Plus: Bytedance’s $7 billion loophole, AI-enabled robo-surgeons, the U.S. Treasury hack, and an IBM antitrust probe—in the latest edition of Fortune’s flagship tech newsletter.
Category: cybercrime/malcode – Page 4
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients’ health data following a surge in massive healthcare data leaks.
These stricter cybersecurity rules, proposed by the HHS’ Office for Civil Rights (OCR) and expected to be published as a final rule within 60 days, would require healthcare organizations to encrypt protected health information (PHI), implement multifactor authentication, and segment their networks to make it harder for attackers to move laterally through them.
“In recent years, there has been an alarming growth in the number of breaches affecting 500 or more individuals reported to the Department, the overall number of individuals affected by such breaches, and the rampant escalation of cyberattacks using hacking and ransomware,” the HHS’ proposal says.
At the end of a year when Texas employees were among those targeted by hackers, the state has awarded a multi-million-dollar contract to a company that works with entities to increase technological efficiency and offer cybersecurity protection. Science Applications International Corporation (SAIC) announced Dec. 18 that it was awarded a $170.9 million contract from the Texas Department of Information Resources (DIR) to provide cybersecurity services in protection of state networks.
SAIC, which is headquartered in Reston, Va., and has been providing security services to California, Colorado and Virginia for years, also has worked with the Air Force in deploying “a cloud-based command and control capability” to air defense sectors with the North American Aerospace Defense Command (NORAD), according to information technology news website StateScoop. It employs about 24,000 people.
2024: A year when AI, quantum computing, and cybersecurity converged to redefine our digital landscape. For those navigating these complex technological frontiers, clarity became the most critical currency.
Inside Cyber, Key moments that resonated with our community:
• Cybersecurity Trends for 2025 Diving deep into the evolving threat landscape and strategic priorities.
• AI, 5G, and Quantum: Innovation and Cybersecurity Risks Exploring the intersection of emerging technologies and security challenges https://lnkd.in/ex3ktwuF
• PCI DSS v4.0 Compliance Strategies Practical guidance for adapting to critical security standards https://lnkd.in/eK_mviZd.
Researchers developed a technique that senses a model’s electromagnetic ‘signature’ and compares it to other models run on the same kind of chip.
• Ethics: As AI gets more powerful, we need to address ethics such as bias in algorithms, misuse, privacy and civil liberties.
• AI Regulation: Governments and organizations will need to develop regulations and guidelines for the responsible use of AI in cybersecurity to prevent misuse and ensure accountability.
AI is a game changer in cybersecurity, for both good and bad. While AI gives defenders powerful tools to detect, prevent and respond to threats, it also equips attackers with superpowers to breach defenses. How we use AI for good and to mitigate the bad will determine the future of cybersecurity.
Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN.
“These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings action on the HNAP (Home Network Administration Protocol) interface,” Fortinet FortiGuard Labs researcher Vincent Li said in a Thursday analysis.
“This HNAP weakness was first exposed almost a decade ago, with numerous devices affected by a variety of CVE numbers, including CVE-2015–2051, CVE-2019–10891, CVE-2022–37056, and CVE-2024–33112.”
LLMs can create 10,000 malware variants evading detection with 88% success, degrading ML classifiers and risking AI model security.
A data breach earlier this year at SRP Federal Credit Union has left nearly a quarter-million people exposed to possible identity theft and account fraud.
The ransomware group Nitrogen has claimed responsibility for extracting 650 gigabytes of sensitive customer data, according to reports filed recently with the state attorney general’s offices in Texas and Maine. The breach has been publicly reported throughout December by cybersecurity analysts, financial technology companies and national news media.
Screen captures of what seemed to be raw customer data from SRP were posted on social media through bogus accounts as early as Dec. 5.