Ransomware DataBreachToday.com

Critical Authentication Flaw Impacts Both Free and Pro Users
A widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in.

Water Barghest Group Lists Infected Devices Within 10 Minutes of Initial Compromise
A threat actor with suspected ties to Russian nation-state hackers has listed thousands of IoT devices as proxy networks within minutes of their initial compromise. A campaign that began in 2020 has so far infected 20,000 IoT devices, according to a new report by Trend Micro.

Inspector General Report Reveals 97 Water Systems With Critical Cybersecurity Risks
The Environmental Protection Agency inspector general said over 100 million Americans depend on drinking water systems exposed to cybersecurity flaws that could allow hackers to "disrupt service or cause irreparable physical damage to drinking water infrastructure."

Critical Authentication Flaw Impacts Both Free and Pro Users
A widely deployed five-in-one security plugin for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plugin.

Gartner Publishes First Identity Verification MQ as Workforce-Related Uses Multiply
Gartner has recognized Entrust, Incode, Jumio, Socure and Sumsub as identity verification leaders amid a rise in regulatory demands and fraud prevention requirements. Identity verification was historically used for regulated onboarding in industries like banking, gambling and cryptocurrency.

Scrutiny Over Ethics of Profit-Sharing Prompts End to Cyberstarts CISO Compensation
Allegations of conflicts of interest in Cyberstarts’ Sunrise program have sparked debate in the CISO community. While the program connected CISOs with startups for advisory purposes, its profit-sharing incentives drew criticism, leading some participants to resign and the firm to halt compensation.

Also: Anticipating Donald Trump's Second Term; a Surprising Cybersecurity Merger
In the latest weekly update, ISMG editors explored the growing threat of disrupted ransomware attacks as a public health crisis, the potential global impact of a Donald Trump's second presidential term, and implications of the latest big merger in the cybersecurity market.

Researchers Find Exploitable Flaws in the OvrC Platform
Security flaws in a cloud platform for remotely configuring and monitoring Internet of Things gadgets could expose millions of devices to remote code execution hacks. Security researchers at Claroty's Team82 uncovered 10 vulnerabilities in the widely used OvrC cloud platform.

Trump Administration Picks May Test Bipartisan Support for Cybersecurity Agency
Newly empowered Republicans in U.S. president-elect Donald Trump's orbit appear slated to enact far-reaching changes to the federal cyber defense agency, with one senator pledging to act on his long-standing enmity to the Cybersecurity and Infrastructure Security Agency.

Health System's Cyberattack Affected More Than 235,000 Patients, Employees, Others
A New York state court has approved a preliminary $1.5 million settlement of a consolidated proposed class action lawsuit against One Brooklyn Health System following a November 2022 cyberattack that involved theft of sensitive health data belonging to more than 235,000 people.

Australian Government Warns of Nation-State Actors' Plans to Weaponize Malware
The Australian government is alerting critical infrastructure providers that state-sponsored actors are positioning malware in their networks that can be weaponized to disrupt operations during major crises or a military conflict. The hackers employ living-off-the-land technique to avoid detection.

Comprehensive Identity Security Platform Expands Protection to Cloud, On-Premises
Silverfort has acquired Rezonate, a cloud-focused identity protection startup. This acquisition accelerates Silverfort’s vision for an integrated platform that secures identities across both on-premises and cloud environments, cutting complexity and boosting threat visibility for enterprise clients.

Tehran Baits Aerospace Sector Into Downloading Malware With Fake Job Offers
Iranian state hackers are taking a page out of North Korean tactics to entice job seekers into downloading malware, with security researchers spotting a Tehran campaign directed against the aerospace industry. It's possible that Pyongyang shared its attack methods and tools.

Vaccine Skeptic's Views on Health Privacy Not Well-Known
President elect Donald Trump said Thursday he will nominate prominent vaccine skeptic Robert F. Kennedy Jr. as secretary to head up the U.S. Department of Health and Human Services. His stances on health information privacy, security and healthcare sector cyber matters are not well known.

US Probe of Chinese Hack Reveals 'Broad and Significant Cyberespionage Campaign'
The FBI and Cybersecurity and Infrastructure Security Agency released an update on their ongoing investigation into a Chinese-linked "broad and significant cyberespionage campaign" that the agencies said targeted private communications of government and political figures.

Also: Arrests in $232M Scam, Guilty Plea in $73M Pig-Butchering Case
This week, FTX sued to recover money, FTX's Caroline Ellison began her prison sentence, South Korea arrested hundreds in $232M scam, a guilty plea in a $73M pig-butchering case, BlueNoroff launched a new attack campaign, GodFather malware and WonderFi CEO kidnapped and released after ransom payment.

Here's How Schools, Certification Bodies, Boot Camps and Leaders Can Lend a Hand
Across the security landscape, partnerships are becoming a cornerstone in developing agile, prepared professionals who can not only react to threats but anticipate and neutralize them. Here's how universities, certification bodies, boot camps and industry leaders can drive the industry forward.

Stealthy Backdoor Publicly Available on GitHub Can Be Weaponized for Larger Attacks
Godzilla webshell, a Chinese-language backdoor known for its stealth and ability to execute commands and manipulate files, is publicly available on GitHub, and federal authorities have issued a stern warning to the healthcare sector to prepare for this threat and inevitable cyberattacks.

Multiple Critical Vulnerabilities Expose Industrial Control Risks
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers. The vulnerabilities could allow unauthorized access, data manipulation and system interruptions.

DOJ Accuses Alleged Hackers of Stealing Terabytes of Data From Snowflake Victims
The Justice Department unsealed an indictment against alleged hackers Connor Moucka and John Binns, accusing them of stealing data from the cloud platform Snowflake, extorting millions in bitcoin and stealing sensitive personal information from over 165 organizations and millions of individuals.