DataBreachToday.com

Researcher Lennert Wouters on Benefits of Device Hacking Contests, Collaboration
Lennert Wouters, a researcher at KU Leuven University in Belgium, has spent the past eight years studying embedded security, analyzing the vulnerabilities of everyday devices and commercial products. He shares his greatest hacks and insights on hardware security industry trends.

Crimenetwork Served as a Platform for Illegal Goods and Services
German police arrested the suspected administrator of the largest German-speaking underground markets for illegal goods and services. Crimenetwork, online since 2012, was used to sell stolen data, drugs and forged documents. The platform had more than 100,000 users and 100 sellers.

Gravy Analytics and Mobilewalla Ordered to Implement Stronger Consent Measures
Two data brokers pledged to stop using geolocation data gleaned from smartphones to sell services that provide a window to the intimate lives of Americans. "Surreptitious surveillance by data brokers undermines our civil liberties," an U.S. Federal Trade Commission official said.

Platform Used for Drugs, Arms Trafficking and Money Laundering
French and Dutch police led the takedown of an encrypted messaging platform used in international drug and arms trafficking. Dutch police discovered the app, named Matrix, on the phone of a criminal convicted in 2021 of murdering a journalist.

Platform Used for Drugs, Arms trafficking, and Money Laundering
French and Dutch police led the takedown of an encrypted messaging platform used in international drug and arms trafficking. Dutch police discovered the app, named Matrix, on the phone of a criminal convicted in 2021 of murdering a journalist.

Flaws in Fuji's Tellus and V-Server Software Pose Risks to Critical Infrastructure
Security researchers have uncovered 16 zero-day vulnerabilities in Japanese equipment manufacturer Fuji Electric's Tellus and V-Server remote monitoring software that enable attackers to execute malicious code in devices commonly used by utilities and other critical infrastructure providers.

Buy of Washington D.C.-Area Firm Adds Reverse Engineering, Data Analytics Expertise
Sixgen will enhance its cybersecurity operations through the purchase of Washington D.C.-area Kyrus. The move introduces reverse engineering and analytics expertise to Sixgen's portfolio, aligning with its mission to protect critical infrastructure and bolster American cyber defense capabilities.

Russian Threat Actor Delivers NetSupport RAT, BurnsRAT via Fake Requests
A malware campaign targeting Russian retailers and service businesses aims to deploy remote access tools and install infostealer malware. Kaspersky dubbed the campaign "Horns&Hooves," after a fake organization set up by fraudsters in the 1931 Soviet satirical novel "The Little Golden Calf."

Authored by: Matt Kunkel, CEO, LogicGate
The Consumer Financial Protection Bureau (CFPB) recently finalized a set of rules that would bring a similar level of convenience to the financial world. These changes to Section 1033 of the Dodd-Frank Act make it significantly easier for customers to retain access to their financial history no matter which bank they transact with. For banks, that means it’s critical to ensure that the right data is being collected, and that it can be easily integrated with external systems.

Provision Emphasizes Existing Medicare Regs for Equitable Access to Health Services
The Centers for Medicare and Medicaid Services has issued proposed "guardrails" to help ensure that the use of artificial intelligence for Medicare Advantage insurance plans does not result in inequitable access to healthcare-related services. The proposed rule will go into effect in 2026.

Experts Warn China's Tech Rise Could Reshape Global Cybersecurity and Warfare
China has surged past the United States in critical technology research, according to a recent report published by the Australian Strategic Policy Institute. Experts warn the shift could have profound global implications, including risks to U.S. cybersecurity, innovation and global leadership.

Provision Emphasizes Existing Medicare Regs for Equitable Access to Health Services
The Centers for Medicare and Medicaid Services has issued proposed "guard rails" to help ensure that the use of artificial intelligence for Medicare Advantage insurance plans does not result in inequitable access to healthcare-related services. The proposed rule will go into effect in 2026.

Threat Actor Uses the Trojan as an Infostealer
A threat actor is targeting Taiwanese companies using phishing emails and long-standing vulnerabilities to deliver SmokeLoader malware. The threat actor uses plugins for the infamous malware to directly attack systems rather than using SmokeLoader, as its name suggests, as a loader for other malware.

Experts Warn China's Tech Rise Could Reshape Global Cybersecurity and Warfare
China has surged past the United States in critical technology research, according to a recent report published by the Australian Strategic Policy Institute, as experts warn the shift could have profound global implications, including risks to U.S. cybersecurity, innovation and global leadership.

Firm Focuses on Runtime Context, AI Enhancements to Counter Evolving Cloud Threats
With $100 million in Series A funding, Upwind plans to enhance its runtime and AI-powered cloud security platform. CEO Amiram Shachar outlines the company's investments in engineering, customer engagement and scaling solutions to address vulnerabilities such as misconfigurations and insecure APIs.

Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say
Cybersecurity researchers have discovered the first-ever UEFI bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The "Bootkitty" malware, first uploaded to VirusTotal this month, appears to be more "proof of concept" than full-fledged threat, they said.

Suspected LockBit, Babuk Operator Mikhail Matveev Arrested in Russia
A prolific ransomware affiliate hacker and developer is facing criminal charges in Russia, Kremlin media reported Friday. Mikhail Pavlovich Matveev has been wanted by U.S. authorities since 2023 for his role in hacking activities as part of ransomware groups including LockBit, Hive and Babuk.

Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say
Cybersecurity researchers have discovered the first-ever UEFI bootkit designed to target Linux systems and subvert their boot process for malicious purposes. The "Bootkitty" malware, first uploaded to VirusTotal this month, appears to be more "proof of concept" than full-fledged threat, they said.

European Commission Opens Infringement Procedures Against 23 EU Member States
The European Commission on Thursday opened infringement procedures against 23 EU member states that missed a mid-October deadline for implementing the NIS2 Directive, as well 24 EU members that missed a Critical Entities Resilience Directive deadline.

Researchers Discover 20 Critical Flaws Attackers Could Exploit in a Variety of Ways
Researchers identified 20 critical vulnerabilities in a type of Advantech industrial-grade wireless access points that is widely deployed across critical infrastructure environments. Attackers could exploit the flaws to remotely executive code and create denials of service.