BankInfoSecurity.com

9 Telcos Have Been Breached by Beijing-Backed 'Salt Typhoon,' White House Says
U.S. telecommunications giants AT&T and Verizon Communications believe they have finally ejected Chinese cyber espionage hackers from their networks. The White House said the "Salt Typhoon" nation-state hackers infiltrated at least nine U.S. telcos' infrastructure, and have been hard to eject.

Cameron Wagenius Suspected of Extorting Snowflake Customers Over Stolen Data
A serving member of the U.S. Army has been arrested on a two-count indictment tied to the theft and sale of "confidential phone records," reportedly tied to the theft of terabytes of data from AT&T, Verizon and other customers of cloud data warehousing platform Snowflake.

Opponents Say Restructuring Will Undermine OpenAI's Security Commitments
OpenAI's attempt to convert to a for-profit company is facing opposition from competitors and artificial intelligence safety activists, who argue that the transition would "undermine" the tech giant's commitment to secure AI development and deployment.

Researcher Demonstrates Bitpixie Attack Tactics to Extract Encryption Key
A previously patched flaw in Windows BitLocker disk encryption feature is susceptible to attacks allowing hackers to decrypt information, new research has found. Security researcher Thomas Lambertz extracted data from the system memory, including the master key.

Treasury Tells Lawmakers Chinese Threat Actor Remotely Breached Agency Workstations
The U.S. Treasury Department notified lawmakers Friday that the agency was the victim of a major cyberattack in which Chinese-linked hackers gained access to unclassified documents after gaining access to remote workstations through a third-party software provider, BeyondTrust.

Fully homomorphic encryption can safeguard highly sensitive health data related to rare diseases, underserved populations and clinical trials as it is shared with medical researchers, said Kurt Rohloff, co-founder and CTO of Duality Technologies, who said projects to apply it are underway right now.

Flaw Exposed Vehicle Data and Private Details of Car Owners in Europe
A security snafu at a Volkswagen subsidiary exposed vehicle information and ownership details on approximately 800,000 cars, including precise location data and owners' personal profiles. A whistleblower found a vulnerability in the cloud storage accounts of Volkswagen subsidiary Cariad.

Attackers Exploiting OS Command Injection Vulnerability
Hackers are exploiting a high-severity command injection vulnerability in Chinese-manufactured Four-Faith industrial routers. Typical customers of Four-Faith use the routers for remote monitoring, control systems, supervisory control and data acquisition networks.

2025 Is Likely to See Balanced Approach to AI Across Industries
The AI landscape is set to transform in 2025 with pragmatic approaches to implementation replacing the experimental fervor. This shift will span industries and developer ecosystems. Technologies will ride on the transformative power of AI and the responsibility that comes with it.

Hackers Targeted a PAN-OS Flaw Days After Its Disclosure
A suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage. UNC5325 activity aligns with the Chinese hacking strategy of targeting edge devices.

American Addiction Centers Says 422,424 Individuals' Private Details Exposed
Substance abuse treatment company American Addiction Centers is warning nearly half a million patients that ransomware-wielding attackers stole their personal details, including names and Social Security numbers. The Rhysida ransomware operation claimed to perpetrate the attack.

Officials Say Chinese Hackers Maintained 'Broad and Full' Access to Telecom Systems
Federal officials told reporters Friday that ongoing investigations into the Salt Typhoon cyberespionage campaign have identified a ninth victim company affected by the attack, in which hackers maintained "broad and full" access to vulnerable communications infrastructure across the country.

Rule Aims to Stymie Weaponization of Americans' Data
The U.S. federal government finalized Friday regulations throttling the bulk commercial transfer to China and Russia of data pinpointing Americans' location, their health data, or biometric and genomic identifiers. The rule implements a February executive order from President Joe Biden.

HHS Proposes Encryption, Security Standards for Healthcare Firms
The U.S. Department of Health and Human Services is proposing new rules for healthcare organizations that aim to bolster protections for Americans by requiring companies to encrypt sensitive patient data and conduct routine compliance evaluations amid increased threats targeting the sector.

Cyber incident details involving non-profit and non-government entities across sectors such as healthcare are not centrally reported and collected, creating gaps for researchers, IT experts and others seeking to analyze trends in their industries, said Stanley Mierzwa of Kean University.

Unauthenticated Attackers Using Malicious Packet to Crash Devices' PAN-OS Software
Security giant Palo Alto Networks is pushing updates to fix a denial-of-service vulnerability in its PAN-OS device software that unauthenticated, remote attackers have been actively exploiting. The flaw can be triggered by sending firewalls "a malicious packet," which will crash the devices.

Also: Bitfinex Hacker Lichtenstein's Social Media Post From Prison
This week's stories include updates on hackers in the DMM Bitcoin and Bitfnex cases, South Korea sanctioning North Korean hackers, Trump naming an exec director for Digital Assets Council, Craig Wright's prison sentence and the Interpol's red notice for Hex founder.

2024 Marked the Government's Increasing Role Mandating Cybersecurity
Australia announced a flurry of cybersecurity legislation and regulations in 2024, spotlighting the government's intent to fortify the nation's cybersecurity in the wake of the Medibank and Optus incidents. The government vowed to transform the country into the world's "most cyber-secure."