DataBreachToday.com

Threat Actor 'Codefinger' Targets Cloud Environments
A ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS's server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

Executive Order Paves Way for Data Centers on Federal Land, Clean Energy Progress
The U.S. federal government will open up sites to developers of AI frontier models to build gigawatt-scale data centers with clean energy under an executive order signed Tuesday by President Joe Biden. AI applications are expected to drive soaring energy demands well beyond 2030.

British Government Proposals Also Include Payment Bans for Critical Infrastructure
Banning ransom payments by public sector and critical infrastructure entities, notifying the government of any intent to pay a ransom, and reporting incidents to authorities comprise three counter-ransomware initiatives proposed by the British government. Which ones will pass muster?

How Cloud Security Buyers Balance Functionality, Cost, Features and Innovation
The debate between pure-play cloud security solutions and integrated platforms intensifies as the market consolidates. While pure-play vendors such as Wiz offer innovation and deep functionality, platforms such as Palo Alto Networks and CrowdStrike provide cost-effective and comprehensive options.

Malware Used a Hardcoded IP Address for Command and Control
U.S. federal law enforcement said Tuesday it deleted more than 4,000 instances of PlugX malware used in a Chinese cyberespionage operation after a European partner gained control of the malware's command and control server. PlugX spreads through infected USB drives.

HHS OCR Letter Also Reminds Entities That AI Tool Use Must Comply with HIPAA
Federal regulators are reminding healthcare providers, insurers and other regulated firms of their duty to ensure that AI and other emerging technologies for clinical decision making and patient support are not used in a discriminatory manner - and comply with HIPAA.

Proposals Calls for AI Growth Zones and National Data Library
British Prime Minister Keir Starmer unveiled a plan for converting the United Kingdom into an artificial intelligence "world leader," allowing it to shape the next phase of the "AI revolution." Key recommendations include creating multiple AI growth zones and a national data library.

Mitigating Cybersecurity, Privacy Risks for New Class of Autonomous Agents
Many organizations are looking to artificial intelligence agents to autonomously perform tasks that surpass traditional automation. Tech firms are rolling out agentic AI tools that can handle customer-facing interactions, IT operations and a variety of other processes without human intervention, but experts are cautioning security teams to watch for cyber and privacy risks.

Experts Weigh the Pros and Cons of Work Culture and Merging AML and Fraud Teams
A recent report found that more than 57,000 Americans fall victim to scams every day. Financial fraud is rising globally. In response, the National Automated Clearinghouse Association is pushing for real-time fraud monitoring by 2026, requiring closer collaboration between fraud and AML teams.

Alterya's AI-Powered Data Will Combat Scams Across Traditional Financial Ecosystems
Alterya's AI agents now power Chainalysis' fraud prevention, integrating off-chain data sources such as Venmo and Zelle with blockchain analytics. This acquisition marks a significant step in detecting and stopping scams earlier in the fraud cycle, said Chainalysis CEO Jonathan Levin.

New Export Rules Limit AI Chip Access Globally, Sparking Industry Criticism
U.S. export controls slated for publication Monday aim to block foreign adversaries from accessing American advanced computing chips and blueprints for machine learning models. Nvidia and industry leaders have criticized the policy, warning it may harm innovation.

Guardrails Bypassed on Azure OpenAI to Generate 'Thousands of Harmful Images'
Microsoft filed a lawsuit targeting a cybercrime service used to generate "thousands of harmful images" by subverting the guardrails built into its Azure generative artificial intelligence tools. The company said attackers built a tool that reverse-engineered the guardrails in its AI platform.

Days Are Dwindling, But Biden White House Unveils New AI Roadmap for HHS
With 10 days left in office, the Biden administration released an artificial intelligence strategic plan for the U.S. Department of Health and Human Service. HHS called the plan a "comprehensive roadmap" outlining the department’s "commitment to trustworthy, ethical and equitable AI use.

Nvidia, Semiconductor Trade Group Push Back Against Reported Chip Restrictions
The White House’s reported final push to impose tighter restrictions on global semiconductor exports, including artificial intelligence chips critical for data centers, has drawn strong criticism from Nvidia and the semiconductor industry in the last days of the administration.

Also: Cybersecurity Tech Leader Amit Yoran’s Life, Leadership and Legacy
In this week's update, ISMG editors discussed the escalating geopolitical cyberthreats expected in 2025, including advanced and persistent campaigns linked to Chinese actors. Panelists also paid tribute to Amit Yoran, one of the cybersecurity industry's most influential leaders.

Cyberespionage Campaign Reached Treasury Office that Reviews Foreign Investment
Chinese hackers reportedly breached a U.S. government office responsible for reviewing foreign investments for national security threats as part of a cyberespionage campaign targeting the Department of Treasury. Hackers gained access to the Committee on Foreign Investment in the U.S.

Cybercrime History Teaches That Paying a Ransom for Data Deletion Is Foolish
Data breach victim PowerSchool, maker of a widely used K-12 student information system platform, has been attempting to assure schools, and parents and guardians, by saying its attacker has promised to delete the stolen data. What's the old saying about those who fail to learn from history?

Many important efforts by the Cybersecurity Infrastructure and Security Agency to help the healthcare sector and other critical infrastructure sectors bolster their cybersecurity are likely to continue under the incoming Trump administration, predicted CISA Deputy Director Nitin Natarajan.