DataBreachToday.com

3 Private Equity Firms Kick the Tires, But Proposed Price Wasn't to Snyk's Liking
Slowing growth, continued losses and increased competition have turned a Snyk IPO into an increasingly unlikely prospect. The Information reported this month that Snyk has spoken with at least three private equity firms about a potential deal, but has been unable to reach an agreement on price.

Medusa Group Tied to Attack on SimonMed and Threats to Leak Stolen Data
Two radiology practices are notifying nearly 1.5 million people of separate hacking incidents compromising their sensitive health information. Cybercrime gang Medusa claimed credit for attacking Arizona-based SimonMed Imaging in January and threatened to leak the stolen data of nearly 1.3 million patients on the darkweb.

Dutch Ministry Invokes National Security Law to Impose Domestic Control
The Dutch government said it is severing semiconductor chipmaker Nexperia from control by its Chinese parent after invoking a national security law allowing it to impose domestic control. Partially Chinese state-controlled Wingtech Technologies acquired a three quarters stake in Nexperia in 2018.

Today's Hapless Hackers Are Tomorrow's Threat, Warns Forescout
A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant - but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30.

EU Justice and Home Affairs Council Halts Voting, Sees Opposition
A European content scanning proposal intended to enhance online child safety stalled after German lawmakers voiced opposition and member states canceled a planned vote on the measure's adoption. The EU Justice and Home Affairs Council was set to vote Tuesday on Chat Control.

In Today's Reality, Zero Trust Principles Matter, Verification Is an Imperative
This month, a judge made history by throwing out an $8.7 million lawsuit after discovering something that had never before appeared in her courtroom: deepfake testimony. But these new legal lessons are already a reality in business: the need for trust, verification and authentic communication.

US Cyber Defense Agency Slammed by Shutdown, Personnel Cuts and Resource Crisis
Facing major turnover, partisan upheaval and a government shutdown, the U.S. cyber defense agency is now operating at a fraction of its strength, leaving states and other entities without federal cyber support or coordination, experts tell Information Security Media Group.

Pete Harteveld Seeks to Strengthen Security Operations With Programmatic Approach
New Exabeam CEO Pete Harteveld emphasizes securing AI agents, minimizing tool sprawl and promoting defined security outcomes. His roadmap builds on recent success and aims to deliver programmatic SIEM and UEBA innovations to improve analyst efficiency and benchmarking.

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, Triofox
Hackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

AI Actions Bypass Security Tools
Artificial intelligence-powered browsers could expose enterprises to data theft, malware distribution and unauthorized access to corporate apps, new research shows. AI browsers built to complete tasks autonomously lack the security awareness to verify whether an instruction is safe.

Also: Shutdown's Ripple Effects on Healthcare, Mounting Threats to Aging OT Systems
In this week's update, four ISMG editors discussed the fallout from the U.S. federal shutdown and the impact on state and regional cyber offices, the knock-on effects for healthcare, and the growing cyberthreats facing aging operational technology environments.

Akira Ransomware Hackers Targeting SonicWall Devices
Firewall maker SonicWall said Friday all customers who used its cloud backup services are at increased "risk of targeted attacks" following a recent cyberattack. The California firm in September disclosed that unidentified hackers launched brute-force attacks against servers storing backup files.

2 Firms Hit by Separate 2024 Attacks to Pay Total of $6.5M in Class Action Claims
A Nebraska-based revenue cycle management firm and a Swiss-based blood products manufacturer with plasma collection centers in the United States are the latest healthcare sector companies agreeing to pay multimillion dollar lawsuit settlements for two separate 2024 hacks affecting scores of patients.

Pentera-DevOcean Platform to Deliver Unified Attack Simulation and Remediation
Pentera has acquired DevOcean to close a major operational gap in threat resolution. With AI-based prioritization and remediation orchestration across over 100 tools, Pentera is building a unified platform to address both attack simulation and fix deployment.

Williams & Connolly Hit in Zero-Day Campaign Impacting Client Emails
A zero-day vulnerability was used to breach email accounts at the elite D.C. law firm Williams & Connolly, with officials reportedly suspecting the hack is part of a China-linked campaign targeting the U.S. legal sector to support espionage, steal intelligence and establish long-term access routes.

Also, a Renault Breach, WhatsApp Malware and Qilin Claims Asahi Attack
This week, insurer cybersecurity spending, a Renault breach, a WhatsApp malware campaign in Brazil. Germany skeptical of Chat Control. Two UK teens arrested for ransomware attack. Qilin claimed the attack on Japan's Asahi. Hackers weaponized Nezha. An Invoice data breach exposed personal records.