Ransomware DataBreachToday.com

Medicare 2025 Pay Rule for Physicians Hints of Possible New Cyber Expectations
Federal regulators are again signaling that stronger cybersecurity practices could be tied to financial incentives for doctor offices that participate in Medicare. The regulatory lever may be the Centers for Medicare and Medicaid Services Merit-based Incentive Payment System.

Russian Threats Aim to Disrupt Nationwide Voting as Americans Flock to the Polls
U.S. intelligence agencies warned that Russian interference efforts are escalating on Election Day as millions of Americans cast their ballots nationwide. The Cybersecurity and Infrastructure Security Agency said it was not tracking significant threats to the vote.

CEO Rod Schultz Aims to Bridge External, Internal Data Challenges, Eyes CISO Bonds
New Bolster CEO Rod Schultz shares his priorities in combating AI-based fraud, underscoring the potential of internal data security solutions. Schultz sees Bolster’s established brand protection tools as a foundation for addressing broader enterprise data security needs and better engaging CISOs.

French Ministry Says Talks Are Ongoing to Acquire Cybersecurity Unit
French IT consultancy Atos on Tuesday announced the sale of a power grid consulting and engineering services unit days after some French lawmakers pushed for nationalizing the beleaguered company. The French government considers the company strategically important.

Proof of Concepts Available for Cylon Aspect Energy Management Software
Vulnerabilities in a smart building energy management system including an easily exploitable, two-year-old flaw that hasn't been widely patched could let hackers take over instances misconfigured to allow internet exposure. The flaws affect Cylon Aspect software from electrical engineering firm ABB.

US Cyber Defense Agency Dismisses Claims of Fraud and Assures Secure Election Day
The director of the Cybersecurity and Infrastructure Security Agency said Monday the agency has not seen any evidence of material threats that could sway the nationwide results, despite escalating claims of fraud from the Republican presidential nominee.

Regulator Tells Regulators to Enhance Third-Party Service Security
British financial institutions must ensure by this spring that they could reasonably weather a third party tech outage on the scale of July's global meltdown of 8.5 million computers triggered by a faulty update from cybersecurity firm CrowdStrike.

Nov. 7 Summit to Confront the Next Generation of Financial Cyber Risks
ISMG’s 2024 Financial Services Cybersecurity Summit kicks off Thursday in New York City, bringing together industry leaders and cyber experts to explore critical defense strategies, including digital identity protection, SecOps transformation and realistic threat simulations.

Incident Responders Say Disruptions Help, See No Spike in Median Ransom Payments
For anyone dreaming of law enforcement agencies arresting ransomware bigwigs, or intelligence agencies taking them out with drone strikes, keep on hoping. But here's good news: ransom payments haven't skyrocketed, as disruptions by law enforcement appear to be having an impact.

Mozilla Researcher Uses Non-Natural Language to Jailbreak GPT-4o
Anyone can jailbreak GPT-4o's security guardrails with hexadecimal encoding and emojis. A Mozilla researcher demonstrated the jailbreaking technique, tricking OpenAI's latest model into generating python exploits and malicious SQL injection tools.

CIO Alex Gallo on Balancing Digital Change, Security and Continuous Learning
Alex Gallo, CyberEdBoard member and CIO, shared how he drives secure digital transformation by balancing AI integration with cybersecurity, fostering a security-first culture, and emphasizing continuous learning across his teams and the organization’s leadership.

Plastic Surgeon Paid $53K Ransom But Says ‘the Real Criminal’ Is HHS
Dr. James Breit recalled the day a hacker locked up his systems with ransomware at his plastic surgery practice. He paid $53,000 in ransom. Nearly, seven years later, after paying a $500,000 HIPAA fine, Breit claims he got better treatment from the cybercriminals than he did federal regulators.

Yakabod Deal to Strengthen Everfox's Insider Risk, Cyber Incident Response Platform
With its acquisition of Yakabod, Everfox expands capabilities in insider risk and cyber incident management. The move promises stronger integration and greater control over security workflows, benefiting public sector and critical infrastructure clients who operate in highly regulated environments.

Hackers Using Password Spraying to Steal User Microsoft Account Credentials
Multiple Chinese hacking groups are using a botnet named for a TCP routing port number to conduct password spraying attacks, warned Microsoft Thursday. The Quad7 operators are almost certainly located in China. Botnet activity can be difficult to monitor.

New Funding to Aid US Government Growth, Generative AI Security Product Development
Zenity has closed a $38 million Series B round to advance its agentic AI security platform and extend its no-code and low-code application support. With investment from Third Point Ventures and DTCP, the funding enables Zenity to cater to clients in sectors like financial services and healthcare.

Lazarus Group in Particular Using Cross-Platform Languages to Hit macOS Targets
Cryptocurrency-seeking hackers are increasingly targeting macOS users. So warn security researchers as they track a rise in macOS backdoors and information-stealing malware, much of which traces back to a well-known cryptocurrency heist culprit: North Korea.

Volt Typhoon, APT31 and APT41 Tied to Campaigns Targeting Sophos' Edge Devices
Firewall maker Sophos disclosed Thursday a half-decade worth of efforts by multiple nation-state Chinese hacking groups to infiltrate its appliances, calling the admission a wake-up call for the cybersecurity industry. Targeting firewall appliances is a known nation-state tactic.

Also: Breaches at OnePoint Patient Care and French ISP Free
This week: S&P said poor material vulnerability remediaton can be a material risk factor, OnePoint in the United States and French ISP Free suffered data breaches, a Russian court sentenced REvil members, Five Eyes published security guidelines for small businesses.

Understanding the Impact of Security on the Business Makes You More Effective
With cybersecurity now embedded across all industries and functions, the importance of aligning security measures with business objectives has never been greater. Here’s why being business savvy is crucial in cybersecurity - and how you can cultivate it to become a more effective professional.

New Compliance Tool Say Many AI Firms Fail to Meet Security, Fairness Standards
Large language models developed by Meta and Mistral AI are among a dozen artificial intelligence models that fail to meet the cybersecurity and fairness requirements of the European Union AI Act, which went into effect on Aug. 1, said developers of a new open-source AI evaluation tool.