CU InfoSecurity
Unknown date
Guidance
The webinar discusses how Agentic AI can enhance compliance and security decisions by providing context. It highlights the benefits of using AI in understanding complex regulatory environments.
CU InfoSecurity
Unknown date
Security
The webinar discusses how Agentic AI can enhance compliance and security decisions by providing context. It emphasizes the importance of understanding the 'why' behind decisions, which can improve overall decision-making processes.
CU InfoSecurity
Unknown date
Security
- The article discusses how the reliance on point solutions for security is breaking down due to consolidation.
- CISOs and CIOs need to rethink their security architecture to address new challenges.
How Consolidation Is Forcing CISOs and CIOs to Rethink Security Architecture For more than a decade, enterprise security has relied on point solutions. Companies invested in separate tools - endpoint detection, firewalls, cloud security and IAM - each designed to address a specific threat or compliance requirement. But that approach is starting to break down.
CU InfoSecurity
Unknown date
Security
The webinar discusses the transition from continuous controls monitoring to continuous assurance through the use of a security data fabric. It highlights how this approach can enhance compliance and risk management.
CU InfoSecurity
Unknown date
Security
The webinar discusses how a Security Data Fabric can enhance continuous controls monitoring and move towards continuous assurance. It highlights the importance of integrating data from various sources for effective compliance management.
CU InfoSecurity
Unknown date
Security
• High-assurance identity proofing combining biometrics, liveness detection, and verified IDs is crucial to prevent impersonation in remote work environments.
• The article highlights the growing threat of stolen and synthetic identities driven by deepfakes.
The Urgency of High-Assurance Identity Proofing Amid Growing Identity Fraud Remote work has fueled a new crimewave built on stolen and synthetic identities. As deepfakes scale, high-assurance identity proofing - combining biometrics, liveness detection and verified IDs - becomes essential to verify users, prevent impersonation and protect enterprise access.
CU InfoSecurity
Unknown date
Security
• A security flaw in 'WhisperPair' technology could allow hackers to covertly record conversations and track users. • This vulnerability may persist for years, posing a significant risk to credit union members.
'WhisperPair' Flaw Likely to Endure for Years A hacker could secretly record phone conversations, track users' locations and blast music through headphones due to a flaw in implementations of a Google-developed low-energy technology for discovering nearby Bluetooth devices.
CU InfoSecurity
Unknown date
Security
• Okta warns of a surge in voice-phishing attacks targeting single sign-on access.
• These attacks bypass some types of multifactor authentication and allow attackers to manipulate what the target sees in their browser.
Okta Alerts Customers' CISOs to Malicious Campaigns Seeking Single Sign-On Access A surge in attacks that bypass some types of multifactor authentication has been tied to a new generation of voice-phishing toolkits that give attackers the ability to orchestrate what a target sees in their browser, warns a new report from Okta, which is among the services being targeted.
CU InfoSecurity
Unknown date
Security
A Russia-linked ransomware group stole and leaked data from 72.7 million Under Armour customers after a failed extortion attempt; the incident highlights cybersecurity risks for large organizations.
Russia-Linked Ransomware Group Dumps Customer Data After Failed Extortion Attempt Under Armour may trade on the "blood, sweat, respect" slogan, but a Russia-linked ransomware group hasn't been abiding, after they stole data pertaining to 72.7 million of the athleisure giant's customers, then leaked it on darkweb sites after saying the retailer refused to pay a ransom.
CU InfoSecurity
Unknown date
Security
The webinar focuses on minimizing outages through reliability and AI-driven API protection. It aims to help credit union compliance officers enhance their cybersecurity measures.
CU InfoSecurity
Unknown date
Security
The webinar focuses on strategies for preventing data breaches and securing cloud environments. Attendees will learn about best practices in cybersecurity to protect against attackers.
CU InfoSecurity
Unknown date
Security
DOGE uploaded sensitive data including Social Security numbers to an outside server; a phishing attack affected 750,000 Canadians.
Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS Code.
CU InfoSecurity
Unknown date
Security
- South Korea dismantled a $102 million money laundering ring.
- Saga paused SagaEVM after a $7 million exploit, and Makina Finance lost $5 million.
Also: $7M Saga and $5M Makina Finance Exploits This week, South Korea dismantled a $102 million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win ethereum transaction auctions for free.
CU InfoSecurity
Unknown date
Security
- A zero-day vulnerability in Cisco's Unified Communications and Webex products allows remote code execution and root-level access.
- Cisco has released emergency patches, but no workarounds exist.
Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise Attackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.
CU InfoSecurity
Unknown date
Security
Machine identities continue to grow as automation and AI initiatives expand. Lack of governance and visibility create new security vulnerabilities.
CISOs Grapple With AI Blind Spots, Excessive Permissions and Governance Issues Machine identities continue to multiply as organizations push automation, cloud services and AI-driven initiatives deeper into core operations. This rapid growth creates new vulnerabilities, especially when non-human identities lack governance or are completely invisible to security teams.
CU InfoSecurity
Unknown date
Enforcement
Veradigm agreed to pay $10.5 million to settle a hack lawsuit involving a breach affecting more than a dozen healthcare clients and 2.5 million patients; the incident was discovered in mid-2025 after it occurred in December 2024.
Breach Affected More Than a Dozen Healthcare Clients, 2.5M Patients Electronic health records vendor Veradigm agreed to pay $10.5 million to settle consolidated class action litigation involving a December 2024 hacking incident discovered in mid-2025 that affected more than a dozen healthcare provider clients and about 2.5 million of their patients.
CU InfoSecurity
Unknown date
Security
Check Point identifies VoidLink as the first 'advanced' AI-generated malware framework; a single developer created it in less than a week. This challenges assumptions about development timelines for complex malware.
Check Point Identifies VoidLink Framework First 'Advanced' AI-Generated Threat A single developer built a Linux malware framework in less than a week using artificial intelligence, said security researchers. Check Point researchers say this is a case of AI-generated malware reaching operational maturity at a pace that challenges assumptions about development timelines.
CU InfoSecurity
Unknown date
Security
Key points include the importance of balancing AI innovation with robust security practices and the need for ongoing monitoring and adaptation. The webinar also highlighted successful strategies and common pitfalls in implementing AI systems.
CU InfoSecurity
Unknown date
Guidance
The article discusses the benefits of using a unified platform for improving visibility and response in compliance operations. It highlights how such platforms can enhance data management and streamline regulatory reporting processes.
CU InfoSecurity
Unknown date
Security
• Minnesota Department of Human Services notifies 304,000 people of a data breach involving inappropriate access by a healthcare provider worker. • State officials are monitoring the incident for potential fraud.
State Monitoring Incident Involving a Health Entity Worker for Potential Fraud The Minnesota Department of Human Services is notifying nearly 304,000 people of data breach involving someone at a healthcare provider who inappropriately accessed information from an IT system managed by a vendor. State officials are monitoring the incident for potential fraud.
CU InfoSecurity
Unknown date
Security
• Fraud and risk teams must enhance 'know your customer' checks due to rapidly improving deepfake technology.
• Synthetic identities, convincing face-swaps, and defeated biometric checks pose significant risks.
Easy-to-Use Deepfake Services for Criminals Rapidly Improving, Researchers Warn Financial firms' fraud and risk teams must bolster know-your-customer checks in the face of increasingly effective and affordable deepfake technology and services that can generate synthetic identities, convincing face-swaps and defeat "live" biometric checks to bypass defenses, warn researchers.
CU InfoSecurity
Unknown date
Security
Cyber-enabled fraud has become the top concern for CEOs in 2026, surpassing ransomware. AI is reshaping both cyber risks and defenses.
Findings From WEF's 2026 Report Show Shifting Cyber Priorities as AI Reshapes Risk Cyber-enabled fraud has overtaken ransomware as the top cybersecurity concern for CEOs heading into 2026, according to the World Economic Forum's Global Cybersecurity Outlook 2026, released ahead of the Davos meeting. AI is a top emerging technology affecting both cyber risk and cyber defense.
CU InfoSecurity
Unknown date
Enforcement|security
- Police raided two suspected members of the Black Basta ransomware group in Ukraine and issued an international arrest warrant for their Russian founder.
- The group has targeted over 600 victims worldwide, with many millions in ransom payments.
Crackdown Targets Multiple Members of Cybercrime Group, Including 'Hash Crackers' Police raided two suspected members of the notorious Black Basta ransomware group - tied to over 600 victims worldwide and many millions in ransom payments - in Ukraine and issued an international arrest warrant for the Russian national suspected of being the operation's founder and ringleader.
CU InfoSecurity
Unknown date
Security
AI agent can exploit known vulnerability to steal user files; security researchers demonstrated the flaw. Credit union compliance officers should monitor for similar vulnerabilities in third-party tools.
AI Agent Can Access File Upload API to Exfiltrate Documents Security researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about.
CU InfoSecurity
Unknown date
Security
Lumen has blocked over 550 command and control servers associated with the Kimwolf and Aisuru botnets since October; this highlights ongoing cyber threats that credit unions need to be vigilant about.
Lumen Spotted More Than 500 Command and Control Servers Since October A major U.S. internet service provider said it's blocked incoming traffic to more than 550 command and control servers botnets identified over the past four months that administer the Kimwolf and Aisuru botnets.