DataBreachToday.com

'Have I Been Pwned' Flags Emails Found in Infostealer Malware Logs It Obtains
How bad has the information stealing malware problem become? Here's a metric: The free breach-notification service Have I Been Pwned found a single infostealer service provided "284 million unique email addresses alongside the websites they were entered into and the passwords used."

Claude 3.7 Sonnet Can Give Rapid or Deliberate, Complex Answers to Prompts
Anthropic introduced a new artificial intelligence model designed to adapt its reasoning time based on user preferences. Marketed as the industry's first "hybrid AI reasoning model," Claude 3.7 Sonnet aims to deliver rapid responses and more deliberate, complex answers to prompts.

Experts Say First Class Action Claim Under State's Privacy Law Won't Be the Last
A proposed class action lawsuit alleges that Amazon is unlawfully collecting and tracking mobile users' data - including sensitive geolocation - in violation of Washington's My Health My Data Act. It's the first such lawsuit filed since the data privacy law went into effect last year.

Experts Say First Class Action Claim Under State's Privacy Law Won't Be the Last
A proposed class action lawsuit alleges that Amazon is unlawfully collecting and tracking mobile users' data - including sensitive geolocation - in violation of Washington State's My Health My Data Act. It's the first such lawsuit filed since the data privacy law went into effect last year.

Some Lawmakers Fear Regulation Could Stymie Innovation
The British Labour Government has reportedly delayed plans to put forward a draft bill on artificial intelligence over concerns that binding AI regulation could stifle the country's AI growth potential. A spokesperson said the government remains "committed to bringing forward a legislation."

Federal Agencies and Experts Alike Say Musk's Email Request Poses Security Threat
The Department of Government Efficiency-led effort to assess whether millions of federal jobs are necessary through a bulleted list of weekly activities is causing a major security threat, in addition to mass confusion across the federal government, experts told Information Security Media Group.

eSafety Regulator Seeks Platform's Policy on Extremist and Child Sexual Content
Australia regulators on Monday fined social networking company Telegram nearly 1 million Australian dollar for delaying its response to questions on how the company regulates violent, extremist and child sexual content on its platform. Telegram was the only media firm to miss the May 6 deadline.

Disruptive Data-Stealing Attackers Hit Vehicle Retail Giant Right Before Christmas
Cyber resilience lessons learned: In the wake of a disruptive ransomware attack, the head of automotive retail giant Arnold Clark said continually practicing and refining the organization's resilience plan has driven its response time down from at least 12 hours, to just one or two.

Group Cross-Referenced Open-Source Victim Intelligence With Infostealer Hauls
The leak of 200,000 internal chat messages for the Black Basta operation provides an overview of how a modern ransomware group organizes itself to take down victims in the most efficient, profit-maximizing manner possible, using a variety of tactics that should be, in theory, easy to repel.

A proposed state privacy law awaiting the signature of New York State's governor promises to make the processing of and sale of health information by a wide array of organizations much more complicated and restrictive, said regulatory attorney Angie Matney, who explains why.

Report Also Flags Threats Linked to North Korea, Iran
Chinese influence operations are using artificial intelligence to carry out surveillance and disinformation campaigns, OpenAI said in its latest threat report. The report details two major Chinese campaigns that misused AI tools, including OpenAI's own models, to advance state-backed agendas.

Crypto Firm Offers Up to $140M Bounty for Recovery of Hacked Funds
Hacked crypto exchange Bybit replenished the $1.4 billion in Ether stolen days ago, CEO Ben Zhou said Monday. A new proof-of-reserves audit will confirm that client assets are back to a 1:1 ratio using a Merkle Tree verification system, Zhou tweeted.

Citing Security Concerns, Australia Joins Others in Banning Anti-Virus Products
The Australian Department of Home Affairs on Friday banned the use of Kaspersky Lab products in public offices citing an "unacceptable security risk" to the government networks and data. All government offices must uninstall all Kaspersky products and report the completion of the task to the agency.

Withdrawal of Advanced Data Protection for British Users Could Have Global Impact
Apple's decision to withdraw iCloud end-to-end encryption in the United Kingdom has privacy and security advocates worried that the British government could scan and surveil sensitive information of Apple users worldwide. Apple on Friday deactivated its Advanced Data Protection feature in the U.K.

Chinese Nation-State Hackers Used a Custom Utility to Capture Packets
Chinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco's threat analysis unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos.

Computing Giant Warns Against Future Decryption of Secure Communications
Google adopted quantum-safe digital signatures for its cloud environment designed to help users combat the next phase of adversarial attacks. The announcement from the company comes days after Microsoft unveiled its latest quantum chip. NIST formalized the algorithms in August 2024.

Ransomware Attack Taught Lessons on Health Sector Resiliency, Vendor Redundancy
It's been one year since hackers attacked IT services provider Change Healthcare, quickly shutting down critical processes for thousands of healthcare entities, triggering a data breach affecting 190 million people. So what top lessons are emerging from that massive disruption and data compromise?

Vendors Consolidate Endpoint, Managed Offerings to Combat Major Industry Players
Rising competition from CrowdStrike and Microsoft is driving MDR and EDR providers to consolidate. Companies such as Sophos and Arctic Wolf are acquiring endpoint or managed security technology to enhance detection and response capabilities, signaling a shift toward full-stack security solutions.

'He Is an Idiot,' Dissatisfied Hacker Writes of Boss
Two hundred thousand internal chat messages from the Russian ransomware group Black Basta have been leaked online, supposedly in reprisal for the operation targeting Russian banks. The partial logs, spanning 13 months, detail negotiations with victims, ransoms paid, internal disagreements and more.