DataBreachToday.com

Eclypsium Researchers Find UEFI Weakness in Framework Laptops and Desktops
Roughly 200,000 laptops and desktops made by modular sensation Framework contain a firmware vulnerability allowing attackers to disable Secure Boot and run unsigned code, say security researchers.

Recent Cybersecurity Conferences Highlight Resilience and Shoring Up Critical Infrastructure Systems
Learn how recent cybersecurity conferences focused on resilience and shoring up critical infrastructure systems spotlight the need for virtual segmentation, OT visibility and zero trust adoption.

Cybereason Deal Bolsters LevelBlue's XDR, DFIR and Global Incident Response Reach
LevelBlue is acquiring Cybereason to enhance its extended detection and response, digital forensics, and global threat intelligence capabilities. The move brings top talent, expands the firm's footprint in Japan and follows LevelBlue's acquisitions of Aon and MDR provider Trustwave.

Cambodian Firm Worked Directly With North Korea, Say US Officials
The U.S. and U.K. imposed sanctions on Cambodia’s Huione Group and 146 affiliates linked to the Prince Group TCO, citing human trafficking, forced labor and over $4 billion in laundered cybercrime proceeds tied to North Korean hacks and Western-targeted scams.

NCSC Chief Says Recent Retailer Hacks Should Be 'Wake-Up Call' for Cyber Defenders
The number of cyberattacks in the United Kingdom surged 50% in the past year, with ransomware continuing to be the top threat. National Cyber Security Centre CEO Richard Horne said recent high-profile hacks at major retailers exposed supply chain vulnerabilities and are a "wake-up call" to defenders.

Researchers Show Minimal Data Poisoning Can Disrupt Large Language Models
Only a couple hundred malicious training documents are needed before a large language model puts out meaningless text when prompted with a specific trigger phrase, say researchers.

Jumio's Joe Kaufmann on How CPOs Drive Value by Aligning Privacy With Business
Privacy leaders are taking on strategic roles as artificial intelligence and data protection laws evolve. Jumio's Global Privacy Head Joe Kaufmann said chief privacy officers now help build data trust, manage compliance and enable business growth through responsible data use.

3 Private Equity Firms Kick the Tires, But Proposed Price Wasn't to Snyk's Liking
Slowing growth, continued losses and increased competition have turned a Snyk IPO into an increasingly unlikely prospect. The Information reported this month that Snyk has spoken with at least three private equity firms about a potential deal, but has been unable to reach an agreement on price.

Medusa Group Tied to Attack on SimonMed and Threats to Leak Stolen Data
Two radiology practices are notifying nearly 1.5 million people of separate hacking incidents compromising their sensitive health information. Cybercrime gang Medusa claimed credit for attacking Arizona-based SimonMed Imaging in January and threatened to leak the stolen data of nearly 1.3 million patients on the darkweb.

Dutch Ministry Invokes National Security Law to Impose Domestic Control
The Dutch government said it is severing semiconductor chipmaker Nexperia from control by its Chinese parent after invoking a national security law allowing it to impose domestic control. Partially Chinese state-controlled Wingtech Technologies acquired a three quarters stake in Nexperia in 2018.

Today's Hapless Hackers Are Tomorrow's Threat, Warns Forescout
A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant - but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30.

EU Justice and Home Affairs Council Halts Voting, Sees Opposition
A European content scanning proposal intended to enhance online child safety stalled after German lawmakers voiced opposition and member states canceled a planned vote on the measure's adoption. The EU Justice and Home Affairs Council was set to vote Tuesday on Chat Control.

In Today's Reality, Zero Trust Principles Matter, Verification Is an Imperative
This month, a judge made history by throwing out an $8.7 million lawsuit after discovering something that had never before appeared in her courtroom: deepfake testimony. But these new legal lessons are already a reality in business: the need for trust, verification and authentic communication.

US Cyber Defense Agency Slammed by Shutdown, Personnel Cuts and Resource Crisis
Facing major turnover, partisan upheaval and a government shutdown, the U.S. cyber defense agency is now operating at a fraction of its strength, leaving states and other entities without federal cyber support or coordination, experts tell Information Security Media Group.

Pete Harteveld Seeks to Strengthen Security Operations With Programmatic Approach
New Exabeam CEO Pete Harteveld emphasizes securing AI agents, minimizing tool sprawl and promoting defined security outcomes. His roadmap builds on recent success and aims to deliver programmatic SIEM and UEBA innovations to improve analyst efficiency and benchmarking.