DataBreachToday.com

Cyberattacks Soar, But Guarding PHI From Break-Ins, Natural Disasters Is Critical
Despite the endless barrage of cyberattacks hitting the healthcare sector, HIPAA-regulated entities must not neglect their duty to protect electronic patient information against physical threats, including burglaries and natural disasters, U.S. regulators said.

Hackers Could Exploit Bug to Manipulate Slack AI's LLM to Steal Data
Chat app Slack patched a vulnerability in its artificial intelligence tool set that hackers could have exploited to manipulate an underlying large language model to phish employees and steal sensitive data. Slack said it was a low-severity bug.

As Banks Combat Fraud, Customers Feel the Strain of Overly Cautious Measures
In today’s AI-driven world, banks are becoming increasingly vigilant, often freezing accounts or demanding extensive documentation at the slightest hint of suspicious activity. Sending money, once a straightforward task, is now fraught with complexity.

Latvian Charged With Serving as Extortion Specialist for Russian-Speaking Group
A Latvian national accused of serving as a Russian-speaking ransomware group's extortion specialist appeared in a U.S. courtroom this week to face a four-count indictment filed against him. Moscow resident Deniss Zolotarjovs, 33, was recently extradited to the U.S. from the country of Georgia.

New Lawsuit Alleges Georgia Tech Submitted 'False' Cybersecurity Score to DOD
The Justice Department intervened in a whistleblower lawsuit against the Georgia Institute of Technology and the Georgia Tech Research Corp. for allegedly failing to implement federally required cybersecurity protections while overseeing sensitive government data.

Group Claims a NY Surgical Center and a Nevada Medical Center Among Recent Victims
U.S. authorities are warning healthcare sector entities of incidents involving Everest, a Russian-speaking ransomware group and initial access broker, which claims to have stolen sensitive patient information in recent attacks, including on two medical care providers in New York and Nevada.

Logging Best Practices Guidance Aims to Enhance Global Detection and Response
The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living off the land" techniques.

Kimsuky, or a Related Group, Deploys XenoRAT Variant
A North Korean hacking team hastily pivoted from using publicly available cloud computing storage to its own infrastructure after security researchers unmasked a malware campaign. The group shifted from using cloud service including Google Drive, OneDrive, and Dropbox to systems under its control.

Also: Dangers of Malicious Code Embedded in ML Models; Is Ransomware in Decline?
AI's influence on social engineering and election security has become a focal point at Black Hat. ISMG editors discuss how advanced technologies are making it easier to manipulate people and compromise security systems and offer key insights on machine learning vulnerabilities.

Why the Benefits Far Outweigh the Risks
Today's workforce is increasingly insisting on having employer-provided education and development opportunities. Learn why offering employees opportunities for education and development is both a retention strategy and a key component of a successful business strategy.

Infoblox Researchers on Links Between Human Trafficking, Cybercrime and Gambling
Illegal gambling operations depend on trafficked individuals to perform cybercriminal activities. Threat researchers at Infoblox explain how cybercriminals use trafficked people for operations such as pig-butchering scams and leverage European sports sponsorships to boost illegal gambling websites.

Nearly 137,000 People Affected in 2023 Ransomware Attack on Maryland-Based Hospital
A ransomware attack against Berlin, Maryland-based Atlantic General Hospital that affected the personal information of 137,000 individuals in 2023 has led to a $2.25 million preliminary settlement of a consolidated proposed federal class action lawsuit.

Federal Aviation Administration Seeks Public Input on New Cyber Rules for Airplanes
The U.S. Federal Aviation Administration is seeking public comment on a proposed rule that aims to further elevate and streamline cyber regulations for future airplanes and aircraft equipment. The rule isn't intended to have a substantive effect on airliner cybersecurity standards.

Wireless Gear Shifting System Is Vulnerable to Replay Attacks
Imagine cruising down a bike path and having the gears suddenly shift without warning. Security researchers say cybercriminals could take advantage of new wireless controlled bicycle gear systems to make that happen - and cause crashes and injuries.