BankInfoSecurity.com

AI Giant Eyes Expansion Amid Structural Challenges
OpenAI on Monday closed a record $40 billion funding round, valuing it at $300 billion. SoftBank led with $30 billion, joined by Microsoft and others. Operational shifts accompanied OpenAI's expansion. CEO Sam Altman announced stepping back from daily operations to focus on innovation.

Customer Credentials Possibly Compromised at EHR Vendor Acquired by Oracle in 2022
Oracle is dealing with a hacking incident involving legacy patient data of Cerner electronic health record customers. Oracle, which acquired Cerner in 2022, is reportedly telling clients the hack involved compromised credentials for systems scheduled to migrate to the cloud.

Letter to Bankruptcy Trustee Says 23andMe's Privacy Promises Must Carry Over
The Federal Trade Commission has sent a letter to 23andMe's bankruptcy trustees saying that any sale of the genetic testing firm or its assets will be subject to the company's previous pledges to consumers involving the privacy and security of their sensitive information and biological samples.

Hackers Claim on BreachForums to Have Stolen 'Highly Sensitive' Data
Israeli cybersecurity firm Check Point rejected Monday a hacker's assertion that he stole "highly sensitive" information offered for sale on an online marketplace for illicit data. The incident "doesn't pose any risk or have any security implications to our customers or employees."

New Turing Institute Report Urges Government to Create AI Crime Task Force
British law enforcement agencies are ill-equipped to tackle artificial intelligence-enabled cybercrime, a report by The Alan Turing Institute says, pointing to an "enormous gap" between police technical capabilities and the growing sophistication of threat actors.

Jason Costain on Ways Traditional and Digital Banks Could Learn from Each Other
Digital-only banks promise speed and sleek digital experiences but are not the best places to handle scam victims. Without branches to visit, victims find themselves stuck in a loop of chatbots, said Jason Costain, former head of fraud analytics and threat management at NatWest Group.

Private Details of Top Trump Officials Found Online Amid Growing Security Scandal
Private contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members' private accounts and communications.

Palo Alto Networks CTO Nir Zuk predicts Google's security push through its $32 billion buy of Wiz won't succeed, as customers are reluctant to buy multi-cloud tools from cloud vendors. Zuk details how adversaries use LLMs at scale and how Palo Alto is unifying SOC tools under its Cortex platform.

C-Suite Strategies for AI Risk Management, Data Protection
Shadow artificial intelligence has shifted from being an outlier to a workplace staple, bringing risks of data breaches, regulatory violations and expanded attack surface on corporate networks. Shadow AI doesn't just introduce unapproved software: it consumes corporate data to function.

Incident Spotted in March 2024 Is Yet Another Attack Against Medical Billing Firms
A Nebraska-based firm that provides revenue cycle management and billing services to healthcare firms is notifying tens of thousands of people and an undisclosed number of companies that their personal, health and financial information was compromised in a March 2024 hack.

Also: Rapid7's Boardroom Shake-Up, China's Tactical Cyber Shift
In this week's update, ISMG editors unpacked stealth vs. spectacle in ransomware attacks, Rapid7's boardroom shake-up led by activist investors and China's shift from cyberespionage to infrastructure sabotage - driving key shifts in global cybersecurity strategy and resilience.

Jason Costain on Ways Traditional and Digital Banks Could Learn from Each Other
Digital-only banks promise speed and sleek digital experiences but are not the best places to handle scam victims. Without branches to visit, victims find themselves stuck in a loop of chatbots, said Jason Costain, former head of fraud analytics and threat management at NatWest Group.

Startup Hits $4.8B Valuation After Series E as It Disrupts VDI, Web Filtering Tools
Island’s enterprise browser platform is gaining traction as a replacement for SASE and legacy VDI and web filtering tools. Backed by $250 million in Series E funding, the startup plans to scale up globally and enhance R&D to support secure, simplified digital work environments.

Max Payout for Bug Bounty Program Up From $20,000 to $100,000
OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000.

State and Local Election Offices Face Growing Cyber Threat Amid Federal Budget Cuts
Top-ranking current and former security officials warned Thursday that President Donald Trump's budget cuts to the Cybersecurity and Infrastructure Security Agency and other election security efforts have left U.S. election infrastructure vulnerable to escalating cyber threats.

Outdated Systems Putting AI Adoption in the Public Sector at Risk, Report Says
Outdated IT systems and poor data-sharing practices between public offices could undermine the U.K. government's plans to deploy artificial intelligence capabilities to increase public sector efficiencies, a parliamentary committee said.

UK ICO Says Advanced's Security Measures 'Fell Seriously Short'
A British IT service company must pay a 3.07 million pound fine for a 2022 ransomware hack that exposed medical records of tens of thousands of National Health Service patients. Hackers breached the Advanced system through a user account that did not have multifactor authentication in place.

Takeaways From CS4CA USA: OT Security Must Bridge IT, Operations Gap
At the CS4CA USA Summit in Houston this week, the common refrain heard from practitioners was protecting the demands of industrial environments more than traditional IT know-how. It requires a hybrid expertise, one that speaks both the language of data packets and programmable logic controllers.