DataBreachToday.com

Publicly Traded Firm Discloses 'Material' Incident to US Federal Regulators
Fried dough lovers beware: doughnut juggernaut Krispy Kreme told U.S. federal regulators Wednesday it will have ongoing operational difficulties due to a cybersecurity incident. Shops are open and consumers can place orders in person. Online ordering in some parts of the United States is down.

Defense Bill Targets Key Investments in AI, Cybersecurity and Quantum Technologies
An $895 billion National Defense Authorization Act features key provisions for significant investments in artificial intelligence, cybersecurity and quantum technology, including initiatives aimed at enhancing the Pentagon’s technological capabilities.

Evidence Mounts for Chinese Hacking 'Quartermaster'
A probable Chinese nation-state threat actor compromised Visual Studio Code and Microsoft Azure cloud infrastructure to target Western technology firms for espionage, security firms Tinexta Cyber and SentinelLabs said. The companies call the campaign "Operation Digital Eye."

Inmediata Health Group Has Paid $2.7M in Fines, Civil Claims for 2019 HIPAA Breach
A breach that exposed the personal information of nearly 1.6 million patients of a Puerto Rico-based clearinghouse has led to a $250,000 financial settlement with federal regulations for multiple HIPAA violations. The 2019 leak has cost Inmediata Health $2.7 million in fines and civil settlements.

Report: Financial Orgs Shift to Multi-Cloud to Address Cyberthreats and Regulation
Financial institutions are increasingly adopting multi-cloud strategies to mitigate rising cyber risks and comply with complex regulations, according to a new report. Although the move enhances flexibility and disaster recovery, challenges remain, from implementation costs to a growing skills gap.

Cybercriminal Gang 'Money Message' Claims Credit, Publishes Stolen Records
A Massachusetts hospital is notifying 316,000 people that their information was compromised in a cyberattack discovered nearly a year ago during Christmas 2023. Cybercriminal group Money Message claimed that it stole 600 gigabytes data, posting patient and employee records on the darkweb.

Flaw in Embedded Device Operating System Allowed Hackers to Bypass Integrity Check
A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, tracked as CVE-2024-54143, with a CVSS score of 9.3.

deviceTRUST, Strong Network Acquisitions Improve Zero Trust, Developer Protections
Citrix enhances its security for hybrid work by acquiring deviceTRUST and Strong Network. Purchasing these European startups boosts protection for VDI, DaaS and cloud development, empowering organizations to enforce zero trust principles and reduce risks across their hybrid environments.

Report: Financial Orgs Shift to Multi-Cloud to Address Cyber Threats and Regulation
Financial institutions are increasingly adopting multi-cloud strategies to mitigate rising cyber risks and comply with complex regulations, according to a new report. The move enhances flexibility and disaster recovery, though challenges remain, from implementation costs to a growing skills gap.

Startup Aims to Secure AI Agents, Expand Global Reach, Do User Access Management
Astrix raises $45 million to advance AI agent security and expand its global presence. The company plans to double its workforce, focusing on anomaly detection and fingerprinting techniques for non-human identities along the correlating information about human and non-human identities.

Copilot Enhancements and Other Key Announcements From Microsoft Ignite 2024
Advanced AI took the center stage at Microsoft Ignite 2024. Reflecting on AI as the "most transformative technology of our time," CEO Satya Nadella set the tone for Microsoft's future where every facet of technology is integrated with AI in all key aspects - productivity, collaboration and security.

From Automotive Exploits and Bootloader Bugs to Cybercrime and 'LLMbotomy' Trojans
Black Hat Europe returns to London with more than 45 keynotes and briefings tackling everything from bootloader bugs and flaws in artificial intelligence and large language model tools, to disrupting fake online brokerages and remotely hacking Volkswagen entertainment systems to track vehicles.

InfoSec Officer Shervin Evans on the State of Cyberdefense, Meeting the Challenges
Cybercriminals are launching relentless attacks. The potential for breaches and exploitation has increased as the world has become more connected, raising an urgent question: Are we winning the fight against cybercriminals, or are we just sinking deeper into their grasp?

Autodesk and AWS Are Driving the Next Generation of AI-Powered Design Innovation
At AWS re:Invent 2024, Autodesk unveiled its innovative vision for generative AI in design. From Project Bernini's billion-parameter foundation model to sustainable workflows powered by AWS, the company is transforming 3D CAD design and shaping the future of creativity.

Bulletin Comes In Wake of Recent Attacks Disrupting Blood Collection, Supplies
The Food and Drug Administration is urging blood suppliers - a recent target of attacks - to bolster their cybersecurity practices to prevent and mitigate cyber incidents that could affect the supply and safety of critical blood and blood components used for transfusions and other patient care.

Rhode Island Becomes First State to Shield Students From Cyber Risks With New Tool
Rhode Island will become the first state in the nation to launch a statewide cybersecurity tool for K-12 schools, offering enhanced protection against ransomware threats with a new, no-cost, federally funded service that will shield 136,000 students across 64 school districts.

Big Game Hunting Will Intensify in 2025, Says Credit Rating Agency
Improved cybersecurity will result in ransomware hackers targeting larger organizations to wring out high dollar extortion payments and intensified focus on supply chain attacks, predicts Moody's Ratings. The share of ransomware victims willing to meet criminal demands for money is at record lows.

Palo Alto, CrowdStrike, Zscaler Eye Firewall, SIEM Replacement, Incident Recovery
Three of the world's largest pure-play cybersecurity vendors recently reported earnings, grappling with SIEM and firewall displacement opportunities along with rebounding from a massive outage. Palo Alto Networks continues to reap the benefits of buying IBM's QRadar SaaS business.