DataBreachToday.com

Murdoc Botnet Uses Over 100 Distinct C2 Servers to Manage Infected Devices
A new variant of the Mirai malware is exploiting vulnerabilities in cameras and routers to infiltrate devices, download payloads and integrate them into an expanding botnet. Qualys tracked over 1,300 active internet protocol addresses linked to the Murdoc Botnet since its emergence in July 2024.

'Humphrey' Set to Help Civil Servants Streamline Work Across Whitehall
The British government on Tuesday launched artificial intelligence-powered tools intended to help civil servants offer improved public service in a first step toward implementing a plan meant to transform the United Kingdom into a world AI leader.

Initiative Aims to Bolster Security of EU Member Hospitals, Healthcare Providers
The European Commission has a new action plan to strengthen cybersecurity of hospitals and other healthcare providers in the European Union amid rising cyberthreats and attacks. The plan includes a cybersecurity support center to offer guidance and other resources to the EU's health sector.

Series B Funding Round to Drive European Expansion, R&D and Automated Remediation
Mitiga, a cloud security firm, has secured $30M in Series B funding to expand its solutions for detecting and responding to threats in public cloud and SaaS environments. Funds will support European market entry and R&D into automated remediation tools, boosting security operations globally.

Trump Has Pledged to 'Support AI Development' but not yet Shared Specifics
President Donald Trump on the first day of his second term fulfilled a campaign promise to rescind a 2023 Biden executive order designed to curb the risk posed by artificial intelligence models to consumers and national security. The Trump administration has not yet previewed any replacement.

Creating 'Schedule F' Is a Stated Trump Priority
Newly sworn in President Donald Trump's plan to revive policy from his first term that eases the firing of federal employees could disrupt workforce stability, with federal unions and experts warning that weakening federal civil service protections could weaken national security.

In First Pure-Play Cybersecurity IPO Filing Since '21, SailPoint Talks Channel Ties
SailPoint became the first pure-play cybersecurity company to pursue an initial public offering since 2021, revealing increased sales, improved losses and a heavy reliance on channel partners. Some 80% of its new customer transactions involved technology partners, system integrators, VARs or MSPs.

Researchers Uncover Three Vulnerabilities, Urge Firmware Update
Attackers could chain critical vulnerabilities in industrial network switches to gain remote control to compromise automation systems, IoT devices and surveillance networks. Claroty's Team82 uncovered three flaws in WGS-804HPT switches manufactured by Planet Technology.

Elizabeth Warren Letter Probes Kennedy on His Plans if Confirmed as HHS Secretary
Senate confirmation hearings have not yet been set for President Donald Trump's pick to lead the U.S. Department of Health and Human Services. But that hasn't stopped at least one lawmaker from already firing off an extensive list of questions to Robert F. Kennedy Jr., including about HIPAA.

Hackers Using Valid Customer Credentials to Re-Encrypt S3 Objects
Amazon is urging its customers to deploy additional security measures to secure S3 buckets following reports of ransomware attacks targeting the platform. The company said mitigations prevented "a high percentage of attempts from succeeding."

Poland, Israel, Nvidia and Oracle Question Need for Restrictions
A decision by the Biden administration to limit international access to American-made advanced artificial intelligence chips is facing backlash from countries whose purchasing power the rule affects. New export controls seek to choke the supply of advanced chips to China.

Enzo Biochem Previously Paid Three States $4.5M in Fines for Same Breach
Biotech firm Enzo Biochem has agreed to pay $7.5 million to settle a consolidated proposed class action lawsuit involving a 2023 ransomware attack affecting 2.5 million people. The company has already paid $4.5 million in fines to three state attorneys general for the same incident.

Also: Bringing AML and Fraud Programs Together; the Global AI Arms Race
In this week's update, ISMG editors discussed a U.K. proposal to mandate ransomware payment reporting, tackling financial crime by bringing together fraud and AML teams, and the global AI arms race as countries compete to lead innovation while balancing regulation and ethics.

Department of Treasury Imposes Sanctions
The U.S. federal government said Friday it's traced the source of Chinese hacker intrusions into telecom networks to a government contractor located in hacking hotbed Sichuan. The Department of Treasury imposed sanctions on the firm, Sichuan Juxinhe Network Technology.

Experts Say Biden's Cyber, Tech and AI Legacy Faces Uncertain Future Under Trump
President Biden’s tenure has been marked by significant efforts to tackle cybersecurity challenges, from the SolarWinds attack to Salt Typhoon, but experts say his legacy remains uncertain as the new administration faces tough decisions on upholding his initiatives.

Google Says Platforms Shouldn't Use Emails as Unique Identifiers
A security researcher purchased abandoned online domains belonging to failed startups and found he could recreate email addresses and access third party services containing sensitive information collected by the shuttered companies by signing onto the platforms using "Sign in with Google."

Legal Firm Joins Other Class Action Litigators Targeted by Hackers
Wolf Haldenstein Adler Freeman & Herz LLP, a law firm that represents consumers in data breach lawsuits, has reported to regulators its own 2023 hack affecting more than 3.4 million individuals. The incident isn't the first time a law firm that handles data breach litigation reported a major hack.