DataBreachToday.com

Top Tier Capital, HarbourVest Support Concentric's Path to Autonomous Data Security
Supported by Top Tier Capital Partners and HarbourVest Partners, Concentric AI’s $45 million Series B funding round will drive product innovation in identity governance, risk monitoring and data breach investigation - critical areas for enterprises seeking resilient data security solutions.

How Might Election Outcome Affect HHS' Healthcare Cyber Work?
Regardless of who wins the upcoming Presidential election, one thing is apparent: As the final months of the Biden administration wrap up, regulators at the agency charged with enforcing HIPAA are racing to complete unfinished work they deem as critically important to healthcare sector cyber.

Rust-Based Ransomware Employs Aggressive Anti-Detection Tactics
Operators of a Russian-speaking ransomware group launched a new encryptor with enhanced measures for defeating cyber defenders including wiping logs, disrupting backup systems and stopping decryption without insiders knowledge. The same group disrupted London hospitals in a July attack.

FBI Probing 'Specific Malicious Activity Targeting' Telecommunications Providers
The FBI said Friday afternoon it is investigating Chinese nation-state hacking of commercial telecommunications infrastructure following a news report that Beijing actors targeted data from phones used by Republican presidential nominee Donald Trump and his running mate, Ohio Sen. JD Vance.

Examining Cyberthreats, Foreign Tactics Aimed at 2024 U.S. Election
In the latest weekly update, election security expert Annie Fixler joined ISMG editors to discuss the urgent challenges of safeguarding U.S. election infrastructure, countering cyberthreats and preventing foreign interference as Election Day approaches.

Effectiv's 30-Person Team to Streamline Identity Services, Help Socure Grow Revenue
Socure has acquired Effectiv, integrating its engineering team of 30 to strengthen identity verification capabilities. The $136 million deal aims to speed up customer onboarding, enhance transaction monitoring, and deliver cross-platform solutions, with the product integration expected in 45 days.

Irish Data Protection Commission Cites Social Platform for GDPR Violations
The Irish Data Protection Commission imposed a 310 million euro fine on LinkedIn for violating a European privacy law stemming from the company's use of customer data. It ordered the social media platform to bring its data processing under compliance.

While ransomware attacks against medical devices don't happen often, disruptive cyber incidents that affect the availability of the IT systems that medical devices rely on are a big concern that needs the industry's critical attention, said Jessica Wilkerson of the FDA.

Many Charging Cable Interfaces Have Exposed SSH and HTTP Ports, Researchers Warn
Researchers demonstrated that multiple brands of EV charging stations have vulnerabilities due to manufacturers often leaving open and unsecured SSH and HTTP ports. The risks of these vulnerabilities range from an expanded attack surface to a launching pad for assaults on the power grid.

Also: Indian Hackers Gets 5 Years in Prison for Stealing $20M
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the Nigerian government dropped charges on Binance executive Tigran Gambaryan, an Indian hacker faces five years in prison for stealing $20 million, a $4.5M Tapioca DAO exploit, Transak data breach.

Also: Payment Card Theft Trends, Internet Archive Update
This week, bulk data transfers to China, credit card theft, the Internet Archive still recovering and the Change Healthcare tally is now 100M. Ukraine fought phishers, civil society against the UN cybercrime treaty, TA866 and virtual hard drives spread malware. Google verified Sir Isaac Newton.

Mandiant Says High-Severity Flaw Could Give Attackers Remote Unauthenticated Access
Researchers at Mandiant say a new threat cluster, first observed June 27, has been exploiting a Fortinet zero-day that the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.

Tips for Employers on Securing the Home Environment and Promoting Better Hygiene
Remote work is a critical part of the future of cybersecurity and many other industries. For those who continue to work remotely or in a hybrid model, the need for robust cybersecurity practices needs to be a priority. But one of the biggest obstacles to that is isolation.

It's crucial for healthcare sector organizations to vet their artificial intelligence tech vendors in the same robust way they scrutinize the privacy and security practices of all their other third-party suppliers, said attorney Linda Malek of the law firm Crowell & Moring.

AI-Powered Cloud Remediation, Multi-Cloud Support at Core of Series B Investment
With a $30 million boost from Series B funding, Stream.Security will enhance its cloud security offerings. The company’s focus includes auto-remediation, faster, AI-driven threat responses, increased support for multi-cloud and hybrid environments, and boosted market presence in the U.S. and beyond.

U.S. Federal Government Gives Agencies Three Weeks to Patch or Mitigate
Fortinet disclosed an actively exploited vulnerability in its centralized management platform following more than a week of online chatter that edge device manufacturer products have been under renewed attack. Cybersecurity researcher Kevin Beaumont christened the vulnerability "FortiJump."