BankInfoSecurity.com

Developers Listed as Public Contact Points Targeted in Phishing Campaign
A supply chain attack that subverted legitimate Google Chrome browser extensions to inject data-stealing malware is more widespread than security researchers first suspected. So far researchers have identified 36 subverted extensions collectively used by 2.6 million people.

Integrity Technology Group Built Botnet for Chinese Hackers, US Treasury Says
The Department of Treasury blacklisted Integrity Technology Group, declaring transactions with the company to be off-limits for U.S. financial institutions and persons. The effect will likely have more symbolic than actual disruptive effect.

Data Protection, Firewall Stocks Surge as Vulnerability Management Stocks Struggle
Fortunes diverged for publicly-traded cybersecurity companies in 2024, as the technology category they played in and market share they held largely determined their fate. Investors last year looked favorably upon companies in the data protection space, with Commvault and Rubrik recording big gains.

Experts: New Mandates Could Be Difficult, Costly for Many Entities
The U.S. Department of Health and Human Services' proposed overhaul of the 20-plus-year-old HIPAA Security Rule aims to drastically improve the state of healthcare sector cybersecurity, but the potential new requirements could mean difficult and expensive heavy lifting for many regulated entities.

Hackers Reportedly Target Treasury Department Offices Overseeing Economic Sanctions
A Chinese hack of the U.S. Department of Treasury targeted offices tasked with overseeing economic sanctions and financial investigations, as experts warn Beijing is increasingly escalating attacks on American critical infrastructure while preparing for potential future conflict.

Flaw Bypasses Clickjacking Defenses, Enables Account Takeovers
Hackers are exploiting the split-second delay between two mouse clicks to carry out sophisticated clickjacking attacks, tricking victims into authorizing transactions or granting access they never intended. "DoubleClickjacking" manipulates users into granting OAuth and API permissions

Do Hyeong Kwon Extradited to US for Allegedly Defrauding Investors Out of Billions
Do Hyeong Kwon, former CEO of Terraform Labs, appeared in a Manhattan federal courtroom Thursday after facing extradition from Montenegro over allegations he defrauded investors out of billions of dollars while misrepresenting his company's cryptocurrency and other products.

The first 100 days of the next Trump administration and new Congress will be critical in showing signs of what's potentially in store for the healthcare sector cybersecurity, privacy and related regulatory and legislative issues in the new year, said Chelsea Arnone and Cassie Ballard of CHIME.

Step-by-Step Guide to Rebranding Your Cybersecurity Career With Transferable Skills
The start of a new year presents a perfect opportunity to reinvent yourself. With the right strategy - which focuses on personal branding, skill alignment and targeted networking - you can catch the eye of hiring managers and secure interviews that can lead to a new career path.

Experts on Ransomware, Deepfakes, AI Innovation and Cyber Defense the in Year Ahead
Crippling ransomware attacks, IT outages and relentless nation-state operations dominated headlines in 2024. Will 2025 bring even more disruption? Our panel of cybersecurity leaders, analysts and educators share their outlook for the top 10 trends to watch in the new year.

As healthcare entities embrace generative AI tools, it's critical they take a holistic approach addressing privacy and security governance, said Dave Perry, digital workspace operations manager, St. Joseph's Healthcare in Ontario, who discusses how his organization is tackling those challenges.

9 Telcos Have Been Breached by Beijing-Backed 'Salt Typhoon,' White House Says
U.S. telecommunications giants AT&T and Verizon Communications believe they have finally ejected Chinese cyber espionage hackers from their networks. The White House said the "Salt Typhoon" nation-state hackers infiltrated at least nine U.S. telcos' infrastructure, and have been hard to eject.

Cameron Wagenius Suspected of Extorting Snowflake Customers Over Stolen Data
A serving member of the U.S. Army has been arrested on a two-count indictment tied to the theft and sale of "confidential phone records," reportedly tied to the theft of terabytes of data from AT&T, Verizon and other customers of cloud data warehousing platform Snowflake.

Opponents Say Restructuring Will Undermine OpenAI's Security Commitments
OpenAI's attempt to convert to a for-profit company is facing opposition from competitors and artificial intelligence safety activists, who argue that the transition would "undermine" the tech giant's commitment to secure AI development and deployment.

Researcher Demonstrates Bitpixie Attack Tactics to Extract Encryption Key
A previously patched flaw in Windows BitLocker disk encryption feature is susceptible to attacks allowing hackers to decrypt information, new research has found. Security researcher Thomas Lambertz extracted data from the system memory, including the master key.

Treasury Tells Lawmakers Chinese Threat Actor Remotely Breached Agency Workstations
The U.S. Treasury Department notified lawmakers Friday that the agency was the victim of a major cyberattack in which Chinese-linked hackers gained access to unclassified documents after gaining access to remote workstations through a third-party software provider, BeyondTrust.

Fully homomorphic encryption can safeguard highly sensitive health data related to rare diseases, underserved populations and clinical trials as it is shared with medical researchers, said Kurt Rohloff, co-founder and CTO of Duality Technologies, who said projects to apply it are underway right now.

Flaw Exposed Vehicle Data and Private Details of Car Owners in Europe
A security snafu at a Volkswagen subsidiary exposed vehicle information and ownership details on approximately 800,000 cars, including precise location data and owners' personal profiles. A whistleblower found a vulnerability in the cloud storage accounts of Volkswagen subsidiary Cariad.