DataBreachToday.com

An Iranian state hacking group is using custom malware to compromise IoT and OT infrastructure in Israel and the United States. An attack wave from Islamic Revolutionary Guard Corps-affiliated "CyberAv3ngers" swept up fuel management systems made by U.S.-based firm Gilbarco Veeder-Root.

IT Outage, Downtime Procedures Affecting Services at California Healthcare Provider
Cybercriminals claim they stole 17 million patient records from a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.

Also: How Leading Cybersecurity Firms Are Gearing Up for 2025
In the latest weekly update, ISMG editors discussed the shooting death of the UnitedHealthcare CEO and its wider implications for AI-driven decision-making, market strategies for the top cybersecurity companies in 2025, and how these strategies reflect industry trends.

Around 30,000 German IoT Devices Infected From Backdoored Android Applications
The German federal information security agency disrupted a botnet that infected thousands of backdoored digital picture frames and media players made with knockoff Android operating systems shipped from China. The agency identified at least 30,000 infected devices.

Open Questions: What's Next Killer Use Case? Can Output Be Better Validated?
The topic of AI reality versus hype, as well as what the next killer use cases might be, dominated the wrap-up "Locknote" panel at this year's annual Black Hat Europe in London, comprised of conference Review Board members detailing this year's hot topics, with AI taking top place.

Also: Australia Fines Kraken AU$8 Million Over Breaches
This week, scammers targeted crypto workers with fake meeting apps, Australia fined Kraken crypto exchange operator Bit Trade, a Los Angeles federal court ordered five individuals to pay $5 million, Polish police detained a Russian former exchange operator and FTX debtors clawed back more cash.

Cybersecurity Experts Push for Clearer Mission, Expanded Authority, More Resources
Cybersecurity experts are urging a revamp of the Office of the National Cyber Director. The Center for Cybersecurity Policy and Law says the office needs a clearer mission, more resources and the authority to lead cybersecurity policy for other government agencies to bolster U.S. cyber defenses.

Possible Long-Term Attack by Unknown Hackers Thwarted
Hackers exploiting flaws in Cleo Communications software instances had intimate knowledge of their internals and deployed a previously unknown family of malware, security researchers from Huntress said Thursday. Cleo published a patch Wednesday evening.

DOJ Indicts North Korean IT Workers for Using Remote Jobs to Steal Sensitive Info
U.S. federal prosecutors indicted 14 North Koreans for a long-running IT scam generating $88 million by exploiting remote work with U.S. firms, a scheme prosecutors say is tied to DPRK-controlled companies that fund weapons programs through stolen identities, data theft and extortion.

Secret Blizzard Used Third-Party Amadey Bots to Hack Ukrainian Military Devices
A Russian state-backed hacker group used third-party data-stealing bots and possibly a backdoor used by another Russia-based threat group to infiltrate and spy on devices used by frontline Ukrainian military units, according to a report from the Microsoft threat intelligence team.

Multimodal Agentic AI Delivers Speed, Tools and Research Prototypes
Google's latest AI model can natively process and output text, images and audio in the search giant's push toward more autonomous reasoning, planning and action. The company said Gemini 2.0 is designed for applications ranging from development and gaming to research and everyday assistance.

Tech and Training Ideas to Help Cyber Professionals Advance Their Skills
If you're a cybersecurity professional trying to come up with ideas for your holiday wish list (or maybe you’re a loved one trying to pick out the perfect gift), look no further! Here are some top picks that will thrill any cybersecurity practitioner.

LexisNexis Combines AI-Driven Document Authentication With Its Fraud Solutions
To counter AI-driven fraud, LexisNexis acquired IDVerse, a London-based startup focused on document authentication and regulatory compliance. This acquisition aims to seamlessly integrate advanced tools into LexisNexis' fraud and identity platforms, enhancing global operations.

Attackers Target Managed File Transfer Software Vulnerabilities
File transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn't fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files.

Publicly Traded Firm Discloses 'Material' Incident to US Federal Regulators
Fried dough lovers beware: doughnut juggernaut Krispy Kreme told U.S. federal regulators Wednesday it will have ongoing operational difficulties due to a cybersecurity incident. Shops are open and consumers can place orders in person. Online ordering in some parts of the United States is down.

Defense Bill Targets Key Investments in AI, Cybersecurity and Quantum Technologies
An $895 billion National Defense Authorization Act features key provisions for significant investments in artificial intelligence, cybersecurity and quantum technology, including initiatives aimed at enhancing the Pentagon’s technological capabilities.

Evidence Mounts for Chinese Hacking 'Quartermaster'
A probable Chinese nation-state threat actor compromised Visual Studio Code and Microsoft Azure cloud infrastructure to target Western technology firms for espionage, security firms Tinexta Cyber and SentinelLabs said. The companies call the campaign "Operation Digital Eye."