Ransomware DataBreachToday.com

Experts: New Mandates Could Be Difficult, Costly for Many Entities
The U.S. Department of Health and Human Services' proposed overhaul of the 20-plus-year-old HIPAA Security Rule aims to drastically improve the state of healthcare sector cybersecurity, but the potential new requirements could mean difficult and expensive heavy lifting for many regulated entities.

Hackers Reportedly Target Treasury Department Offices Overseeing Economic Sanctions
A Chinese hack of the U.S. Department of Treasury targeted offices tasked with overseeing economic sanctions and financial investigations, as experts warn Beijing is increasingly escalating attacks on American critical infrastructure while preparing for potential future conflict.

Flaw Bypasses Clickjacking Defenses, Enables Account Takeovers
Hackers are exploiting the split-second delay between two mouse clicks to carry out sophisticated clickjacking attacks, tricking victims into authorizing transactions or granting access they never intended. "DoubleClickjacking" manipulates users into granting OAuth and API permissions

As healthcare entities embrace generative AI tools, it's critical they take a holistic approach addressing privacy and security governance, said Dave Perry, digital workspace operations manager, St. Joseph's Healthcare in Ontario, who discusses how his organization is tackling those challenges.

9 Telcos Have Been Breached by Beijing-Backed 'Salt Typhoon,' White House Says
U.S. telecommunications giants AT&T and Verizon Communications believe they have finally ejected Chinese cyber espionage hackers from their networks. The White House said the "Salt Typhoon" nation-state hackers infiltrated at least nine U.S. telcos' infrastructure, and have been hard to eject.

Cameron Wagenius Suspected of Extorting Snowflake Customers Over Stolen Data
A serving member of the U.S. Army has been arrested on a two-count indictment tied to the theft and sale of "confidential phone records," reportedly tied to the theft of terabytes of data from AT&T, Verizon and other customers of cloud data warehousing platform Snowflake.

Opponents Say Restructuring Will Undermine OpenAI's Security Commitments
OpenAI's attempt to convert to a for-profit company is facing opposition from competitors and artificial intelligence safety activists, who argue that the transition would "undermine" the tech giant's commitment to secure AI development and deployment.

Researcher Demonstrates Bitpixie Attack Tactics to Extract Encryption Key
A previously patched flaw in Windows BitLocker disk encryption feature is susceptible to attacks allowing hackers to decrypt information, new research has found. Security researcher Thomas Lambertz extracted data from the system memory, including the master key.

Fully homomorphic encryption can safeguard highly sensitive health data related to rare diseases, underserved populations and clinical trials as it is shared with medical researchers, said Kurt Rohloff, co-founder and CTO of Duality Technologies, who said projects to apply it are underway right now.

Attackers Exploiting OS Command Injection Vulnerability
Hackers are exploiting a high-severity command injection vulnerability in Chinese-manufactured Four-Faith industrial routers. Typical customers of Four-Faith use the routers for remote monitoring, control systems, supervisory control and data acquisition networks.

2025 Is Likely to See Balanced Approach to AI Across Industries
The AI landscape is set to transform in 2025 with pragmatic approaches to implementation replacing the experimental fervor. This shift will span industries and developer ecosystems. Technologies will ride on the transformative power of AI and the responsibility that comes with it.

Hackers Targeted a PAN-OS Flaw Days After Its Disclosure
A suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage. UNC5325 activity aligns with the Chinese hacking strategy of targeting edge devices.

Treasury Tells Lawmakers Chinese Threat Actor Remotely Breached Agency Workstations
The U.S. Treasury Department notified lawmakers Friday that the agency was the victim of a major cyberattack in which Chinese-linked hackers gained access to unclassified documents after gaining access to remote workstations through a third-party software provider, BeyondTrust.

Cyber incident details involving non-profit and non-government entities across sectors such as healthcare are not centrally reported and collected, creating gaps for researchers, IT experts and others seeking to analyze trends in their industries, said Stanley Mierzwa of Kean University.

American Addiction Centers Says 422,424 Individuals' Private Details Exposed
Substance abuse treatment company American Addiction Centers is warning nearly half a million patients that ransomware-wielding attackers stole their personal details, including names and Social Security numbers. The Rhysida ransomware operation claimed to perpetrate the attack.

Officials Say Chinese Hackers Maintained 'Broad and Full' Access to Telecom Systems
Federal officials told reporters Friday that ongoing investigations into the Salt Typhoon cyberespionage campaign have identified a ninth victim company affected by the attack, in which hackers maintained "broad and full" access to vulnerable communications infrastructure across the country.

Rule Aims to Stymie Weaponization of Americans' Data
The U.S. federal government finalized Friday regulations throttling the bulk commercial transfer to China and Russia of data pinpointing Americans' location, their health data, or biometric and genomic identifiers. The rule implements a February executive order from President Joe Biden.

HHS Proposes Encryption, Security Standards for Healthcare Firms
The U.S. Department of Health and Human Services is proposing new rules for healthcare organizations that aim to bolster protections for Americans by requiring companies to encrypt sensitive patient data and conduct routine compliance evaluations amid increased threats targeting the sector.

2024 Marked the Government's Increasing Role Mandating Cybersecurity
Australia announced a flurry of cybersecurity legislation and regulations in 2024, spotlighting the government's intent to fortify the nation's cybersecurity in the wake of the Medibank and Optus incidents. The government vowed to transform the country into the world's "most cyber-secure."

Federal 'Rip-and-Replace' Program Gets Funding Boost in Defense Bill
The 2025 National Defense Authorization Act includes $3 billion to fund an FCC program aimed at replacing Chinese-made telecommunications equipment across the country amid heightened threats from Beijing following the discovery of the Salt Typhoon cyberespionage campaign.