BankInfoSecurity.com

AI, Security Experts Discuss Who Defines the Risks, Mitigation Efforts
An attempt by the California statehouse to tame the potential of artificial intelligence catastrophic risks hit a roadblock when Governor Gavin Newsom vetoed the measure late last month. One obstacle is lack of a widely-accepted definition for "catastrophic" AI risks.

Also: AI Safety Bill Vetoed, Global Ransomware Response Guide Gets Some Revisions
In the latest weekly update, ISMG editors discussed the implications of the U.S. investigation into Chinese hackers targeting telecom wiretap systems, the catastrophic risks of AI and the recent veto of an AI safety bill in the U.S., and the latest global ransomware response guidance.

Ransomware Gang Could Have Axis Health's Mental Health, Drug Abuse Records
Ransomware gang Rhysida is threatening to dump data on the darkweb that belongs to a Colorado provider of mental health, substance abuse and other healthcare services unless it pays nearly $1.5 million. The group is leaking records it claims to have stolen from a Mississippi nursing home.

Agency Says Cookies Could Help Attackers Find Network Assets, Vulnerabilities
Unencrypted cookies tied to a suite of secure gateway technology from F5 are gateways for hackers to reach internal devices on corporate networks, warns the Cybersecurity and Infrastructure Security Agency. BIG-IP uses persistent cookies as a traffic load-balancing convenience.

Why Cybersecurity Is a Public Imperative
Data is one of the most valuable assets in today's digital age. Cyberthreats come in many forms, such as phishing attacks, ransomware, data breaches and malware infections, and failing to protect your data can cause severe financial, reputational and operational damage.

It's yet to be determined whether a handful of states or the federal government will lead the charge in adopting comprehensive regulations involving the use of artificial intelligence in healthcare, said regulatory attorney Betsy Hodge, a partner in law firm Akerman.

CyberEdBoard Members and ISMG Editors on Incident Response, AI and Defense Trends
This week, CyberEdBoard members Jon Staniforth and Helmut Spöcker joined ISMG editors to unpack the hot topics at ISMG's London Cybersecurity Summit 2024, including ransomware lessons learned, AI trends and the growing importance of continuous learning and resilience in the cybersecurity industry.

Hacktivists Are Likely to Increasingly Adopt Cybercrime Tactics, Report Says
Ransomware hacks and self-declared hacktivist denial-of-services attacks were the most prolific threat to European Union members over the 12-month period ending in June, the EU cyber agency warned, adding that the nexus between nation-state hackers and hacktivist groups poses an emerging threat.

Unfiltered Training Data Can Cause Safety Issues, Spread Misinformation
LinkedIn this week joined its peers in using social media posts as training data for AI models, raising concerns of trustworthiness and safety. The question for AI developers is not whether companies use the data or even whether it is fair to do so - it is whether the data is reliable or not.

Experts Say Feds May Face Cost and Timeline Challenges in Quantum Readiness
The United States is preparing for an age of quantum computing as federal agencies roll out initiatives designed to boost "quantum readiness," and as experts warn the government may face issues that delay its ability to defend against a future of advanced threats enabled by the emerging technology.

No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply Chain
Secure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking. But as this week revealed to the dismay of terrorists and criminals alike, no OpSec measure is bulletproof to the effects of a corrupted supply chain.

As threat actors continue to evolve their attacks to circumvent security measures, cyber insurers are raising the bar for prospective healthcare security clients. Underwriters are increasing their scrutiny and adding new coverage requirements, said Chris Henderson of cybersecurity company Huntress.

Microsoft Says Russia-Linked Cyber Actors Are Supporting Trump by Attacking Harris
Microsoft warned the Kremlin is targeting the 2024 presidential election campaign of Vice President Kamala Harris with its wide-ranging election interference operations. Russian groups likely aligned with the Kremlin have shifted their focus to the Harris campaign in recent months.

Riverwood Capital Leads Investment in Security Validation Firm to Grow in Americas
Picus Security has received $45 million in funding led by Riverwood Capital. The investment will accelerate product development in exposure management, including attack surface management and automated pen testing. The company plans to expand further in the Americas, targeting key growth areas.

Chinese Botnet Targets US Critical Infrastructure and Taiwan
A Chinese state-sponsored botnet called Raptor Train has infected more than 260,000 IoT and office network devices to target critical infrastructure globally. The hackers used zero-days and known vulnerabilities to compromise more than 20 different types of devices to expand their botnet.

German Law Enforcement Reportedly Deanonymized Tor User in 2021
The Tor Project on Wednesday reassured users that they will remain anonymous after media reported that German police successfully used Tor to trace the alleged administrator of a child pornography site. Tor users can continue to use the browser "securely" and the "Tor Network is healthy," it said.

Tell Interviewers How You Respond to Incidents and Solve Problems
The STAR - Situation, Task, Action, Result - method is a widely used framework for answering behavioral interview questions. It allows job candidates to present their experiences in a structured way, making it easier for interviewers to understand their problem-solving skills and real-world impact.