DataBreachToday.com

CFP Board Members Discuss AI, Hardware Access and Emerging Trends for Nullcon 2025
Cybersecurity research submissions for the Nullcon 2025 CFP Review Board reflect prominent trends and challenges in the field. Nullcon CFP Review Board members Anant Shrivastava and Neelu Tripathi noted a growing focus on AI, supply chain and applied security.

RansomHub, Play and Akira Appear to Dominate; Numerous Newcomers Join the Fray
While ransomware groups' data-leak sites regularly lie, if taken at face value, in December 2024 they collectively listed the largest number of victims ever seen in a one-month period, dominated by RansomHub, Play and Akira operations, plus a bevy of newcomers, researchers report.

New Identity Infrastructure Streamlines Compliance Adherence in Regulated Settings
Identity management startup Orchid Security raised $36 million in a seed round led by Team8 and Intel Capital to tackle compliance challenges. The company's infrastructure addresses complex compliance and security needs for enterprises, enabling efficient application onboarding and integration.

US CISA Releases Guidance to Streamline AI Cyber Incident Information Sharing
The Cybersecurity and Infrastructure Security Agency released a playbook Tuesday through its flagship public-private collaborative to help guide public-private information sharing around artificial intelligence cybersecurity incidents while detailing federal actions to strengthen shared defense.

Threat Actor 'Codefinger' Targets Cloud Environments
A ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS's server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

Executive Order Paves Way for Data Centers on Federal Land, Clean Energy Progress
The U.S. federal government will open up sites to developers of AI frontier models to build gigawatt-scale data centers with clean energy under an executive order signed Tuesday by President Joe Biden. AI applications are expected to drive soaring energy demands well beyond 2030.

British Government Proposals Also Include Payment Bans for Critical Infrastructure
Banning ransom payments by public sector and critical infrastructure entities, notifying the government of any intent to pay a ransom, and reporting incidents to authorities comprise three counter-ransomware initiatives proposed by the British government. Which ones will pass muster?

How Cloud Security Buyers Balance Functionality, Cost, Features and Innovation
The debate between pure-play cloud security solutions and integrated platforms intensifies as the market consolidates. While pure-play vendors such as Wiz offer innovation and deep functionality, platforms such as Palo Alto Networks and CrowdStrike provide cost-effective and comprehensive options.

Malware Used a Hardcoded IP Address for Command and Control
U.S. federal law enforcement said Tuesday it deleted more than 4,000 instances of PlugX malware used in a Chinese cyberespionage operation after a European partner gained control of the malware's command and control server. PlugX spreads through infected USB drives.

HHS OCR Letter Also Reminds Entities That AI Tool Use Must Comply with HIPAA
Federal regulators are reminding healthcare providers, insurers and other regulated firms of their duty to ensure that AI and other emerging technologies for clinical decision making and patient support are not used in a discriminatory manner - and comply with HIPAA.

Proposals Calls for AI Growth Zones and National Data Library
British Prime Minister Keir Starmer unveiled a plan for converting the United Kingdom into an artificial intelligence "world leader," allowing it to shape the next phase of the "AI revolution." Key recommendations include creating multiple AI growth zones and a national data library.

Mitigating Cybersecurity, Privacy Risks for New Class of Autonomous Agents
Many organizations are looking to artificial intelligence agents to autonomously perform tasks that surpass traditional automation. Tech firms are rolling out agentic AI tools that can handle customer-facing interactions, IT operations and a variety of other processes without human intervention, but experts are cautioning security teams to watch for cyber and privacy risks.

Experts Weigh the Pros and Cons of Work Culture and Merging AML and Fraud Teams
A recent report found that more than 57,000 Americans fall victim to scams every day. Financial fraud is rising globally. In response, the National Automated Clearinghouse Association is pushing for real-time fraud monitoring by 2026, requiring closer collaboration between fraud and AML teams.

Alterya's AI-Powered Data Will Combat Scams Across Traditional Financial Ecosystems
Alterya's AI agents now power Chainalysis' fraud prevention, integrating off-chain data sources such as Venmo and Zelle with blockchain analytics. This acquisition marks a significant step in detecting and stopping scams earlier in the fraud cycle, said Chainalysis CEO Jonathan Levin.

New Export Rules Limit AI Chip Access Globally, Sparking Industry Criticism
U.S. export controls slated for publication Monday aim to block foreign adversaries from accessing American advanced computing chips and blueprints for machine learning models. Nvidia and industry leaders have criticized the policy, warning it may harm innovation.

Guardrails Bypassed on Azure OpenAI to Generate 'Thousands of Harmful Images'
Microsoft filed a lawsuit targeting a cybercrime service used to generate "thousands of harmful images" by subverting the guardrails built into its Azure generative artificial intelligence tools. The company said attackers built a tool that reverse-engineered the guardrails in its AI platform.

Days Are Dwindling, But Biden White House Unveils New AI Roadmap for HHS
With 10 days left in office, the Biden administration released an artificial intelligence strategic plan for the U.S. Department of Health and Human Service. HHS called the plan a "comprehensive roadmap" outlining the department’s "commitment to trustworthy, ethical and equitable AI use.

Nvidia, Semiconductor Trade Group Push Back Against Reported Chip Restrictions
The White House’s reported final push to impose tighter restrictions on global semiconductor exports, including artificial intelligence chips critical for data centers, has drawn strong criticism from Nvidia and the semiconductor industry in the last days of the administration.