DataBreachToday.com

FBI Tracking Alleged Fraudsters Using Evidence Seized From Shuttered Genesis Market
An FBI probe into shuttered cybercrime site Genesis Market has led to the indictment of Terrance Ciszek, a now-suspended police detective in Buffalo, New York, who's been accused of buying stolen payment card data and recording a video showing fraudsters how to use it anonymously.

Deal Enhances Sophos’ Managed Security Portfolio, Adds AI-Powered Taegis XDR Tool
Sophos is acquiring Secureworks in a deal valued at $859 million, aiming to integrate its managed security services with Secureworks' Taegis XDR platform. This merger is expected to deliver advanced detection and response capabilities, and enhance global cybersecurity for businesses of all sizes.

Attack Method Exploits RAG-based Tech to Manipulate AI System's Output
Researchers found an easy way to manipulate the responses of an artificial intelligence system that makes up the backend of tools such as Microsoft 365 Copilot, potentially compromising confidential information and exacerbating misinformation. Researchers called the attack "ConfusedPilot."

2023 Hacking Incident Affected 1.9 Million Patients, Employees
A Michigan-based dental practice with 250 centers across nine states has agreed to pay $2.7 million under a preliminary settlement of a proposed consolidated class action lawsuit centered on a 2023 hacking incident reported as affecting more than 1.9 million patients and employees.

Phishing Emails Impersonating Eset Target Cybersecurity Professionals With Malware
Cybercriminals posing as a top security firm in Israel have launched wiper attacks on local cybersecurity professionals after bypassing significant security measures, according to recent reports. Cybersecurity firm Eset said threat actors did not compromise its systems.

Russian Actors Disrupt Websites of Political Party, Business and Government Groups
Plans by Japan and U.S. to conduct military exercises near the coast of eastern Russia prompted Russia-linked threat actors to unleash a series of denial-of-service attacks this week against a dozen websites in Japan including the majority political party, business groups and governments.

Boston Children's Health Physicians Says Incident Involved Unnamed IT Vendor
Ransomware gang BianLian has listed Boston Children's Health Physicians - a pediatric group that practices in New York and Connecticut - on its dark web site, threatening to release stolen patient and employee data. The practice said the September incident involved an IT vendor.

Report Reveals North Korean Workers Expanding Into Intellectual Property Theft
North Korean threat actors posing as remote information technology workers are increasingly extorting ransom from Western companies after securing jobs under false pretenses, according to a new report from Secureworks' counter threat unit.

Company Shifts Cyber Focus to QNX and Secure Communications as Key Growth Drivers
As Cylance continues to incur significant losses, BlackBerry is reallocating resources toward its more promising QNX and secure communications teams. The company expects its cybersecurity unit to stabilize and become profitable by the end of the fiscal year, thanks to strategic bets and cost cuts.

Wallix, One Identity Remain Visionaries as Securing Remote Work Takes Center Stage
CyberArk, Delinea and BeyondTrust have maintained their positions atop the privileged access management market due to their adaptability to client needs, according to Gartner. The leaders quadrant remains unchanged from 2023 due to consistent performance and a strong focus on execution.

CISA and FBI Warn Software Providers to Avoid Risky Development Practices
The Cybersecurity and Infrastructure Security Agency and the FBI released a joint advisory urging software providers to avoid risky practices like using memory-unsafe languages and other techniques that could jeopardize critical infrastructure and national security.

Cyber Security and Resilience Bill Includes 72-Hour Reporting Deadline, Hefty Fines
The U.K. government's proposed Cyber Security and Resilience Bill is a "good step forward" to encourage ransomware incident reporting, said Ciaran Martin, the former NCSC chief. But he said the success of the new regulations also hinges on the support mechanism for cyber victims.

Agency Details AI Cybersecurity Risks, Prevention, Mitigation Strategies
Financial regulators with the state of New York on Wednesday published guidance to help organizations identify and mitigate cybersecurity threats related to artificial intelligence. The New York State Department of Financial Services said it's not imposing new requirements.

Also: Radiant Capital Hack and TD Bank Secrecy Act Guilty Plea
This week, an arrest in the U.S. SEC X account hack, a Radiant Capital hack, market manipulation charges on 18 entities, Bitfinex update, Forcount promoter sentenced, Mt. Gox pushed repayment, an alleged fraudster fled, SEC charged Cumberland and TD Bank pleased guilty to BSA violations.