DataBreachToday.com

CRQ Can Help Organizations Optimize Investment, Improve Resilience, Manage Threats
When executives fully understand the potential impact and cost of cyberthreats, they can better assign the necessary resources to combat them. Learn about how Verizon's CRQ can help to improve an organization's cybersecurity investments and resilience.

Tennessee-Based Specialty Networks Incident Is Latest Attack on Business Associates
A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.

Sprague Replaces Veteran CEO, Plans to Double Down on PTaaS and AI Red Teaming
HackerOne has tapped F5's longtime product leader as its next chief executive to continue expanding its portfolio beyond operating vulnerability disclosure programs. The firm tasked Kara Sprague with building on existing growth in areas including AI red teaming and penetration testing as a service.

Director Hails New Guidance as 'First Step' in Resolving BGP Security Risks
Harry Coker, director of the Office of the National Cyber Director, described new guidance published Tuesday that aims to bolster internet routing security as a critical "first step" in addressing long-standing security issues that threaten the backbone of global communications.

Agency Publishes Notice Soliciting Comments on Potential Federal Response
An artificial intelligence-fueled growth in data center construction has the federal government asking what it should do to help manage data security risks. The NTIA is interested in identifying opportunities "to improve data centers’ market development, supply chain resilience, and data security."

CISA 'Committing More Resources Than Ever Before' to Election Infrastructure
The Cybersecurity and Infrastructure Security Agency told Information Security Media Group it is in the process of carrying out its most expansive national effort to secure election infrastructure across the country ahead of the upcoming November election.

Supreme Court Panel Upholds Ban, After X Failed to Appoint a Legal Representative
Brazil has begun blocking domestic access to social platform X - including criminalizing access by Brazilians who might use a VPN - after the company failed to comply with court orders tied to combating disinformation campaigns, and a law requiring it has a legal representative in the country.

Cryptocurrency Users Targeted in Latest Campaign Involving FudModule Rootkit
A hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.

Bill Is Similar to Senate Proposals, But Will Congress Take Action Before Election?
A bipartisan House bill aims to bolster cybersecurity in the healthcare sector by requiring stronger collaboration between CISA and the Department of Health and Human Services. The bill is a companion to nearly identical bipartisan legislation introduced in the Senate in July.

Cloud-Based Security Camera Firm Pledges Better Security in US FTC Settlement
A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women's health clinics.

Feds Count Over 200 Known US Victims of Ransomware Group That Launched in February
Beware a surge in attacks tied to a ransomware group called RansomHub that's recruited affiliates from down-or-out operations LockBit and BlackCat and successfully crypto-locked systems at more than 200 organizations nationwide, including critical infrastructure, the U.S. government warned.

Growth, Profitability and Stock Price Woes Have Dell Primed to Cash Out Its Chips
Majority owner Dell is exploring a possible sale of Atlanta-based cybersecurity services vendor Secureworks, tapping investment bankers at Morgan Stanley and Piper Sandler to gauge takeover interest from potential acquirers, which include private equity firms, Reuters reported Thursday.

Also: UN Convention Against Cybercrime Efforts; Serving SMBs' Cybersecurity Needs
In the latest weekly update, Information Security Media Group editors discussed how CrowdStrike's competitors are responding to its outage, why security vendors want to serve the unique needs of SMB organizations and the status of U.N. efforts to develop a treaty designed to combat cybercrime.

Telegram Messages Hard to Encrypt But CEO Faces Charges for Noncompliant Cryptology
The arrest and indictment of Telegram CEO Pavel Durov is sparking concerns about the viability of encrypted communications in France. The Paris Prosecutor's Office indicted Durov, the 39-year-old Russian-born owner of Telegram on Wednesday, after arresting him Saturday night.

The AI Safety Institute Will Evaluate Safety and Suggest Improvements
AI companies OpenAI and Anthropic made a deal with a U.S. federal body to provide early access to major models for safety evaluations. The agreements are "are an important milestone as we work to help responsibly steward the future of AI," said U.S. AI Safety Institute Director Elizabeth Kelly.

Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle Sam
This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.