DataBreachToday.com

Rackspace Scrambles to Patch Zero Day Dashboard Bug
Rackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch for the zero-day remote code execution vulnerability.

US Cyber Defense Agency’s Flagship Threat Sharing Initiative Facing Major Hurdles
Experts told Information Security Media Group the Cybersecurity and Infrastructure Security Agency’s flagship threat sharing initiative faces major logistical hurdles and may need to be replaced with a more mature approach to automated threat analysis following a damning Inspector General report.

Activist Investor Pressures Cybersecurity Firm to Pursue Operational Changes, Sale
Jana Partners has raised its stake in cybersecurity vendor Rapid7 to 13% and is pushing for the company to consider selling itself. The activist investor teamed up with Cannae Holdings and is engaged in discussions with Rapid7's management to explore operational improvements and board restructuring.

Healthcare Providers Must Revisit Endpoint Security to Mitigate Cyberthreats
Healthcare organizations have faced 21% of all cyberattacks since 2023, as cybercriminals use stolen data and operational disruptions to pressure providers into paying a ransom. Experts advise healthcare firms to move beyond EDR tools and adopt a holistic security strategy.

Nearby College's Health Sciences Center Is Also Experiencing an IT Outage
University Medical Center, a Lubbock, Texas-based public health system that includes a level-one trauma center and a children's hospital, is diverting ambulances and working to restore an IT outage affecting some patient services in the wake of a ransomware attack late last week.

Purchase Adds Advanced AI Network Detection to Logpoint's Threat Response Toolbox
Logpoint acquires Muninn to integrate its AI-based NDR technology, enhancing threat detection and response capabilities in its SIEM platform. This move supports Logpoint's mission to defend OT and ICS systems against ransomware attacks by combining visibility from networks and applications.

International Counter Ransomware Initiative to Unveil New Efforts to Combat Threats
The International Counter Ransomware Initiative is kicking off a four-day summit Monday in Washington that aims to coordinate the group’s 68 member nations around a series of global efforts designed to enhance information sharing and develop strategies to deter ransomware attacks.

Network Configuration Startup Adds Visualization Expertise to Dragos’ OT Platform
Dragos' acquisition of Network Perception will enrich its real-time network monitoring with robust visualization and configuration analysis tools. This transaction aims to bolster the security of operational technology networks and support customers in building more defensible architectures.

Newsom Says Bill Not 'Flexible' Solution to Curb Catastrophic Risks
California Gov. Gavin Newsom on Sunday vetoed a hotly debated AI safety bill that would have pushed developers to implement measures to prevent "critical harms." The bill "falls short of providing a flexible, comprehensive solution to curbing the potential catastrophic risks," Newsom said.

"Shark Tank" Star on Decision to Leave Cyderes CEO Post and Future of Cybersecurity
Robert Herjavec, outgoing CEO of Cyderes, details why he stepped down and how cybersecurity has evolved over his tenure. From identity management to the compliance role, Herjavec explains how managed services can address today’s cyber challenges and why Chris Schueler was picked as his successor.

Attackers Embrace Dating Sites and Encrypted Messaging Apps for Social Engineering
Russian military and intelligence hacking teams continue to refine their Ukrainian targeting, lately shifting to online attacks designed to support and help Moscow's military operations succeed, including social engineering schemes launched via dating portals and encrypted messaging apps.

Feds: 3 Defendants Acted on Behalf of Iran’s Military to Interfere With US Election
The United States indicted three Iranian hackers, alleging they stole sensitive data from government officials and the campaign of President Donald Trump. The hackers reportedly worked with the Iranian Revolutionary Guard to spread disinformation and manipulate the 2024 U.S. elections.

Exploitation Requires Victim to Print On Rogue Printer
Attackers can exploit a series of vulnerabilities in the OpenPrinting Common Unix Printing System utility to remotely execute arbitrary code on certain machines. Major Linux distributions reacted Friday by releasing patches. Exploitation requires a victim to attempt to print from a malicious device.

Fine Is For 2019 Disclosure That Meta Stored User Passwords In Plaintext
The Irish data regulator fined social media giant Meta 91 million euros after an investigation found the company insecurely stored passwords of millions of European Facebook and Instagram users. A Meta spokesperson said the company identified the problem in 2019 and took "immediate action."

The U.K. antitrust regulator called off an investigation into the March $4 billion deal between Amazon and artificial intelligence firm Anthropic. "Amazon’s partnership with Anthropic does not qualify for investigation under the merger provisions of the Enterprise Act 2002," the regulator said.

Enterprise Browser: The Tool CIOs Never Knew They Were Lacking
The enterprise browser is the tool CIOs never knew they were lacking - a seamless access method to the workloads, apps and data that moved to the cloud. It bakes in the needs of the enterprise. Learn why the enterprise browser is a strategic imperative to the success of your business.

Google Says Rust Language Initiative Eliminates Cross-Site Scripting, Other Flaws
Google says switching to a memory-safe language such as Rust under its Safe Coding program has helped significantly reduce the number of vulnerabilities in Android systems. The number of vulnerabilities uncovered in Android devices has fallen from over 200 in 2019 to fewer than 50 by 2024.

Also: Ransomware Surged in 2023, MoneyGram Back in Service After Cyberattack
This week, advice on spotting North Korean staff; ransomware attacks rose; MoneyGram back online; FCC fined political operative; CISA warned of water system attacks; Ukraine restricted Telegram use; North Korean hackers used new malware; U.K. arrested alleged hacker; PSNI is in data leak talks.

Draft Guidelines Call for Longer, Randomized Passwords Instead of Memorized Phrases
The National Institute of Standards and Technology is calling for longer, randomized passwords instead of memorized phrases containing combinations of upper and lowercase letters in new guidance that aims to modernize current password practices across the public and private sectors.