DataBreachToday.com

Provisional Agreement Tied to Ransomware Attack Affecting 2.2 Million Customers
American pharmacy chain giant Rite Aid reached a $6.8 million agreement to settle a data breach class action lawsuit, which includes a pledge to improve its cybersecurity practices. The breach involved a ransomware group stealing data pertaining to 2.2 million customers.

Also: Bybit Hackers Launder Stolen Ether
This week, Trump announced a crypto strategic reserve; Bybit hackers laundered stolen Ether; Iris Ramaya Au, ex-girlfriend of crypto fraudster, pleaded guilty to a tax charge; CoinDCX will manage crypto seized by India's enforcement directorate.

Off-Brand Android Devices Come Infected With a Trojan
A botnet infected more than 1 million off-brand Android devices manufactured in China, which reached consumers with a backdoor already installed. Scammers used the devices for programmatic ad fraud, click fraud and converting the devices into a residential proxy.

Weigh the Options for Open-Source and Vendor-Backed Solutions and Try Them Out
Open-source tools can be powerful, flexible and budget-friendly, but they are not always the right choice. Understanding their strengths, weaknesses and best use cases will help you decide when to use them and when to consider a commercial alternative.

Quantum computing could bring the next technology "revolution" in healthcare, but organizations will face critical cybersecurity issues when quantum becomes a reality, said attorney Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.

So far, medical devices affected in ransomware attacks have mostly been a casualty of IT networks being taken offline. But the potential nightmare scenario is a targeted device attack in which cybercriminals threaten to kill patients, said Dr. Eric Liederman, CEO of consulting firm CyberSolutionsMD.

Microsoft Sees Cyberespionage Group Lifting API Keys and Credentials for Customers
A prolific cyberespionage group tied to Beijing appears to have increased its targeting of widely used IT tools and service providers. Microsoft said the group's tactics now include stealing API keys and credentials from providers to gain access to providers' downstream customers' infrastructure.

iSoon CEO, COO and Sales Director Among 10 Indicted for Cyberespionage, Wire Fraud
A U.S. federal grand jury in Manhattan indicted the senior leadership of a Chinese private sector hacking contractor iSoon for supporting Beijing cyberespionage operations roughly a year after internal documents from the firm leaked online.

CFO Manish Narula Promoted to CEO as Fate of Proposed Trustwave Merger Gets Murky
One of the messiest public spats at a cybersecurity company in recent memory has led to the resignation of its chief executive officer. Erin Gan walked away from Cybereason after seemingly coming up short in his battle to wrestle control of the endpoint security vendor away from a pair of investors.

Prosecutors Accuse Yin Kecheng of 2024 Department of Treasury Hacking
U.S. federal authorities Tuesday seized digital infrastructure traced to two Shanghai hackers operating on behalf of the Chinese government as "Silk Typhoon," responsible for a late 2024 incursion into the Department of Treasury.

The Health Sector Coordinating Council is kicking off a health sector mapping initiative aimed at helping the ecosystem avoid massive disruptions in the event of major cyber incidents, said Greg Garcia, executive director for cybersecurity at the Health Sector Coordinating Council.

The majority of significant attacks hitting the health sector involve unpatched vulnerabilities dating back years, a situation cybercriminals are more easily and swiftly able to exploit using AI-based tools, said Health Information Sharing and Analysis Center President and CEO Denise Anderson.

As clinicians move to a model of working anywhere - on many types of devices and under a variety of different internet environments - web browser security is a heightened concern, said John Frushour, vice president and CISO at New York-Presbyterian Hospital, and CyberEdBoard member.

RansomHub, Play, Akira and Clop Among the Groups Claiming the Most Victims
Ransomware operations have collectively claimed what amounts to a surge in new victims. Researchers trace much of this activity to RansomHub, Play and Akira, as well as Clop, which continues to drip-feed details about its attack on users of Cleo Communications' managed file-transfer software.

Fake Error Messages Trick Users Into Deploying a C2 Framework Via PowerShell
A newly discovered phishing campaign is using social engineering to dupe victims into copying, pasting and running the Havoc command-and-control framework on their computers, warn researchers from Fortinet. "ClickFix" displays a fake error message and instructions for its supposed resolution.

Hiatus Could Embolden Moscow
Reports suggesting that the U.S. federal government is going soft on Russia in cyberspace sent shockwaves through the cybersecurity community. Resuming computer network attacks and other exploitation efforts after a pause isn't as simple as flipping a switch.

Code of Practice for Software Vendors Sets Baseline Security Expectations
A British government proposal to strengthen software supply chain security received positive feedback from vendors who said voluntary best practices could strengthen cyber defenses. The guidelines suggest requiring multifactor authentication for developers and timely vulnerability patching.

Cybercriminals Use Artificial Intelligence and Physical Threats to Maximize Impact
One-dimensional data encryption threats have morphed into more dangerous, multi-layered ransomware attacks that are expanding in scope and impact, creating an urgent need for organizations to fortify their defenses.