DataBreachToday.com

Russian Intel Hackers Flexible in Face of Detection
Russia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research.

NTLM Reflection Attack Strikes Again
A three-month old flaw in a network protocol for file sharing used by Microsoft is under active exploitation, warns the U.S. Cybersecurity and Infrastructure Security Agency. The flaw's exploitation bypasses mitigations Microsoft has built over the years to prevent NTLM reflection attacks.

Silicon Valley Startup Focuses on Discovery and Governance of Non-Human Identities
With $30.75 million in Series B funding, Defakto aims to strengthen non-human identity security across AI workloads and cloud platforms. The Silicon Valley-based startup plans to deepen discovery, governance and enterprise integrations, while expanding its go-to-market strategy.

Active Measures Teams Rapidly Springboarding From Current Events, Find Researchers
After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts.

Ransomware Group Lynx Reportedly Stole 4TB of Data
The U.K. Ministry of Defense is investigating an apparent data breach by Russian-speaking ransomware hackers of a building facilities contractor with ties to the military. The Lynx ransomware group posted on its darkweb site samples of what it says is 4 terabytes of data stolen from the Dodd Group.

IT Systems, Radiology Services Taken Offline; Ambulance Patients Diverted
A North Central Massachusetts nonprofit healthcare system with two community hospitals, a medical group and several other care facilities has taken its IT network offline and is diverting ambulance patients as it continues to respond to a cyberattack that hit last week.

Attack Began With Citrix NetScaler Gateway Compromise, Darktrace Said
The Chinese cyberespionage hackers commonly tracked as Salt Typhoon haven't stopped their campaign against global telecoms, says managed threat detection firm Darktrace. The group has made telecoms and other digital infrastructure a primary target.

NSO Group Blocked From WhatsApp and Must Destroy Code Used to Hack 1,400 Devices
A federal judge issued a permanent injunction barring NSO Group from using or retaining its WhatsApp spyware exploit, citing national security risks and business harm after the manufacturer's tools compromised 1,400 devices - some allegedly linked to journalists and officials.

Chaos Theory and Ransomware's Love Child Serves Up Nonstop Unpredictability
All is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.

Among pressing issues facing healthcare providers and health IT vendors is how artificial intelligence enabled tools such as AI assistants might further facilitate patients' access to records as well as the transmission of records themselves, said attorney Alisa Chestler of law firm Baker Donelson.

Breach Notification Service Details Peer-to-Peer Lending Marketplace Victim Count
Hackers appear to have stolen personal information pertaining to more than 17 million individuals from peer-to-peer lending marketplace Prosper, including Social Security numbers, contact information and some income and financial details, says the Have I Been Pwned breach notification service.

Attacks Move From China to Malaysia Using Phishing PDFs
Seemingly unrelated attacks targeting Chinese-speakers throughout the Asia-Pacific region with a remote access trojan trace back to the same threat actor, says researchers. Hackers' most likely motivation is regional intelligence collection.

Concerns Grow Over F5 Hacking Amid Stalled Government Shutdown
Federal officials are scrambling to contain nation-state hackers exploiting stolen source code from networking devices and software maker F5 amid staffing pressures created by the ongoing government shutdown. Stolen files reportedly include undisclosed vulnerabilities F5 had been researching.

Also: Continued Turmoil at CISA, MSSP Level Blue's Acquisition of Cybereason
In this week's panel, four ISMG editors discussed the FBI's takedown of Scattered Lapsus$ Hunters, turmoil inside CISA amid the U.S. federal government shutdown and how LevelBlue's acquisition of Cybereason signals big shifts in the XDR and MDR markets.

Swalwell: Sweeping CISA Cuts Leave Nation Vulnerable to Major Cyberattacks
A top Democratic lawmaker is demanding transparency and calling for the immediate reversal of major workforce cuts at the Cybersecurity and Infrastructure Security Agency, which is only operating with 35% of its total staff amid the ongoing government shutdown and resulting reductions-in-force.

2022 Ransomware Attack, Data Theft Affected 3.4 Million Patients
A California-based network of nine affiliated physician practices will pay nearly $50 million to settle consolidated class action litigation involving a 2022 ransomware and data theft attack that affected more than 3.4 million patients. Plaintiffs claimed their data was leaked on the darkweb.

Also, Internet-Exposed Call Center Software Under Attack and Patch Tuesday
This week: Chinese hackers exploited ArcGIS, Internet-exposed call center software under attack, October patch Tuesday, Massachusetts student sentenced for $3 million extortion hack, New York fined eight insurers $14.2M over data breaches, more than 100 VS Code extensions leak secrets.

Synthetic Identities for Superprime Borrowers Generate 3 Times Higher Fraud Losses
Auto lenders operate on a simple principle - the higher a borrower's credit score, the lower the risk. But new data from TransUnion reveals a troubling contradiction: Superprime borrowers with a credit score higher than 720 are generating three times more fraud losses than subprime borrowers.