and misused by tech firms, data brokers, government agencies and others.

Cybersecurity Programs, Workforce Face Disruption If Congress Fails to Act
A potential government shutdown threatens to gut federal cybersecurity operations, with key programs set to expire, agency cyber staff facing layoffs and no public contingency plans in place - leaving core defenses, threat sharing and incident response at risk.

Eset: Lazarus Group Shares Backdoor With Newer Pyongyang Threat Actor
A gang of North Korean hackers behind fake IT job recruitment scams now have access to a remote access Trojan favored by their more technically advanced counterparts tracked collectively as the Lazarus Group, say security researchers.

Researcher Finds Database of Sensitive Patient Info With No Password Protection
An unencrypted database containing nearly 150,000 patient records of a California provider of home health and palliative care services was left exposed on the internet, said a cybersecurity researcher who discovered the unsecured data cache. Why does this keep happening in the healthcare sector?

Newly Implemented Rule to Boost Cloud Competition and AI Development
The EU Data Act is now in its second phase of implementation, shifting the balance of power by granting users rights over the data generated by their connected devices and services. Beyond banning unfair contract terms and eliminating vendor lock-in, the act mandates data portability and access.

CISA Issues Emergency Directive After Cisco Exploits Persist After Reboot
CISA issued an emergency directive Thursday after discovering an advanced hacking campaign exploiting two persistent zero-days in Cisco firewall gear - malware that survives system reboots and upgrades - forcing agencies to disconnect vulnerable devices by Friday.

'RedNovember' Has Hacked Organizations in the US, Asia and Europe
A hacking group associated with widespread compromise of edge devices is a Chinese-state-aligned group, says cybersecurity firm Recorded Future. The firm says the threat actor, which it now tracks as RedNovember, is "highly likely a Chinese state-sponsored threat activity group."

ManuSec Chicago Speaker Johnny Xmas on Value of Pentesting in OT Environments
ManuSec Summit speaker Johnny Xmas, global head of offensive security for a leading U.S. manufacturer, discusses pentesting in operational technology environments, overcoming the hurdles to offensive security programs and the evolving role of OT security.

Sophisticated Cyberespionage Campaign Targets Asian Telecom, Manufacturing Sectors
A remote access Trojan that's a staple of Chinese nation-state hacking is part of an ongoing campaign targeting telecom and manufacturing sectors in Central and South Asian countries. The threat actor, tracked as Naikon, apparently has access to a new variant of PlugX malware.