Ransomware DataBreachToday.com

CISA Publishes Anatomy of Advanced Ivanti VPN Malware
Hackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware "contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler."

Customer Credentials Possibly Compromised at EHR Vendor Acquired by Oracle in 2022
Oracle is dealing with a hacking incident involving legacy patient data of Cerner electronic health record customers. Oracle, which acquired Cerner in 2022, is reportedly telling clients the hack involved compromised credentials for systems scheduled to migrate to the cloud.

Hackers Claim on BreachForums to Have Stolen 'Highly Sensitive' Data
Israeli cybersecurity firm Check Point rejected Monday a hacker's assertion that he stole "highly sensitive" information offered for sale on an online marketplace for illicit data. The incident "doesn't pose any risk or have any security implications to our customers or employees."

New Turing Institute Report Urges Government to Create AI Crime Task Force
British law enforcement agencies are ill-equipped to tackle artificial intelligence-enabled cybercrime, a report by The Alan Turing Institute says, pointing to an "enormous gap" between police technical capabilities and the growing sophistication of threat actors.

Palo Alto Networks CTO Nir Zuk predicts Google's security push through its $32 billion buy of Wiz won't succeed, as customers are reluctant to buy multi-cloud tools from cloud vendors. Zuk details how adversaries use LLMs at scale and how Palo Alto is unifying SOC tools under its Cortex platform.

Incident Spotted in March 2024 Is Yet Another Attack Against Medical Billing Firms
A Nebraska-based firm that provides revenue cycle management and billing services to healthcare firms is notifying tens of thousands of people and an undisclosed number of companies that their personal, health and financial information was compromised in a March 2024 hack.

Also: Rapid7's Boardroom Shake-Up, China's Shift Tactical Cyber Shift
In this week's update, ISMG editors unpacked stealth vs. spectacle in ransomware attacks, Rapid7’s boardroom shake-up led by activist investors, and China's shift from cyber espionage to infrastructure sabotage - driving key shifts in global cybersecurity strategy and resilience.

Jason Costain on Ways Traditional and Digital Banks Could Learn from Each Other
Digital-only banks promise speed and sleek digital experiences but are not the best places to handle scam victims. Without branches to visit, victims find themselves stuck in a loop of chatbots, said Jason Costain, former head of fraud analytics and threat management at NatWest Group.

Private Details of Top Trump Officials Found Online Amid Growing Security Scandal
Private contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members’ private accounts and communications.

Startup Hits $4.8B Valuation After Series E as It Disrupts VDI, Web Filtering Tools
Island’s enterprise browser platform is gaining traction as a replacement for SASE and legacy VDI and web filtering tools. Backed by $250 million in Series E funding, the startup plans to scale up globally and enhance R&D to support secure, simplified digital work environments.

Max Payout for Bug Bounty Program Up From $20,000 to $100,000
OpenAI announced a cybersecurity initiative that aims to improve the resilience of its artificial intelligence systems by rewarding the discovery of critical vulnerabilities and improving threat mitigation. OpenAI raised the maximum payout for its bug bounty program from $20,000 to $100,000.

State and Local Election Offices Face Growing Cyber Threat Amid Federal Budget Cuts
Top-ranking current and former security officials warned Thursday that President Donald Trump's budget cuts to the Cybersecurity and Infrastructure Security Agency and other election security efforts have left U.S. election infrastructure vulnerable to escalating cyber threats.

Outdated Systems Putting AI Adoption in the Public Sector at Risk, Report Says
Outdated IT systems and poor data-sharing practices between public offices could undermine the U.K. government's plans to deploy artificial intelligence capabilities to increase public sector efficiencies, a parliamentary committee said.

NAB's Anthony Hope on How Banks Are Preparing for the March 2026 Deadline
Australia's anti-money laundering and counter-terrorism financing legislation is undergoing its first major revision since 2006. Anthony Hope, group head of AML, CTF and fraud risk at NAB, explains what this "generational change" means for financial institutions.

Dennis Giese on Reverse Engineering, Flawed Authentication, Poor Threat Modeling
IoT security flaws expose users and businesses to serious risks. Weak authentication methods allow attackers to manipulate devices, leading to data breaches and privacy violations. Reverse engineering highlights these weaknesses, said Dennis Giese, IoT security and privacy researcher.

Newcomer VanHelsing and a Supposedly Revitalized LockBit Enter Victim-Hunting Fray
While the vast majority of ransomware attacks lately trace to relatively long-running groups, researchers see new operators entering the fray, lately including a ransomware-as-a-service group calling itself VanHelsing, as well as a fresh version of LockBit.

Also: The Treasury Department Lifts Tornado Cash Sanctions
This week, Abracadabra hack, updates on Tornado Cash and Bybit, $7M scam money recovery, man faces prison for stabbing crypto CEO, movie director charged for swindle, Ripple-SEC case wrap-up, Grinex is the new Garantex, Gotbit plea deal, Coinbase in supply chain hack and Binance insider risk threat.

Takeaways From CS4CA USA: OT Security Must Bridge IT, Operations Gap
At the CS4CA USA Summit in Houston this week, the common refrain heard from practitioners was protecting the demands of industrial environments more than traditional IT know-how. It requires a hybrid expertise, one that speaks both the language of data packets and programmable logic controllers.

While recent draft guidance from the Food and Drug Administration on artificial intelligence-enabled medical devices is non-binding, the document signals that the agency is intensifying its regulatory scrutiny of these technologies, said Dr. Scott Schell of IT consulting firm Cognizant.

Highly Targeted Ransomware Hit Traced to Long-Running Cyberespionage Group
A stealthy group of mercenary hackers active since 2018 appears to have diversified into hitting hypervisors with ransomware via highly targeted attacks. Researchers said they tracked the hit to a corporate espionage team tracked as RedCurl.