DataBreachToday.com

Join Matthew Radcliffe & Rob Sebaugh - as we explore how to fix security gaps in privacy for healthcare organizations.

Global Tensions Are Driving Demand for Cybersecurity Jobs
Cybersecurity professionals are finding themselves on the front lines of a different kind of battlefield - one that spans global networks, targets civilian infrastructure and operates continuously across borders. Follow these steps to prepare for a career in cyber defense.

Shanghai Firm Bets on Open-Source Strategy, Efficiency Claims
Shanghai artificial intelligence startup MiniMax released a new open-source large language model, positioning it as a direct competitor to American and other Chinese models. MiniMax says its model performs competitively on benchmark tests against leading proprietary and open models.

Crime Gang Begins Leaking Stolen Freedman HealthCare Data
Cybercriminal gang World Leaks - formerly Hunters International - reportedly claims to have stolen 52.4 gigabytes of data containing 42,204 files from Massachusetts-based Freedman HealthCare, a contractor that provides data integration and analytics services to state health agencies.

Iranian Officials Call Internet Outages Intentional to Disrupt Israeli Operations
Iranian officials said widespread internet outages were deliberate and meant to disrupt covert Israeli operations within the country following days of missile attacks from Israel and a rapidly escalating regional conflict that experts warn could trigger major cyberattacks on critical infrastructure.

Deal Expands Native Email Security and Response Workflows for MDR and MSP Clients
Bitdefender’s acquisition of Irish startup Mesh adds native email protection to its XDR and MDR portfolios. Mesh’s dual-mode defense and MSP-friendly design provide deeper visibility, faster remediation and enhanced threat response across hybrid environments.

Deal Adds Live Fraud Red Teaming, Adversarial Testing to Neovera's Cyber Portfolio
Neovera has acquired Greenway Solutions, a Charlotte-based fraud red-teaming vendor serving top banks, to expand its cyber capabilities. The Washington D.C.-area services provider plans to tailor services for community banks and credit unions using automation and selective testing.

Move Raises Possibility Group Isn't Just Marketing Its Malware to Criminals
Up-and-coming ransomware group Anubis has tweaked its malware to irrevocably wipe victims' data - an unusual tactic from hackers whose typical corrupt bargain is restored data in exchange for extortion money. Why would a ransomware attacker seeking leverage in negotiations ever do this?

Hackers Posing as Help Desks and Call Centers to Target Victims, Google Warns
A hacking collective behind recent cyberattacks on major British retailers has pivoted to target U.S. insurance firms, warned Google. Scattered Spider, tracked as UNC3944 by Google, is a financially motivated threat group consisting largely of English-speaking adolescents.

Several Affected HealthEC Healthcare Clients Are Chipping in to Fund Settlement
A provider of artificial intelligence-enabled hospital cost-cutting software and several of its healthcare clients agreed to $5.48 million to settle proposed class action litigation involving a 2023 hacking incident affecting 4.6 million individuals.

JFrog uncovers multi-stage malware harvesting cloud secrets
Multi-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform.

Research Shows Next-Generation 9-1-1 Ecosystems Lack Critical Cyber Protections
A report from telecom firm Intrado warns that cybersecurity safeguards are lagging behind the rapid deployment of next-generation 911 systems, exposing the emergency ecosystem to attacks ranging from VoIP floods to ransomware amid growing reliance on cloud-based and IP-connected technologies.

Justice Officials Will Reportedly Probe the Google-Wiz Deal on Antitrust Grounds
Antitrust enforcers are reportedly pumping the brakes on Google's proposed $32 billion buy of Wiz, but it's unclear if it'll be a single speedbump or an unmovable roadblock. Officials in the Justice Department's antitrust division are assessing if the megadeal would illegally limit competition.

Microsoft Patched Flaw Allowing Attackers to Hijack Copilot Responses
A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. The zero-click prompt injection attack vulnerability received a CVSS severity score of 9.3.

Publication Tells Staff to Reset Passwords After Email Breach
Suspected Chinese state-sponsored hackers reportedly targeted the Washington Post journalists covering national security and economic policy, according to an internal memo and media reports. The publication has not disclosed the identity of the victims.

Anne Wojcicki's New Company Wins Bid for Bankrupt Genomics Testing Firm
TTAM Research Institute - 23andMe's co-founder and former CEO Anne Wojcicki's new company - is the winner in a final round of bids to purchase the bankrupt consumer genomics testing firm. As part of TTAM's bid, the nonprofit pledged to implement additional data privacy and security protections.

Sean Plankey Has Support, But His CISA Nomination is Blocked and Delayed
U.S. President Donald Trump’s nominee to lead the nation’s top cyber defense agency is stuck in confirmation limbo, delayed by scheduling setbacks and a Senate hold over an unrelated report - deepening uncertainty amid a major operational overhaul at the agency.

UEFI Vulnerability Threatens Systems with Silent Compromise
Hackers could circumvent the protections of Secure Boot by silently disabling it through an attack that potentially affects a wide swath of Windows laptops and servers. Microsoft issued a patch this month and hackers would already need admin access and physical access to a target machine.

Defunct Ransomware Group's Diaspora Includes Hackers With Focus on Microsoft Teams
Based on intelligence gleaned from the leak of Black Basta ransomware messages, researchers are warning organizations to beware phishing attacks launched via Microsoft partner domains and via Teams, as well as the targeting of personal Google accounts accessed via corporate devices.

Ocuco and Episource Breaches Affect Health Sector Clients, Patients
An Ireland-based provider of eye care practice software and a California-based medical coding services firm have reported separate hacking incidents to U.S. and state regulators that have likely affected dozens of their clients and hundreds of thousands of people.