Ransomware DataBreachToday.com

Tulsi Gabbard Takes Credit After Apparent British Reversal of Backdoor Request
U.S. Director of National Intelligence Tulsi Gabbard announced the United Kingdom has apparently reversed course on a demand for Apple to provide the government with a backdoor into its advanced iCloud encrypted protections following growing criticism from U.S. lawmakers and privacy advocates.

PolarNet Has Hallmarks of an Operational Relay Box
Nearly 40,000 enterprise-grade devices and consumer-class routers, IP cameras and more are infected with malware researchers codenamed PolarEdge, controlled by a botnet of the same name, which experts suspect is designed to hide traffic tied to cyberespionage operations.

Healthplex, Part of UnitedHealth Group, Lacked MFA on Compromised Email Account
New York State has fined a dental plan administrator owned by UnitedHealth Group $2 million for failing to protect data with multifactor authentication and other issues related to a phishing breach that affected 90,000 people. It's the state's second fine against Healthplex for the same breach.

Fraud Expert Trace Fooshee on Regulatory Steps Needed to Curb Payment Scams
While the U.K. and Australia have mobilized multiple sectors to tackle payment scams, the United States faces complex hurdles. The U.S. can't replicate other regulatory models but it can pursue targeted actions such as regulating scam-prone ad platforms and creating a central fraud-fighting agency.

Cisco Secure Firewall Management Centers Connected to RADIUS Left Vulnerable
Networking equipment giant Cisco warned firewall customers to patch after discovering a maximum-severity vulnerability that could allow unauthenticated hackers to commandeer the server. The flaw rates a maximum score of 10 on the CVSS system.

CRM Breach May Be Tied to Ongoing Scattered Spider and ShinyHunters Campaign
Cloud software giant Workday said its customer relationship management software has been breached and customer data stolen. The alert comes as attackers continue to pose as employees to trick help desks into giving them direct access to a victim's Salesforce CRM instance.

Support Portals Offline as Ransomware Gang Claims It Stole Data
British-based multinational telecom Colt Technology Services said a "cyber incident" is responsible for days-long disruptions to its customer portal and support services. The WarLock ransomware operation took responsibility for the hack, asserting it stole "1 million documents."

Recent advisories from U.S. federal authorities on vulnerabilities in certain operational technology devices underscore the potential security risks that many healthcare providers frequently underestimate, said Sila Özeren, a security research engineer at Picus Security.

Space Policy and Tech Head Paul Liias on Dealing With Satellite Vulnerabilities
A major disruption of civil and military satellites could cause chaos on the ground to communications, navigation and other vital services. But the threats don't just come from missiles. They also comes from hackers who could exploit numerous vulnerabilities, said Estonia's Paul Liias.

Cyfinoid's Shrivastava Calls for Greater Visibility Over Software Security Risks
Software supply chain security is all too often viewed through a narrow lens, focused mostly on code dependencies and Software Bill of Materials. But the devil remains in the details and risks can emerge from overlooked areas, said Anant Shrivastava, founder and chief researcher at Cyfinoid.

Researchers Say AI Bots Blur Lines Between Identity, Consent and Cyber Defense
As generative AI programs continue to evolve, they are introducing new threats to the modern workplace. Digital twins, once confined to industrial systems, now enable hyper-realistic copies of actual employees to mimic vocal patterns, behaviors and even pick up on decision-making trends.

Ransomware Attacks Pummel Critical National Infrastructure Sectors, Experts Warn
The oil and gas sector in Pakistan is on high alert following a ransomware attack against the state-owned oil and gas company Pakistan Petroleum, an instance of ransomware impacting critical infrastructure in a year that has already tallied hundreds of incidents.

Schellman CEO Avani Desai on Balancing Innovation and Compliance in Uncertain Market
The Trump administration’s AI action plan signals a major deregulatory shift, setting up a patchwork of state regulations on AI deployments. Company policies must be “flexible enough to meet the strictest state without rewriting them every few months," said Avani Desai, CEO, Schellman.

Microsoft Urges Immediate Mitigation as State Actors Target SharePoint Flaw
Hackers breached a sensitive database containing office locations and personal details of elected officials and staff in Canada's House of Commons. Hackers were able to "exploit a recent Microsoft vulnerability," according to an internal email sent to members and staff.

Also: Spain Defies Pressure to Eject Huawei, Hackers Leak North Korea Kimsuky Data
This week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.

US Treasury Says Crypto Exchange Helped Launder $100 Million for Ransomware Gangs
The U.S. Department of Treasury sanctioned Thursday a Russian founder and co-owners of the Garantex cryptocurrency exchange in a bid to tighten methods criminal hackers use to launder extortion money and Kremlin sanctions busting. Regulators also sanctioned Garantex successor Grinex.

Report North Korean Hacking Group Adds Ransomware to Traditional Playbook
A ScarCruft subgroup dubbed "ChinopuNK" has launched a disruptive ransomware campaign across South Korea, using phishing lures, AutoIt loaders and microphone-capturing malware - marking a major change in the North Korean hacking group's traditionally espionage-focused cyber tactics.

Zelle Provider Allowed $1 Billion of Fraudulent Transactions, Prosecutors Say
The state of New York is suing the privately held fintech company behind the Zelle money transfer system in a complaint that alleges years of poor cybersecurity and protections against fraud. The New York complaint targets Early Warning Services, the company behind the money transfer app.

Congress Pressed to Fund Federal Court System Cyber Upgrades Amid Escalating Risks
A breach of the U.S. national court filing system intensified concerns over the federal judiciary's cybersecurity, with critics urging reforms and congressional funding to close gaps that could expose sealed cases, confidential informants and other sensitive information.

HHS Says New FAQs Support HHS' 'Make Health IT Great Again' Interoperability Effort
Federal regulators issued updated HIPAA privacy rule guidance that aims to clarify when patients' protected health information can be shared with value-based care organizations, and also the types of health records that patients have a right to access upon request. Does it cover any new ground?