BankInfoSecurity.com

Cync Acquisition Bolsters Exposure Validation Through Advanced Offensive Expertise
Cymulate’s acquisition of Cync Secure enhances its ability to bridge vulnerability identification and resolution. The deal integrates Cync offensive capabilities, creating a next-gen exposure prioritization platform to tackle vulnerabilities effectively and address unmet market demands.

Transfer of German Man's IP Address Wins Him 400 Euros
European privacy regulation - bane of American technology companies and a favorite cudgel of activists - came to haunt no less an organization than the European Commission, which must pay 400 euros to aggrieved German national Thomas Bindl, peeved that Facebook obtained his IP address.

US Senate Unlikely to Ratify Contentious Cybercrime Treaty Amid Mounting Concerns
Experts tell Information Security Media Group that a controversial United Nations cybercrime convention is unlikely to be ratified in the U.S. Senate due to mounting concerns from technology, human rights, and privacy advocates over its potential impact on internet security and privacy protections.

Biden Administration Hopes Good Cybersecurity Is Also Good Marketing
The Biden administration Tuesday launched a cybersecurity labeling program for IoT devices aimed to help consumers choose smart devices that offer enhanced protections against hacking. Eligible products include wireless IoT devices such as fitness trackers, smart appliances and garage door openers.

Phylum's Product Delivers Real-Time Detection of Malicious Open-Source Packages
To combat the rise in software supply chain attacks, Veracode has acquired Denver-area startup Phylum and its advanced tools to detect malicious open-source packages. The acquisition strengthens Veracode's software composition analysis offering and enables faster, more reliable threat mitigation.

New Non-Binding Recommendations Target Medical Device Makers, Software Developers
Manufacturers are eager to incorporate AI into a wide range of medical devices, from cardiac monitors that can spot developing heart problems to medical imaging systems that can find malignancies a radiologist might miss. The FDA released a new guidance this week on how to secure these devices.

CISA Urges IT and Design Sector Software Developers to Improve Cyber Hygiene
The Cybersecurity and Infrastructure Security Agency is urging the information technology and product design sectors to strengthen foundational cybersecurity practices throughout the software development life cycle by aiming to achieve a series of new sector-specific goals released on Tuesday.

Phylum's Product Delivers Real-Time Detection of Malicious Open-Source Packages
To combat the rise in software supply chain attacks, Veracode has acquired Denver-area startup Phylum and its advanced tools to detect malicious open-source packages. The purchase strengthens Veracode's software composition analysis offering and enables faster, more reliable threat mitigation.

Hackers Use Updated Version of the Malware Plugin, Kaspersky Says
Hackers are deploying an updated strain of EagerBee malware to target internet service providers and government organizations in the Middle East, warn security researchers. EagerBee operates in memory and comes with advanced stealth and security evasion capabilities.

Data Theft Incident Also Disrupted IT Systems for Nearly a Month
Richmond University Medical Center, a 440-bed teaching hospital on Staten Island, N.Y, is notifying 674,000 people of a data theft that happened 18 months ago. The breach was part of a ransomware attack that disrupted the organization's IT systems for several weeks in spring 2023.

US Cyber Defense Agency Confirms Role in Federal Probe Following 'Major Incident'
The Cybersecurity and Infrastructure Security Agency is working closely with the Treasury Department in an ongoing investigation to determine the full scale and scope of a Chinese-linked hack targeting key offices tasked with sanctions enforcement, the agency confirmed Monday.

Proof-of-Concept Exploit 'LDAP Nightmare' Crashes 'Any Unpatched Windows Server'
Security experts are urging all organizations that use Microsoft Windows to ensure they install patches, released last month, to fix Lightweight Directory Access Protocol denial-of-service and remote code execution flaws. Researchers have released a proof-of-concept exploit for the latter flaw.

Reportedly Hacked: Charter Communications, Consolidated Communications, Windstream
The nine known victims of a "broad and significant cyberespionage campaign" the White House has tied to China reportedly include Charter Communications, Consolidated Communications and Windstream, as officials said the hackers' earliest known telecom network penetration began in mid-2023.

Flaw Enabled Signature Bypassing on Nuclei ProjectDiscovery
Open-source vulnerability scanner Nuclei patched a critical flaw in its open-source vulnerability management tool ProjectDiscovery. Security firm Wiz uncovered the flaw, a signature verification system flaw that could allow attackers to execute malicious code using custom code templates.

Yoran's Passing Comes 10 Months After Cancer Diagnosis, 1 Month After Taking Leave
Amit Yoran - a West Point graduate who founded NetWitness, sold the company to RSA and took Tenable public - died Friday. He was 54. Yoran was diagnosed in March 2024 with a treatable form of cancer, and in December temporarily stepped away from his role as Tenable's CEO to get additional treatment.

Plaintiffs Sued After Report that Apple Eavesdropped on Intimate Moments
Apple agreed to pay $95 million to settle a lawsuit accusing the smart device giant of illegally recording audio through its Siri virtual assistant and sharing extracts with human reviewers. Class members who purchased Siri-enabled devices could receive $20 per device.

Indiana Attorney General Fines Westend Dental $350K in 2020 Ransomware Hack
An Indiana dental practice agreed to pay the state $350,000 and implement a long list of data security improvements following an alleged 2020 ransomware breach "cover up" that came to light when state regulators investigated a patient complaint about unfulfilled requests for dental X-rays.

Access Management Leaders Remain Unchanged as Customer Identity Cases Proliferate
Advances in customer identity around better user experience, strong authentication, and centralized identity processes have driven rapid growth in the access management market. The space by grew 17.6% to $5.85 billion in 2023 as organizations increasing look to replace homegrown CIAM solutions.