CU InfoSecurity
Unknown date
Guidance
The article discusses the benefits of an identity-first model over traditional admin rights, emphasizing reduced risk and improved business operations. It also promotes a webinar session by CyberArk on practical endpoint control techniques.
Enabling Practical Endpoint Control Without Productivity Trade-offs Removing local admin rights often creates helpdesk and user friction. An identity-first model reduces risk while keeping business operational. Join CyberArk's practical webinar session to learn how identity-first endpoint control replaces standing admin rights with just-in-time access.
CU InfoSecurity
Unknown date
Guidance
• Financial institutions should implement risk-based controls to limit initial trust for new customers during online account opening.
• Effective strategies include establishing customer behavior before full trust is granted.
Cadence Bank's Brent Phillips Focuses on Controls for Online Account Opening Financial institutions face rising losses from first-party fraud schemes that begin with online account opening. One of the most effective ways to reduce exposure involves practical, risk-based controls that limit how much trust new customers receive before their behavior can be established.
CU InfoSecurity
Unknown date
Security
The webinar discusses the challenges of implementing AI in a secure manner and emphasizes the need for a cyber-resilient approach. It highlights the importance of balancing innovation with robust security measures.
CU InfoSecurity
Unknown date
Security
• Cybercrime outcomes continue to worsen despite stronger controls and broader collaboration among security teams.
• AI-based attacks are increasingly challenging cyber defenders, according to Brian Cute of the Global Cyber Alliance.
Global Cyber Alliance: as AI Fuels Cybercrime, Outcomes Keep Getting Worse Security teams report stronger controls and broader collaboration each year. Yet cybercrime outcomes continue to worsen. Brian Cute of the Global Cyber Alliance says artificial intelligence-based attacks are tipping the scales against cyber defenders.
CU InfoSecurity
Unknown date
Enforcement|security
US sanctions U.K.-registered exchanges over Iran ties; Step Finance and CrossCurve experience hacks; Coinbase data breach and ad ban in the UK.
Also: US Sanctions UK-Registered Exchanges Over Iran Ties This week, Step Finance and CrossCurve hacks, the United States sanctioned U.K.-registered exchanges over Iran ties, forfeiture finalization of funds linked to Helix, Coinbase data breach, 2025's illicit crypto flows and a UK regulator banned Coinbase ads.
CU InfoSecurity
Unknown date
Security
TRM Labs has raised $70 million in Series C funding for AI-driven investigations and compliance tools; the company aims to combat cybercrime using advanced AI technologies.
Funding at $1B Valuation Targets AI-Driven Investigations and Compliance Tools TRM Labs has secured $70 million in Series C funding led by Blockchain Capital reaching a $1 billion valuation. CEO Esteban Castano says the money will boost AI-powered investigations, compliance automation and intelligence as criminals use AI to scale cybercrime faster than defenders can respond.
CU InfoSecurity
Unknown date
Rules|guidance
Key points: Federal rules for the confidentiality of substance use disorder records under HIPAA are changing; critical questions remain unanswered regarding Part 2 programs; compliance deadline is approaching.
As the compliance deadline quickly approaches for changes to align the federal rules for the confidentiality of substance use disorder records with HIPAA, entities that participate in so-called Part 2 programs still face critical unanswered questions, said attorney Aleksandra Vold of BakerHostetler.
CU InfoSecurity
Unknown date
Security
Ransomware group Clop's initial 25% of victims paying ransoms dropped to zero by 2023; steal-and-leak campaigns are becoming less effective.
Revenue From Supply-Chain Attacks by Clop Group Sharply Fell, Report Investigators Once lucrative steal-and-leak campaigns pioneered by Russian ransomware group Clop look set to go the way of the dinosaurs. While an estimated 25% of victims paid a ransom in the inaugural campaign five years ago, the number of victims that paid fell to zero by 2023, report ransomware responders.
CU InfoSecurity
Unknown date
Security
• 2025 saw a record 3,322 U.S. data breaches with only 30% of breach notices providing actionable details.
• James Lee from ITRC warns that the lack of transparency in these notices increases risk for individuals and businesses.
ITRC Report: 2025 Breach Notices Lack Critical Details as AI-Based Attacks Surge The Identity Theft Resource Center tracked a record 3,322 U.S. data breaches in 2025, more than any previous year. Yet, only 30% of breach notices included actionable details that other defenders need. ITRC's James Lee warns that this lack of transparency puts people and businesses at greater risk.
CU InfoSecurity
Unknown date
Enforcement
- Capital Health agreed to pay $4.5 million in settlement for a 2023 ransomware attack affecting over 500,000 patients and employees.
- The breach involved data theft by the LockBit group.
Class Action Stems From 2023 Ransomware Attack Affecting More Than 500,000 Capital Health, which operates hospitals and other facilities in New Jersey and Pennsylvania, agreed to pay $4.5 million to settle consolidated class action litigation involving a 2023 LockBit ransomware and data theft attack affecting more than a 500,000 patients and employees.
CU InfoSecurity
Unknown date
Guidance|security
Experts recommend deploying phishing-resistant multifactor authentication, monitoring for attacks, and using live video verification. These measures aim to safeguard against sophisticated voice phishing campaigns designed to trick employees and steal sensitive corporate data.
Sophisticated Voice Phishing Campaigns Don't Exploit Any Software Vulnerabilities Amidst persistent voice phishing campaigns designed to trick employees and steal sensitive corporate data, security experts recommend organizations deploy phishing-resistant multifactor authentication, monitor for attacks and use "live video verification" to safeguard authentication changes.
CU InfoSecurity
Unknown date
Guidance
The article emphasizes the importance of implementing stronger identity and configuration controls to reduce cloud breach risks. It highlights best practices for enhancing security measures in cloud environments.
CU InfoSecurity
Unknown date
Security
The webinar focuses on cybersecurity strategies to prevent breaches and secure cloud environments. Participants will learn about the latest threats and best practices for protecting sensitive data.
CU InfoSecurity
Unknown date
Security
• Attack intensity surged over the recent holiday period as hackers used automated bots.
• Cybersecurity defenders are advised to remain vigilant despite reduced activity levels during holidays.
Honeypots Reveal Automated Bots' 'Attack Intensity' Surged Over Christmastime 2025 Memo for cybersecurity defenders: Honeypots reveal attack intensity surged over the recent holiday period, as hackers continued their well-known propensity for probing defenses and striking in the off hours, using highly automated bots, to try and maximize their dwell time before discovery.
CU InfoSecurity
Unknown date
The article highlights the increasing risk of financial crimes due to AI and deepfakes. It suggests that investigators need better data, architecture, and AI-based detection systems to combat these threats.
ACAMS Says Investigators Need Better Data, Architecture and AI-Based Detection The financial system has a trust problem driven by artificial intelligence, and CIOs looking to prevent fraud and other financial crimes will only face more challenges as criminals find new ways to use AI to swindle, according to an Association of Certified Anti-Money Laundering Specialists survey.
CU InfoSecurity
Unknown date
Enforcement
- Comstar paid $515,000 to Massachusetts and Connecticut regulators for a 2022 hacking incident affecting nearly 350,000 residents.
- The firm also paid $75,000 last year to settle HIPAA allegations related to the same breach.
Comstar Paid Feds $75K Last Year to Settle HIPAA Allegations in Same 2022 Breach An ambulance billing and collections firm has agreed to pay $515,000 to Massachusetts and Connecticut regulators and implement a prescriptive information security program in the aftermath of a 2022 hacking incident affecting the sensitive information of nearly 350,000 residents in those states.
CU InfoSecurity
Unknown date
Security
South Korean prosecutors probed missing seized bitcoin; U.S. SEC dropped litigation against Gemini Earn; major hacks and a $37 million laundering prison sentence.
Also: CZ on Trump Pardon, Arrest in Crypto-Linked Drug Case This week, South Korean prosecutors probed missing seized bitcoin. CZ said a Trump pardon eased his conviction burden. A former Olympian arrested in a crypto-linked drug case. The U.S. SEC dropped litigation against Gemini Earn. Major hacks and a $37 million laundering prison sentence.
CU InfoSecurity
Unknown date
Security
• 3,322 data breaches occurred in the U.S. in 2025, setting an all-time record high.
• The number of notifications sent to affected consumers decreased sharply.
Identity Theft Resource Center Catalogs 3,322 Known US Incidents in 2025 The number of U.S. organizations that reported falling victim to a data breach in 2025 reached an all-time high, while the number of notifications they sent to affected consumers fell sharply, reports the Identity Theft Resource Center's latest annual breach roundup.
CU InfoSecurity
Unknown date
Security
The webinar discusses AI and quantum attacks, providing strategies for credit unions to defend against next-generation threats. It aims to equip compliance officers with the knowledge needed to protect their institutions.
CU InfoSecurity
Unknown date
Security
• Web-based client of Idis surveillance management software can be exploited through a one-click attack leading to code execution. • This vulnerability allows hackers to escalate privileges and execute arbitrary code on the host.
Web-Based Client on Local Host Didn't Sanitize Inputs Video camera surveillance management software made by South Korean manufacturer Idis is susceptible to a one-click attack giving hackers the power to execute arbitrary code. The vulnerability allows an attacker to escalate beyond the browser sandbox and achieve code execution on the host.
CU InfoSecurity
Unknown date
Security
The webinar explains the risks associated with unsanctioned AI tools and how they can lead to data loss. It highlights the importance of identifying and managing these tools within an organization.
CU InfoSecurity
Unknown date
Security
- ShinyHunters campaign uses voice phishing to bypass multifactor authentication and steal corporate data.
- At least 150 organizations, including some in the financial sector, are targeted by this active and ongoing campaign.
ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate Data Security experts warn that "an active and ongoing campaign" being waged by ShinyHunters extortionists has at least 150 organizations in its sights across a range of sectors, with attackers using live voice phishing to bypass multifactor authentication, steal cloud data and hold it to ransom.
CU InfoSecurity
Unknown date
Security
The article discusses the importance of modern Privileged Access Management (PAM) and audit-ready access controls for credit unions in 2026. It emphasizes the need for robust security measures to protect sensitive information.
CU InfoSecurity
Unknown date
Security
Memcyco raised $37 million for its AI-powered scam detection platform; plans to expand sales and develop new features.
Digital Risk Protection Startup to Expand Preemptive Scam Detection Tools With brand impersonation and account takeover attacks surging, Memcyco raised $37 million in Series A funding to scale its preemptive scam detection platform. The firm plans to grow its sales team, develop AI-based features and support new product launches in the coming year.
CU InfoSecurity
Unknown date
Security
A legacy client-server application protocol vulnerability allows unauthenticated users to gain root access; more than 800,000 servers could be targeted. Credit unions should assess their systems for open telnet ports.
Telnet Flaw Allows Unauthenticated Users to Gain Root Access Hackers are on the hunt for open telnet ports in servers after discovering that a version of legacy client-server application protocol is vulnerable to an authentication bypass vulnerability. More than 800,000 servers could be actively targeted in the wild.