DataBreachToday.com

Company Has Long Running Fight Against Fare Scrappers
The Irish data regulator launched an investigation into Dublin-based ultra low-cost carrier Ryanair to identify potential privacy violations related to the company's use of third-party facial recognition technology, stepping into a running fight Ryainair has fought against online ticket sellers.

FSB Hackers Stripped of 107 Domains Used to Steal Credentials
The U.S. Department of Justice and Microsoft seized more than 100 websites allegedly used by a Russian intelligence cyberespionage operation with a fondness for spear phishing. Targets include the national security apparatus and journalists, think tanks, and non-governmental organizations.

CorrectCare to Settle Lawsuit After 'Inadvertently' Exposing PHI on Web for Months
A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.

Also: Prison Sentences for BEC Scammers and a West African Cybercrime Crackdown
This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a North Korean hacking group and a West African crackdown on online scammers. And, a Schrödinger Windows vulnerability: Is it real?

US Cyber Defense Agency Plans to Review Updated Implementation Plans in November
A top official from the U.S. Cybersecurity and Infrastructure Security Agency said Thursday the agency is planning to review updated federal implementation plans and ensure agencies are aligning with zero trust security objectives and addressing any funding gaps or technical challenges.

Counter Ransomware Group Focuses on Timely Reporting, Avoiding Paying the Ransom
New voluntary ransomware guidance released during the International Counter Ransomware Initiative meeting this week calls for victims to report attacks to law enforcement on a more timely basis - and involve more advisers in deciding whether to pay a ransom.

A 2023 Breach Exposed Personal Details of All PSNI Officers and Staff
The U.K. data regulator fined the Northern Ireland's Police Service 750,000 pounds following a 2023 data breach that exposed personal details of the entire workforce. The U.K. Information Commissioner's Office determined the breach occurred when police attempted to respond to two open records requests.

Naming and Sanctioning Cybercrime Syndicate Members Has Repercussions, Police Say
Western law enforcement may not be able to bust every last Russian cybercrime suspect, but newly revealed efforts against Evil Corp and LockBit reveal suspects arrested while on vacation, as well as the psychological fallout criminal syndicates face when members get named, indicted and sanctioned.

Data Leak Preceded Law Enforcement Crackdown on Group That Targets Health Sector
A clinic in Hawaii is notifying 124,000 patients that their health data was potentially compromised in a May hack. Lockbit 3.0 claims to have published the stolen records on its data leak site in June - months before global authorities this week disclosed a crackdown on the cybercrime gang.

Strawberry Can Also Assist with Making Weapons that Wipe Out Humans
OpenAI claims its new artificial intelligence model, designed to "think" and "reason," can solve linguistic and logical problems that stump existing models. Officially called o1, the model nicknamed Strawberry can deceiving users and help make weapons that can obliterate the human race.

Thrive Capital, Microsoft, SoftBank, Nvidia Reportedly Lead OpenAI's Latest Funding
OpenAI’s new $6.6 billion round of funding has nearly doubled its valuation to $157 billion. With investments from Thrive Capital, Microsoft, SoftBank and Nvidia, OpenAI plans to expand its AI research while facing pressures around executive turnover and its transition away from a nonprofit model.

Justice Department Releases Cybercrime Plan, Focusing on Global Partnerships
The United States Justice Department is coordinating its cybercrime defense mission under a new strategic approach released Wednesday that aims to enhance the collection of electronic evidence, bolster international collaboration and focus on disrupting significant cybercrime actors.

AI Act General Purpose AI Rules to be Enforced in 2025
The European Commission appointed a 13 member team to draft the general purpose artificial intelligence code of practice mandated by the AI Act. The commission on Monday announced four working groups that will oversee drafting of the rules.

UK National Crime Agency Details Kremlin-Cybercrime Connection
Russian intelligence agencies tasked the notorious Russian-speaking cybercrime syndicate Evil Corp with conducting cyberattacks and cyberespionage operations on behalf of the Russian government, British police said Tuesday. Evil Corp has stolen at least $100 million from victims.

Rackspace Scrambles to Patch Zero Day Dashboard Bug
Rackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch for the zero-day remote code execution vulnerability.

US Cyber Defense Agency’s Flagship Threat Sharing Initiative Facing Major Hurdles
Experts told Information Security Media Group the Cybersecurity and Infrastructure Security Agency’s flagship threat sharing initiative faces major logistical hurdles and may need to be replaced with a more mature approach to automated threat analysis following a damning Inspector General report.

Activist Investor Pressures Cybersecurity Firm to Pursue Operational Changes, Sale
Jana Partners has raised its stake in cybersecurity vendor Rapid7 to 13% and is pushing for the company to consider selling itself. The activist investor teamed up with Cannae Holdings and is engaged in discussions with Rapid7's management to explore operational improvements and board restructuring.

Healthcare Providers Must Revisit Endpoint Security to Mitigate Cyberthreats
Healthcare organizations have faced 21% of all cyberattacks since 2023, as cybercriminals use stolen data and operational disruptions to pressure providers into paying a ransom. Experts advise healthcare firms to move beyond EDR tools and adopt a holistic security strategy.

Nearby College's Health Sciences Center Is Also Experiencing an IT Outage
University Medical Center, a Lubbock, Texas-based public health system that includes a level-one trauma center and a children's hospital, is diverting ambulances and working to restore an IT outage affecting some patient services in the wake of a ransomware attack late last week.

Purchase Adds Advanced AI Network Detection to Logpoint's Threat Response Toolbox
Logpoint acquires Muninn to integrate its AI-based NDR technology, enhancing threat detection and response capabilities in its SIEM platform. This move supports Logpoint's mission to defend OT and ICS systems against ransomware attacks by combining visibility from networks and applications.