DataBreachToday.com

Cryptocurrency Users Targeted in Latest Campaign Involving FudModule Rootkit
A hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.

Bill Is Similar to Senate Proposals, But Will Congress Take Action Before Election?
A bipartisan House bill aims to bolster cybersecurity in the healthcare sector by requiring stronger collaboration between CISA and the Department of Health and Human Services. The bill is a companion to nearly identical bipartisan legislation introduced in the Senate in July.

Cloud-Based Security Camera Firm Pledges Better Security in US FTC Settlement
A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women's health clinics.

Feds Count Over 200 Known US Victims of Ransomware Group That Launched in February
Beware a surge in attacks tied to a ransomware group called RansomHub that's recruited affiliates from down-or-out operations LockBit and BlackCat and successfully crypto-locked systems at more than 200 organizations nationwide, including critical infrastructure, the U.S. government warned.

Growth, Profitability and Stock Price Woes Have Dell Primed to Cash Out Its Chips
Majority owner Dell is exploring a possible sale of Atlanta-based cybersecurity services vendor Secureworks, tapping investment bankers at Morgan Stanley and Piper Sandler to gauge takeover interest from potential acquirers, which include private equity firms, Reuters reported Thursday.

Also: UN Convention Against Cybercrime Efforts; Serving SMBs' Cybersecurity Needs
In the latest weekly update, Information Security Media Group editors discussed how CrowdStrike's competitors are responding to its outage, why security vendors want to serve the unique needs of SMB organizations and the status of U.N. efforts to develop a treaty designed to combat cybercrime.

Telegram Messages Hard to Encrypt But CEO Faces Charges for Noncompliant Cryptology
The arrest and indictment of Telegram CEO Pavel Durov is sparking concerns about the viability of encrypted communications in France. The Paris Prosecutor's Office indicted Durov, the 39-year-old Russian-born owner of Telegram on Wednesday, after arresting him Saturday night.

The AI Safety Institute Will Evaluate Safety and Suggest Improvements
AI companies OpenAI and Anthropic made a deal with a U.S. federal body to provide early access to major models for safety evaluations. The agreements are "are an important milestone as we work to help responsibly steward the future of AI," said U.S. AI Safety Institute Director Elizabeth Kelly.

Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle Sam
This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.

Cybercriminal Group Claims to Have Published 100 Gigabytes of Agency's Stolen Data
Two months after RansomHub claimed to have published 100GBs of its stolen data on the dark web, the Florida Department of Health is notifying citizens that their sensitive information has been compromised. The attack affected the vital statistics system used to issue birth and death certificates.

Compliance Expert on Readiness, Compliance and Rapid Incident Reporting
The NIS2 Directive focuses on addressing gaps and strengthening the security of network and information systems across the European Union. NIS2 mandates rapid incident reporting and holds senior management accountable for cybersecurity, shifting responsibilities to the board level.

Proposed Legislation Divides Tech World, AI Experts, Lawmakers
California state lawmakers on Wednesday handed off a bill establishing first-in-the-nation safety standards for advanced artificial intelligence models to their Senate counterparts after weathering opposition from the tech industry and high-profile Democratic politicians.

CEO George Kurtz on New Recovery Techniques and Controls Implemented Post-Incident
CEO George Kurtz said CrowdStrike has blunted the business impact from the massive July 19 outage and is implementing changes to prevent a repeat occurrence. CrowdStrike is boosting the resilience of its Falcon platform through improved content visibility and control and enhanced quality assurance.

Over 1.2 Million Patients' Sensitive Data Exposed So Far This Year
Some dentists don't have much to smile about these days when it comes to cyberattacks. More than 1.2 million of their patients have had their sensitive data compromised in at least two dozen hacks and other breaches so far in 2024, including several incidents reported in the past month.

Acquisition Underscores the Importance of AI Security in Modern IT Infrastructure
Cisco announced its intent to acquire Robust Intelligence to fortify the security of AI applications. With this acquisition, Cisco aims to address AI-related risks, incorporating advanced protection to guard against threats such as jailbreaking, data poisoning and unintentional model outcomes.

Security Researcher Uncovered the Flaw, Which Allowed System Takeover
Microsoft says it fixed a security flaw in artificial intelligence chatbot Copilot that enabled attackers to steal multifactor authentication code using a prompt injection attack. Security researcher Johann Rehberger said he discovered a way to invisibly force Copilot to send data.

Learn How to Recognize Fraudulent Job Postings and Avoid Becoming a Scam Victim
The demand for skilled cybersecurity professionals, coupled with the rise in remote work, has led to an increase in fraudulent job postings targeting tech-savvy individuals. Learn why this is so and how to protect yourself from deceptive schemes as you pursue a job in cybersecurity.