DataBreachToday.com

Regulator Tells Regulators to Enhance Third-Party Service Security
British financial institutions must ensure by this spring that they could reasonably weather a third party tech outage on the scale of July's global meltdown of 8.5 million computers triggered by a faulty update from cybersecurity firm CrowdStrike.

Making the Case for Stronger Mid-Market Cybersecurity
Cybersecurity is an ever-evolving field. Verizon's Trusted Connection provides strong, easy-to-manage security for mid-market organizations. With a focus on usability, adaptability and comprehensive protection, Trusted Connection can help safeguard your organization's operations today, and in the future.

CIO Alex Gallo on Balancing Digital Change, Security and Continuous Learning
Alex Gallo, CyberEdBoard member and CIO, shared how he drives secure digital transformation by balancing AI integration with cybersecurity, fostering a security-first culture, and emphasizing continuous learning across his teams and the organization’s leadership.

Plastic Surgeon Paid $53K Ransom But Says ‘the Real Criminal’ Is HHS
Dr. James Breit recalled the day a hacker locked up his systems with ransomware at his plastic surgery practice. He paid $53,000 in ransom. Nearly, seven years later, after paying a $500,000 HIPAA fine, Breit claims he got better treatment from the cybercriminals than he did federal regulators.

Yakabod Deal to Strengthen Everfox's Insider Risk, Cyber Incident Response Platform
With its acquisition of Yakabod, Everfox expands capabilities in insider risk and cyber incident management. The move promises stronger integration and greater control over security workflows, benefiting public sector and critical infrastructure clients who operate in highly regulated environments.

Hackers Using Password Spraying to Steal User Microsoft Account Credentials
Multiple Chinese hacking groups are using a botnet named for a TCP routing port number to conduct password spraying attacks, warned Microsoft Thursday. The Quad7 operators are almost certainly located in China. Botnet activity can be difficult to monitor.

Also: Breaches at OnePoint Patient Care and French ISP Free
This week: S&P said poor material vulnerability remediaton can be a material risk factor, OnePoint in the United States and French ISP Free suffered data breaches, a Russian court sentenced REvil members, Five Eyes published security guidelines for small businesses.

Colorado Laboratory Already Facing Several Proposed Class Action Breach Lawsuits
A Colorado-based pathology laboratory is notifying more than 1.8 million patients that their sensitive information was compromised in an April hack, one of the largest breaches reported by a medical testing lab to U.S. federal regulators to date. Ransomware gang Medusa is blamed for the attack.

New Funding to Aid US Government Growth, Generative AI Security Product Development
Zenity has closed a $38 million Series B round to advance its agentic AI security platform and extend its no-code and low-code application support. With investment from Third Point Ventures and DTCP, the funding enables Zenity to cater to clients in sectors like financial services and healthcare.

Lazarus Group in Particular Using Cross-Platform Languages to Hit macOS Targets
Cryptocurrency-seeking hackers are increasingly targeting macOS users. So warn security researchers as they track a rise in macOS backdoors and information-stealing malware, much of which traces back to a well-known cryptocurrency heist culprit: North Korea.

Volt Typhoon, APT31 and APT41 Tied to Campaigns Targeting Sophos' Edge Devices
Firewall maker Sophos disclosed Thursday a half-decade worth of efforts by multiple nation-state Chinese hacking groups to infiltrate its appliances, calling the admission a wake-up call for the cybersecurity industry. Targeting firewall appliances is a known nation-state tactic.

Deal to Drive Application Security, Attack Surface Management Fusion for Detectify
With Insight Partners as majority owner, Detectify plans to combine application security and attack surface management capabilities. Insight's purchase supports a renewed focus on R&D and engagement with application security professionals in the U.S. and Northern Europe, Detectify’s core markets.

Also: Truth Terminal Founder Social Media Hack Inflates Fraudulent Token
This week, a Truth Terminal founder hack, U.S. recovered stolen crypto, TeamTNT resurfaced, former FTX exec Nishad Singh avoided prison, a possible SEC's X account hacker plea deal, Tether reported to be under investigation, trends in digital assets enforcement and pending Dutch crypto legislation.

Also: Election Security Successes, Key Takeaways from Recent ISMG Events
In the latest weekly update, ISMG editors discussed the impact of recent law enforcement operations against ransomware gangs, the state of U.S. election security on the eve of the presidential election, and the key trends emerging from recent ISMG industry roundtables and summits.

Understanding the Impact of Security on the Business Makes You More Effective
With cybersecurity now embedded across all industries and functions, the importance of aligning security measures with business objectives has never been greater. Here’s why being business savvy is crucial in cybersecurity - and how you can cultivate it to become a more effective professional.