DataBreachToday.com

Hotel Chain Also Settles with Federal Trade Commission
The world's largest hotel chain agreed Wednesday to pay $52 million and agree to two decades of third-party monitoring of its cybersecurity program to settle a rash of data breaches affecting millions of guests. The multi-million payout is part of a settlement reached with 50 U.S. attorneys general.

Cyber Bill Says the Government Can't Use Information to Prosecute Victims
Ransom payments are typically tightly held secrets between cybercriminals and their victims, but the Australian government has introduced a cybersecurity bill in Parliament that would require larger businesses to report ransom payments to the government.

Attackers Use ASCII Characters to Create Tough-to-Spot QR Codes, Barracuda Warns
Attackers are moving beyond using QR code images added to phishing emails to trick victims into visiting malicious sites, and using ASCII "full block" characters to build working QR codes designed to evade optical character recognition defenses, warns cybersecurity firm Barracuda Networks.

Stephen Doughty Says Cybersecurity Vital to National And Economic Security
The British government will continue disruptive actions against ransomware and malware operators, a top U.K. government official vowed Wednesday. Stephen Doughty, Minister of State, said the recently elected U.K. government views security as a core pillar of economic and strategic growth.

Crime Syndicates Too Powerful for Regional Governments to Police, UN Report Warns
Cybercrime syndicates across Southeast Asia have teamed up with human traffickers, money launderers and cryptocurrency services to build an increasingly effective cybercrime ecosystem that can survive law enforcement crackdowns, according to a new United Nations report.

Russia, Iran and China Investing in Cyber Ops, Warns MI5 Director Ken McCallum
Nation-state actors are investing aggressively in advanced cyber operations to target government information and technology in a bid to sow "mayhem on British and European streets," warned a top British intelligence official. Russia, Iran and China are using proxies and hacking agencies.

Kivera Integrates Controls Into Cloudflare One to Prevent Cloud Misconfigurations
With the acquisition of New York-based startup Kivera, Cloudflare will enhance its Cloudflare One platform, adding proactive controls that secure cloud environments, prevent misconfigurations and improve regulatory compliance for businesses using multiple cloud providers.

Russian Nationals, Agencies Engaged in Cyberattacks, Misinformation to be Targeted
The European Council on Tuesday introduced a new sanctions framework to target Russian nationals and organizations engaged in malicious cyber activities such as election misinformation and disruptive cyberattacks. It seeks to address activities such as influence operations and hacking.

Healthcare organizations should rethink some of their approach to security, enhancing focus on insider threats, improving cyber awareness training and securing mobile applications and devices, said Ryan Witt, vice president of industry solutions at Proofpoint, discussing findings of a new study.

Parties Vow to Continue Negotiations
Time ran out for a non-binding takeover bid from the French government for the cybersecurity business of beleaguered Parisian IT consultancy Atos. Among the world's largest managed security service providers, the financially struggling firm is strategically important to the French government.

DHS Says Adversaries May Stoke Voter Fraud Fears Long After Election Day
The latest Homeland Security threat assessment lists this year’s election cycle as a top concern for 2025 and a potential trigger for domestic terrorism. The agency says foreign adversaries and violent extremists may take advantage of the outcome to further sow discord in the United States.

Settlement Addresses Claims of False Revenue Forecasts, Investor Misrepresentation
IronNet and several former executives agreed to a $6.6 million settlement, ending a class action lawsuit accusing the company of misleading investors with inflated revenue projections. The settlement aims to provide relief for investors misled by allegedly inaccurate revenue projections.

Mark Sokolovsky Admits to Felony Conspiracy Charge in US Federal Court
A Ukrainian national pleaded guilty Monday in U.S. federal court to one count of conspiracy to commit computer intrusion in connection with his role in the Raccoon malware-as-a-service info stealer criminal operation. Dutch authorities extradited him in February after arresting him in March 2022.

Verizon, AT&T and Lumen's Systems for Lawful Broadband Wiretaps Reportedly Breached
The U.S. government is reportedly probing suspected national security breaches tied to Chinese nation-state hackers infiltrating broadband providers' infrastructure used to comply with court-authorized "lawful intercept" wiretaps of subscribers' networking traffic.

Common Cloud Assumptions and Takeaways for Healthcare Organizations
As healthcare providers migrate their infrastructure and services to the cloud, they gain benefits such as increased flexibility, scalability and optimized patient data access and sharing. But misconceptions about cloud security are jeopardizing the security of electronic patient health information.

European Court of Justice Says Meta May Not Indefinitely Retain User Data
Targeted advertising may face additional restrictions following a ruling by the top European Union court that social media giant Meta cannot indefinitely retain user data. Nor can it use data for advertising "without distinction as to type of data," the European Court of Justice said Friday.