DataBreachToday.com

Ransomware Group Lynx Reportedly Stole 4TB of Data
The U.K. Ministry of Defense is investigating an apparent data breach by Russian-speaking ransomware hackers of a building facilities contractor with ties to the military. The Lynx ransomware group posted on its darkweb site samples of what it says is 4 terabytes of data stolen from the Dodd Group.

IT Systems, Radiology Services Taken Offline; Ambulance Patients Diverted
A North Central Massachusetts nonprofit healthcare system with two community hospitals, a medical group and several other care facilities has taken its IT network offline and is diverting ambulance patients as it continues to respond to a cyberattack that hit last week.

Attack Began With Citrix NetScaler Gateway Compromise, Darktrace Said
The Chinese cyberespionage hackers commonly tracked as Salt Typhoon haven't stopped their campaign against global telecoms, says managed threat detection firm Darktrace. The group has made telecoms and other digital infrastructure a primary target.

NSO Group Blocked From WhatsApp and Must Destroy Code Used to Hack 1,400 Devices
A federal judge issued a permanent injunction barring NSO Group from using or retaining its WhatsApp spyware exploit, citing national security risks and business harm after the manufacturer's tools compromised 1,400 devices - some allegedly linked to journalists and officials.

Chaos Theory and Ransomware's Love Child Serves Up Nonstop Unpredictability
All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.

Among pressing issues facing healthcare providers and health IT vendors is how artificial intelligence enabled tools such as AI assistants might further facilitate patients' access to records as well as the transmission of records themselves, said attorney Alisa Chestler of law firm Baker Donelson.

Breach Notification Service Details Peer-to-Peer Lending Marketplace Victim Count
Hackers appear to have stolen personal information pertaining to more than 17 million individuals from peer-to-peer lending marketplace Prosper, including Social Security numbers, contact information and some income and financial details, says the Have I Been Pwned breach notification service.

Attacks Move From China to Malaysia Using Phishing PDFs
Seemingly unrelated attacks targeting Chinese-speakers throughout the Asia-Pacific region with a remote access trojan trace back to the same threat actor, says researchers. Hackers' most likely motivation is regional intelligence collection.

Concerns Grow Over F5 Hacking Amid Stalled Government Shutdown
Federal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching.

Also: Continued Turmoil at CISA, MSSP Level Blue's Acquisition of Cybereason
In this week's panel, four ISMG editors discussed the FBI's takedown of Scattered Lapsus$ Hunters, turmoil inside CISA amid the U.S. federal government shutdown and how LevelBlue's acquisition of Cybereason signals big shifts in the XDR and MDR markets.

Swalwell: Sweeping CISA Cuts Leave Nation Vulnerable to Major Cyberattacks
A top Democratic lawmaker is demanding transparency and calling for the immediate reversal of major workforce cuts at the Cybersecurity and Infrastructure Security Agency, which is only operating with 35% of its total staff amid the ongoing government shutdown and resulting reductions-in-force.

2022 Ransomware Attack, Data Theft Affected 3.4 Million Patients
A California-based network of nine affiliated physician practices will pay nearly $50 million to settle consolidated class action litigation involving a 2022 ransomware and data theft attack that affected more than 3.4 million patients. Plaintiffs claimed their data was leaked on the darkweb.

Also, Internet-Exposed Call Center Software Under Attack and Patch Tuesday
This week: Chinese hackers exploited ArcGIS, Internet-exposed call center software under attack, October patch Tuesday, Massachusetts student sentenced for $3 million extortion hack, New York fined eight insurers $14.2M over data breaches, more than 100 VS Code extensions leak secrets.

Synthetic Identities for Superprime Borrowers Generate 3 Times Higher Fraud Losses
Auto lenders operate on a simple principle - the higher a borrower's credit score, the lower the risk. But new data from TransUnion reveals a troubling contradiction: Superprime borrowers with a credit score higher than 720 are generating three times more fraud losses than subprime borrowers.

Critical Infrastructure on the Digital Front Lines
Rural America is a long way from Taiwan. But cyber power is no respecter of geography. Should China make good on its repeated threats to reunify the island by force, the utilities that provide water and power to small towns all over the United States may find themselves on the digital front lines of a 21st century superpower war.

ISMG's Sean Mack on Aligning Strategy and Culture for Long-Term Risk Reduction
Cybercrime is accelerating while budgets stay flat. To keep pace, organizations must treat security as a strategic enabler - not an afterthought. Sean Mack of ISMG's CXO Advisory Practice outlines how aligning business goals, shifting left, and building a security culture drive better outcomes.

Also: Trader Loses $21M on Hyperliquid, Fund for Tornado Cash Dev Defense
This week, "Bitcoin Jesus" paid $50M to settle tax charges, a trader lost $21M on Hyperliquid, Ethereum Foundation and Keyring launched fund for Tornado Cash developers, India probing Binance traders, hackers' $32.5M record dump and New York City launched first mayoral blockchain office.

State, Criminal Hackers Use Blockchain Technique to Evade Takedowns
Google's Threat Intelligence Group found hacking groups like North Korea's UNC5342 and criminal group UNC5142 using a public blockchain technique called EtherHiding to distribute malware. The method makes attacks tougher to trace, block or dismantle.