BankInfoSecurity.com

More States Likely To Push Similar Legal Claims Against Change Healthcare and UHG
UnitedHealth Group is facing scores of proposed class action lawsuits involving the massively disruptive cyberattack and mega data breach at its Change Healthcare IT services unit this year. But now the company faces the first in what will likely be many more lawsuits by state attorneys general.

Meta Vows to Appeal
The Irish data regulator fined social media platform Meta 251 million euros over a 2018 hack that exposed sensitive data of millions of European Facebook users, including that of children. The bug was in Facebook's "View As" feature permitting a user to see their own profile as it appears to others.

Lawmakers Urge Washington to Adapt Current Laws to Avoid Duplication
The bipartisan House Task Force on AI released a final report Tuesday urging Congress to adopt an agile, incremental approach to AI policy, avoid duplicative regulations, support AI talent pathways and ensure privacy and transparency in AI governance while addressing its growing energy demands.

Trading Bloc Includes Doppelganger Actors and GRU Unit 29155 in Sanctions List
The European Union sanctioned Russian intelligence hackers and two Kremlin officials responsible for digital disinformation campaigns in an action the European Council said marked its first ever imposition of restrictive measures against Russian actors for hybrid activities

Draft National Response Plan Offers Flexible Coordination Strategies Across Sectors
A draft update to the National Cyber Incident Response Plan aims to enhance federal coordination with both the public and private sectors to better address significant cyber incidents, establishing clear roles for federal cyber entities and emphasizing efficient threat response measures.

Malware Exploits Cybercrime Ecosystem for Profit
Hackers are using a variant of a backdoor that's the hallmark of a Chinese threat actor suspected of ties to Beijing in order to target the cybercriminal underground. The malware t "shares near-complete similarity" with the a backdoor exclusively used by the Winnti Group.

Deal With BlackBerry Integrates EDR for Hybrid XDR Platform for Midmarket Customers
Arctic Wolf is acquiring Cylance from BlackBerry for $160 million to integrate its AI-driven EDR technology into a hybrid XDR tool. The move aims to streamline cybersecurity for midmarket companies by combining services with product offerings, cutting operational complexity and boosting scalability.

An Iranian state hacking group is using custom malware to compromise IoT and OT infrastructure in Israel and the United States. An attack wave from Islamic Revolutionary Guard Corps-affiliated "CyberAv3ngers" swept up fuel management systems made by U.S.-based firm Gilbarco Veeder-Root.

IT Outage, Downtime Procedures Affecting Services at California Healthcare Provider
Cybercriminals claim they stole 17 million patient records from a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.

Also: How Leading Cybersecurity Firms Are Gearing Up for 2025
In the latest weekly update, ISMG editors discussed the shooting death of the UnitedHealthcare CEO and its wider implications for AI-driven decision-making, market strategies for the top cybersecurity companies in 2025, and how these strategies reflect industry trends.

Around 30,000 German IoT Devices Infected From Backdoored Android Applications
The German federal information security agency disrupted a botnet that infected thousands of backdoored digital picture frames and media players made with knockoff Android operating systems shipped from China. The agency identified at least 30,000 infected devices.

Possible Long-Term Attack by Unknown Hackers Thwarted
Hackers exploiting flaws in Cleo Communications software instances had intimate knowledge of their internals and deployed a previously unknown family of malware, security researchers from Huntress said Thursday. Cleo published a patch Wednesday evening.

DOJ Indicts North Korean IT Workers for Using Remote Jobs to Steal Sensitive Info
U.S. federal prosecutors indicted 14 North Koreans for a long-running IT scam generating $88 million by exploiting remote work with U.S. firms, a scheme prosecutors say is tied to DPRK-controlled companies that fund weapons programs through stolen identities, data theft and extortion.

Secret Blizzard Used Third-Party Amadey Bots to Hack Ukrainian Military Devices
A Russian state-backed hacker group used third-party data-stealing bots and possibly a backdoor used by another Russia-based threat group to infiltrate and spy on devices used by frontline Ukrainian military units, according to a report from the Microsoft threat intelligence team.

Also: Australia Fines Kraken AU$8 Million Over Breaches
This week, scammers targeted crypto workers with fake meeting apps, Australia fined Kraken crypto exchange operator Bit Trade, a Los Angeles federal court ordered five individuals to pay $5 million, Polish police detained a Russian former exchange operator and FTX debtors clawed back more cash.

Tech and Training Ideas to Help Cyber Professionals Advance Their Skills
If you're a cybersecurity professional trying to come up with ideas for your holiday wish list (or maybe you’re a loved one trying to pick out the perfect gift), look no further! Here are some top picks that will thrill any cybersecurity practitioner.

Multimodal Agentic AI Delivers Speed, Tools and Research Prototypes
Google's latest AI model can natively process and output text, images and audio in the search giant's push toward more autonomous reasoning, planning and action. The company said Gemini 2.0 is designed for applications ranging from development and gaming to research and everyday assistance.

Evidence Mounts for Chinese Hacking 'Quartermaster'
A probable Chinese nation-state threat actor compromised Visual Studio Code and Microsoft Azure cloud infrastructure to target Western technology firms for espionage, security firms Tinexta Cyber and SentinelLabs said. The companies call the campaign "Operation Digital Eye."