DataBreachToday.com

Cognex Says It Won't Patch Flaws
Nearly a dozen serious vulnerabilities in a Cognex industrial smart camera will go without a patch because the company says the model is "too old to merit a fix." Industrial security firm Nozomi Networks uncovered nine flaws during a security assessment.

2024 Cyberattack Was One of Several on Other Blood Suppliers in US, UK
OneBlood, which provides blood supplies to 250 hospitals in Florida, Georgia and the Carolinas, will pay $1 million to settle proposed class action litigation filed against the non-profit entity in the wake of a 2024 ransomware attack that compromised the information of nearly 170,000 individuals.

Machine Identities Outpace Human Ones, But Accountability Lags Behind
Machine identities already outnumber human users in many organizations, but the answer to who owns them, who rotates their keys, audits their actions and takes the fall when something goes wrong often depends on who's responding - and the answers rarely align.

Global Cyber Agencies Call for Exhaustive OT Inventories to Combat Threats
Global cyber agencies are urging critical infrastructure owners and operators to maintain "definitive records" of their complex operational technology environments, calling for exhaustive asset visibility as regulators shift toward prescriptive mandates to counter escalating threats.

Carmaker Anticipates Phased Restart of Production
The British government will guarantee a 1.5 billion pound loan to Jaguar Land Rover as the embattled carmaker grapples with the fallout of a September cyberattack that froze production and sales across the globe. The government backed-loan shows the hack endangered "national economic security."

OpenAI, Apollo Research Find Models Hide Misalignment; Training Cuts Deception
Frontier artificial intelligence models are learning to hide their true intentions to pursue hidden agendas, said OpenAI and Apollo Research. Researchers say the risk of deception needs to be tackled now, especially as AI systems take on more complex, real-world responsibilities.

MIND Act Asks FTC to Study Exploitation Risks for Neural Data Collected by Devices
Are brain waves and similar neural data the next frontier in consumer privacy worries? A trio of U.S. senators have introduced federal legislation aiming to get ahead of risks that such brain-related data could be collected and misused by tech firms, data brokers, government agencies and others.

Cybersecurity Programs, Workforce Face Disruption If Congress Fails to Act
A potential government shutdown threatens to gut federal cybersecurity operations, with key programs set to expire, agency cyber staff facing layoffs and no public contingency plans in place - leaving core defenses, threat sharing and incident response at risk.

Eset: Lazarus Group Shares Backdoor With Newer Pyongyang Threat Actor
A gang of North Korean hackers behind fake IT job recruitment scams now have access to a remote access Trojan favored by their more technically advanced counterparts tracked collectively as the Lazarus Group, say security researchers.

Researcher Finds Database of Sensitive Patient Info With No Password Protection
An unencrypted database containing nearly 150,000 patient records of a California provider of home health and palliative care services was left exposed on the internet, said a cybersecurity researcher who discovered the unsecured data cache. Why does this keep happening in the healthcare sector?

Newly Implemented Rule to Boost Cloud Competition and AI Development
The EU Data Act is now in its second phase of implementation, shifting the balance of power by granting users rights over the data generated by their connected devices and services. Beyond banning unfair contract terms and eliminating vendor lock-in, the act mandates data portability and access.

CISA Issues Emergency Directive After Cisco Exploits Persist After Reboot
CISA issued an emergency directive Thursday after discovering an advanced hacking campaign exploiting two persistent zero-days in Cisco firewall gear - malware that survives system reboots and upgrades - forcing agencies to disconnect vulnerable devices by Friday.

'RedNovember' Has Hacked Organizations in the US, Asia and Europe
A hacking group associated with widespread compromise of edge devices is a Chinese-state-aligned group, says cybersecurity firm Recorded Future. The firm says the threat actor, which it now tracks as RedNovember, is "highly likely a Chinese state-sponsored threat activity group."