DataBreachToday.com

Cync Acquisition Bolsters Exposure Validation Through Advanced Offensive Expertise
Cymulate’s acquisition of Cync Secure enhances its ability to bridge vulnerability identification and resolution. The deal integrates Cync offensive capabilities, creating a next-gen exposure prioritization platform to tackle vulnerabilities effectively and address unmet market demands.

Transfer of German Man's IP Address Wins Him 400 Euros
European privacy regulation - bane of American technology companies and a favorite cudgel of activists - came to haunt no less an organization than the European Commission, which must pay 400 euros to aggrieved German national Thomas Bindl, peeved that Facebook obtained his IP address.

US Senate Unlikely to Ratify Contentious Cybercrime Treaty Amid Mounting Concerns
Experts tell Information Security Media Group that a controversial United Nations cybercrime convention is unlikely to be ratified in the U.S. Senate due to mounting concerns from technology, human rights, and privacy advocates over its potential impact on internet security and privacy protections.

Biden Administration Hopes Good Cybersecurity Is Also Good Marketing
The Biden administration Tuesday launched a cybersecurity labeling program for IoT devices aimed to help consumers choose smart devices that offer enhanced protections against hacking. Eligible products include wireless IoT devices such as fitness trackers, smart appliances and garage door openers.

Phylum's Product Delivers Real-Time Detection of Malicious Open-Source Packages
To combat the rise in software supply chain attacks, Veracode has acquired Denver-area startup Phylum and its advanced tools to detect malicious open-source packages. The acquisition strengthens Veracode's software composition analysis offering and enables faster, more reliable threat mitigation.

New Non-Binding Recommendations Target Medical Device Makers, Software Developers
Manufacturers are eager to incorporate AI into a wide range of medical devices, from cardiac monitors that can spot developing heart problems to medical imaging systems that can find malignancies a radiologist might miss. The FDA released a new guidance this week on how to secure these devices.

CISA Urges IT and Design Sector Software Developers to Improve Cyber Hygiene
The Cybersecurity and Infrastructure Security Agency is urging the information technology and product design sectors to strengthen foundational cybersecurity practices throughout the software development life cycle by aiming to achieve a series of new sector-specific goals released on Tuesday.

Phylum's Product Delivers Real-Time Detection of Malicious Open-Source Packages
To combat the rise in software supply chain attacks, Veracode has acquired Denver-area startup Phylum and its advanced tools to detect malicious open-source packages. The purchase strengthens Veracode's software composition analysis offering and enables faster, more reliable threat mitigation.

Hackers Use Updated Version of the Malware Plugin, Kaspersky Says
Hackers are deploying an updated strain of EagerBee malware to target internet service providers and government organizations in the Middle East, warn security researchers. EagerBee operates in memory and comes with advanced stealth and security evasion capabilities.

Eclypsium Report Describes BIOS/UEFI Issues in Illumina iSeq 100 Firmware
Certain vulnerabilities in device maker Illumina's iSeq 100 DNA gene sequencer could allow hackers to overwrite the system's firmware to render the device unusable or to install a firmware implant for ongoing attacker persistence, said researchers at Eclypsium who identified the flaws.

Unified Extended Access Management Platform Gains Key Integrations and Workflows
The addition of Trelica allows 1Password to accelerate its extended access management roadmap by 18 months. The acquisition emphasizes simplicity for end users while unifying SaaS visibility, device management and identity security under a single solution.

Reportedly Hacked: Charter Communications, Consolidated Communications, Windstream
The nine known victims of a "broad and significant cyberespionage campaign" the White House has tied to China reportedly include Charter Communications, Consolidated Communications and Windstream, as officials said the hackers' earliest known telecom network penetration began in mid-2023.

Flaw Enabled Signature Bypassing on Nuclei ProjectDiscovery
Open-source vulnerability scanner Nuclei patched a critical flaw in its open-source vulnerability management tool ProjectDiscovery. Security firm Wiz uncovered the flaw, a signature verification system flaw that could allow attackers to execute malicious code using custom code templates.

Data Theft Incident Also Disrupted IT Systems for Nearly a Month
Richmond University Medical Center, a 440-bed teaching hospital on Staten Island, N.Y, is notifying 674,000 people of a data theft that happened 18 months ago. The breach was part of a ransomware attack that disrupted the organization's IT systems for several weeks in spring 2023.

US Cyber Defense Agency Confirms Role in Federal Probe Following 'Major Incident'
The Cybersecurity and Infrastructure Security Agency is working closely with the Treasury Department in an ongoing investigation to determine the full scale and scope of a Chinese-linked hack targeting key offices tasked with sanctions enforcement, the agency confirmed Monday.

Proof-of-Concept Exploit 'LDAP Nightmare' Crashes 'Any Unpatched Windows Server'
Security experts are urging all organizations that use Microsoft Windows to ensure they install patches, released last month, to fix Lightweight Directory Access Protocol denial-of-service and remote code execution flaws. Researchers have released a proof-of-concept exploit for the latter flaw.

Yoran's Passing Comes 10 Months After Cancer Diagnosis, 1 Month After Taking Leave
Amit Yoran - a West Point graduate who founded NetWitness, sold the company to RSA and took Tenable public - died Friday. He was 54. Yoran was diagnosed in March 2024 with a treatable form of cancer, and in December temporarily stepped away from his role as Tenable's CEO to get additional treatment.

Plaintiffs Sued After Report that Apple Eavesdropped on Intimate Moments
Apple agreed to pay $95 million to settle a lawsuit accusing the smart device giant of illegally recording audio through its Siri virtual assistant and sharing extracts with human reviewers. Class members who purchased Siri-enabled devices could receive $20 per device.