BankInfoSecurity.com

Advisory Warns Iranian Threat Actors Use 'Push Bombing' to Target Critical Sectors
Iranian cyber actors are increasingly using brute force techniques, such as password spraying and multifactor authentication push bombing, to target critical infrastructure sectors, according to a cybersecurity advisory released Wednesday by the Cybersecurity and Infrastructure Security Agency.

Trail Acquisition Brings Enhanced DLP, DSPM Integration, Safeguards Data in Motion
With the $162 million buy of Trail Security, Cyera will offer customers AI-enhanced data loss prevention alongside its DSPM solution. The new platform promises stronger, real-time data protection for sensitive information both in motion and at rest, helping enterprises meet security demands.

New NCSC Chief Also Warns of Threefold Increase in Severe Cyberattacks
The U.K. experienced a 50% spike in cybersecurity incidents posing national security risks this year, according to NCSC CEO Richard Horne. Growing advancements in emerging tech are widening the gap between offensive and defensive cyber capabilities, he warned.

Hackers May Have Reverse-Engineered February Patch
Hackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation. Some security researchers say a February patch may not have fully squashed a flaw.

Chinese Cybercrime Groups Ran Operations in Rented Hotels and Guest Houses
Sri Lankan authorities have arrested more than 200 Chinese nationals who they say overstayed their visitor visas and engaged in large-scale financial scam operations targeting victims across Asia. The Chinese Embassy in Colombo says it supports the law enforcement crackdown.

Nordic Authorities Take Down Sipulitie, Dutch Police Arrest Alleged Bohemia Admins
October has been a good month for European police agencies shutting down darkweb marketplaces, with Dutch, Finnish and Swedish police announcing server seizures and suspect arrests. It's been more than a decade since Ross "Dread Pirate Roberts" Ulbricht initiated an era of online criminal bazaars.

Transforming Technical Expertise Into Strategic Leadership
The rapid proliferation of IoT devices introduces significant security risks that require CISOs and top corporate leaders to step up, reduce risks and align IoT security with mission-critical objectives.

Gartner Forecasts Global Shipments of AI PCs to Increase by 165.5% in 2025
AI PCs are expected to make up 43% of all PC shipments by 2025, from 17% in 2024. The demand for AI-powered laptops is forecast to outpace that for desktops, and by 2026, AI laptops will be the "only choice of laptop available to large businesses."

Nearby Texas Tech University Health Sciences Center's IT Systems Also Still Offline
Nearly three weeks after a ransomware attack, UMC Health System has restored electronic health records, but the Texas-based public health system is still working to recover other patient care IT systems. Nearby Texas Tech University Health Sciences Center is still dealing with a related outage.

Integration of DSPM Firm Dasera Enhances Data Protection Across Cloud Environments
Netskope’s purchase of Dasera enhances its data security posture management capabilities, enabling customers to secure both structured and unstructured data across cloud and on-premises environments. The integration will offer a platform for holistic data protection and security posture management.

Data Regulator Likely Reviewing Insider Threat Case at Intesa Sanpaolo Bank
Intesa Sanpaolo bank of Italy this week told the country's data regulator that an employee - who has since been fired - accessed sensitive banking details of the country's prime minister and other politicians for years. The Italian Data Protection Authority is investigating the data breach.

Lawmakers Demand Answers, Security Overhaul After Chinese Hack of Telecom Networks
Congress is demanding answers from AT&T, Verizon, and Lumen after reports revealed that Chinese hackers breached U.S. telecom infrastructure, targeting systems linked to court-authorized wiretaps, as the FBI and the Cybersecurity and Infrastructure Security Agency investigate the Salt Typhoon group.

Texas-Based Gryphon Healthcare Says an Unnamed Third Party Was at Center of Breach
A Texas-based revenue cycle management firm is notifying about 400,000 individuals of a hacking incident it says originated with another third party. The incident is among a growing list of major breaches implicating vendors and cumulatively affecting tens of millions of patients so far this year.

Sector Uses Multifactor, Eschews Cloud, Can't Afford Cyber Insurance
The oil and gas industry has high levels of cyber awareness and low levels of cyber insurance, says a sectoral assessment from credit rating agency Moody's. The sector has experienced a clutch of high-profile attacks including a high-profile 2021 incident at Colonial Pipeline.

Only Six Nations Have Incorporated NIS2 Into National Statute
Most European countries are set to miss a trading bloc deadline for implementing a key cybersecurity regulation that requires measures such as mandatory security auditing for essential services such as hospitals and banks. Just six countries have integrated the NIS2 directive into national law.

Naming and Sanctioning Cybercrime Syndicate Members Has Repercussions, Police Say
Western law enforcement may not be able to bust every last Russian cybercrime suspect, but newly revealed efforts against Evil Corp and LockBit reveal suspects arrested while on vacation, as well as the psychological fallout criminal syndicates face when members get named, indicted and sanctioned.

Critical Infrastructure Firms Are Hiring - and Paying Well
As digital transformation continues to reshape industries, the convergence of operational technology and cybersecurity has emerged as a critical area of focus. But there's a noticeable gap in the workforce. Professionals who truly understand both OT and cybersecurity are in short supply.

SEGs have performed admirably for many years, but they’re no match for this new generation of email attacks, and relying on outdated tools can have catastrophic consequences. By upgrading to a behavioral AI-based solution, you can defend against emerging threats and become more proactive in the fight against cybercrime.