Ransomware DataBreachToday.com

Exploitation Requires Victim to Print On Rogue Printer
Attackers can exploit a series of vulnerabilities in the OpenPrinting Common Unix Printing System utility to remotely execute arbitrary code on certain machines. Major Linux distributions reacted Friday by releasing patches. Exploitation requires a victim to attempt to print from a malicious device.

Fine Is For 2019 Disclosure That Meta Stored User Passwords In Plaintext
The Irish data regulator fined social media giant Meta 91 million euros after an investigation found the company insecurely stored passwords of millions of European Facebook and Instagram users. A Meta spokesperson said the company identified the problem in 2019 and took "immediate action."

Google Says Rust Language Initiative Eliminates Cross-Site Scripting, Other Flaws
Google says switching to a memory-safe language such as Rust under its Safe Coding program has helped significantly reduce the number of vulnerabilities in Android systems. The number of vulnerabilities uncovered in Android devices has fallen from over 200 in 2019 to fewer than 50 by 2024.

Also: Ransomware Surged in 2023, MoneyGram Back in Service After Cyberattack
This week, advice on spotting North Korean staff; ransomware attacks rose; MoneyGram back online; FCC fined political operative; CISA warned of water system attacks; Ukraine restricted Telegram use; North Korean hackers used new malware; U.K. arrested alleged hacker; PSNI is in data leak talks.

Draft Guidelines Call for Longer, Randomized Passwords Instead of Memorized Phrases
The National Institute of Standards and Technology is calling for longer, randomized passwords instead of memorized phrases containing combinations of upper and lowercase letters in new guidance that aims to modernize current password practices across the public and private sectors.

Featurespace's AI Expertise Will Enhance Visa's Fraud, Risk and Payments Technology
Visa has signed a definitive agreement to acquire AI-driven fraud prevention leader Featurespace. This acquisition will reinforce Visa's fraud detection capabilities, integrating advanced machine learning technology to strengthen financial crime prevention and protect global transactions.

Survey Finds 37% of Providers Take Over a Month to Recover From Ransomware
Ransomware attacks are declining across many sectors - but not in healthcare, where an ongoing surge is reaching a four-year high in incidents, according to new research from security firm Sophos, which surveyed 5,000 IT leaders across 15 sectors and 14 countries between January and February.

How Curiosity and Gamification Drive Cybersecurity Excellence
Curiosity is one of the most important traits for success in cybersecurity. Professionals in this field regularly face complex problems that require an inquisitive mind, and gamified, hands-on learning is one of the best ways to develop an inquisitive mindset.

How to Safeguard Critical Infrastructure
Neglecting network security can lead to serious consequences for organizations. Here are the essential practices for managing network security, along with real-world examples that reinforce the importance of comprehensive protection. The time to secure your network is now - before it's too late.

Meta, Apple, Mistral, Nvidia Not Among AI Pact's Signatories
More than 100 tech companies including OpenAI, Microsoft and Amazon on Wednesday made voluntary commitments to conduct trustworthy and safe development of artificial intelligence in the European Union, with a few notable exceptions, including Meta, Apple, Nvidia and Mistral.

New Estimate Is 3 Times Higher Than Number Agency Initially Publicly Disclosed
The U.S. Centers for Medicare and Medicaid Services has updated the scope of the MOVEit hacking breach last year, telling a sister agency that the software supply chain attack affected more than 3.1 million individuals - about three times the number of victims disclosed publicly earlier this month.

New Guidance Aims to Improve School Responses to ‘Scourge’ of Anonymous Threats
The Cybersecurity and Infrastructure Security Agency unveiled a new toolkit Wednesday aimed at improving school responses to anonymous threats of violence, as the agency kicked off a two-day summit focusing on school security amid increasing threats targeting school systems nationwide.

Clumio Adds Advanced Cyber Resilience, AWS Data Recovery to Commvault's Platform
Commvault aims to boost its AWS cyber resilience capabilities through the buy of Clumio. With a focus on protecting critical data stored in Amazon S3, this move will boost Commvault’s recovery efforts for hybrid cloud customers, offering near-instant data recovery and better application protection.

Millions of Customers Will Also Be Offered Monitoring of Genetic Data on Dark Web
Genetics testing firm 23andMe will offer cash payments to millions of individuals whose sensitive data was compromised in a 2023 credential stuffing incident. Under the proposed $30 million lawsuit settlement, affected customers will also be offered dark web monitoring of their genetic data.

Herjavec of 'Shark Tank' Steps Down After 21 Years in Charge, Remains Board Member
"Shark Tank" TV star and company founder Robert Herjavec is stepping down as CEO of Cyderes, making way for Simeio CEO Chris Schueler to assume the role Oct. 1. Schueler has a strong background in identity management, and Herjavec will remain involved as an investor and board member.

No Disruption to Service; Manual Operations Implemented
FBI and U.S. Department of Homeland Security officials are in Arkansas City, Kansas, to investigate a cyberattack at the city's water treatment facility. "There has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations," said the city manager.

Spy Agency Says Taiwanese Defense Ministry Is Trying to Disrupt Chinese Politics
China's Ministry of State Security has accused a Taiwanese government agency of waging cyberattacks on the mainland's digital assets across multiple organizations and running disinformation campaigns on social media to disrupt the political system and sow social discord.

Series C Funding to Fuel Generative AI Integration and AI-Powered Threat Detection
The funding will enhance generative AI technologies that streamline security operations and provide autonomous threat investigation, alongside plans for broader U.S. and European market penetration.

Lehigh Valley Health Network Will Pay 134,000 Victims of Ransomware Attack and Leak
A Pennsylvania-based healthcare system that was hacked by ransomware group BlackCat in 2023 and extorted over stolen exam photos of breast cancer patients posted to a data leak site has agreed to pay $65 million under a proposed settlement of a lawsuit affecting 134,000 patients and employees.

Attackers Could Shut Down Operations Or Cause Physical Damage
A severe vulnerability in Rockwell Automation software used to configure programmable logic controllers could allow attackers to remotely execute malicious code. The vulnerability is rated 8.8 on the CVSS v4 scale. The U.S. Cybersecurity and Infrastructure Security Agency advised immediate patching.