DataBreachToday.com

Director Hails New Guidance as 'First Step' in Resolving BGP Security Risks
Harry Coker, director of the Office of the National Cyber Director, described new guidance published Tuesday that aims to bolster internet routing security as a critical "first step" in addressing long-standing security issues that threaten the backbone of global communications.

Agency Publishes Notice Soliciting Comments on Potential Federal Response
An artificial intelligence-fueled growth in data center construction has the federal government asking what it should do to help manage data security risks. The NTIA is interested in identifying opportunities "to improve data centers’ market development, supply chain resilience, and data security."

CISA 'Committing More Resources Than Ever Before' to Election Infrastructure
The Cybersecurity and Infrastructure Security Agency told Information Security Media Group it is in the process of carrying out its most expansive national effort to secure election infrastructure across the country ahead of the upcoming November election.

Supreme Court Panel Upholds Ban, After X Failed to Appoint a Legal Representative
Brazil has begun blocking domestic access to social platform X - including criminalizing access by Brazilians who might use a VPN - after the company failed to comply with court orders tied to combating disinformation campaigns, and a law requiring it has a legal representative in the country.

Cryptocurrency Users Targeted in Latest Campaign Involving FudModule Rootkit
A hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.

Bill Is Similar to Senate Proposals, But Will Congress Take Action Before Election?
A bipartisan House bill aims to bolster cybersecurity in the healthcare sector by requiring stronger collaboration between CISA and the Department of Health and Human Services. The bill is a companion to nearly identical bipartisan legislation introduced in the Senate in July.

Cloud-Based Security Camera Firm Pledges Better Security in US FTC Settlement
A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women's health clinics.

Feds Count Over 200 Known US Victims of Ransomware Group That Launched in February
Beware a surge in attacks tied to a ransomware group called RansomHub that's recruited affiliates from down-or-out operations LockBit and BlackCat and successfully crypto-locked systems at more than 200 organizations nationwide, including critical infrastructure, the U.S. government warned.

Growth, Profitability and Stock Price Woes Have Dell Primed to Cash Out Its Chips
Majority owner Dell is exploring a possible sale of Atlanta-based cybersecurity services vendor Secureworks, tapping investment bankers at Morgan Stanley and Piper Sandler to gauge takeover interest from potential acquirers, which include private equity firms, Reuters reported Thursday.

Also: UN Convention Against Cybercrime Efforts; Serving SMBs' Cybersecurity Needs
In the latest weekly update, Information Security Media Group editors discussed how CrowdStrike's competitors are responding to its outage, why security vendors want to serve the unique needs of SMB organizations and the status of U.N. efforts to develop a treaty designed to combat cybercrime.

Telegram Messages Hard to Encrypt But CEO Faces Charges for Noncompliant Cryptology
The arrest and indictment of Telegram CEO Pavel Durov is sparking concerns about the viability of encrypted communications in France. The Paris Prosecutor's Office indicted Durov, the 39-year-old Russian-born owner of Telegram on Wednesday, after arresting him Saturday night.

The AI Safety Institute Will Evaluate Safety and Suggest Improvements
AI companies OpenAI and Anthropic made a deal with a U.S. federal body to provide early access to major models for safety evaluations. The agreements are "are an important milestone as we work to help responsibly steward the future of AI," said U.S. AI Safety Institute Director Elizabeth Kelly.

Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle Sam
This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.

Cybercriminal Group Claims to Have Published 100 Gigabytes of Agency's Stolen Data
Two months after RansomHub claimed to have published 100GBs of its stolen data on the dark web, the Florida Department of Health is notifying citizens that their sensitive information has been compromised. The attack affected the vital statistics system used to issue birth and death certificates.

Compliance Expert on Readiness, Compliance and Rapid Incident Reporting
The NIS2 Directive focuses on addressing gaps and strengthening the security of network and information systems across the European Union. NIS2 mandates rapid incident reporting and holds senior management accountable for cybersecurity, shifting responsibilities to the board level.

Proposed Legislation Divides Tech World, AI Experts, Lawmakers
California state lawmakers on Wednesday handed off a bill establishing first-in-the-nation safety standards for advanced artificial intelligence models to their Senate counterparts after weathering opposition from the tech industry and high-profile Democratic politicians.

CEO George Kurtz on New Recovery Techniques and Controls Implemented Post-Incident
CEO George Kurtz said CrowdStrike has blunted the business impact from the massive July 19 outage and is implementing changes to prevent a repeat occurrence. CrowdStrike is boosting the resilience of its Falcon platform through improved content visibility and control and enhanced quality assurance.

Over 1.2 Million Patients' Sensitive Data Exposed So Far This Year
Some dentists don't have much to smile about these days when it comes to cyberattacks. More than 1.2 million of their patients have had their sensitive data compromised in at least two dozen hacks and other breaches so far in 2024, including several incidents reported in the past month.