Ransomware DataBreachToday.com

ISMG's Sean Mack on Aligning Strategy and Culture for Long-Term Risk Reduction
Cybercrime is accelerating while budgets stay flat. To keep pace, organizations must treat security as a strategic enabler - not an afterthought. Sean Mack of ISMG's CXO Advisory Practice outlines how aligning business goals, shifting left, and building a security culture drive better outcomes.

Also: Trader Loses $21M on Hyperliquid, Fund for Tornado Cash Dev Defense
This week, "Bitcoin Jesus" paid $50M to settle tax charges, a trader lost $21M on Hyperliquid, Ethereum Foundation and Keyring launched fund for Tornado Cash developers, India probing Binance traders, hackers' $32.5M record dump and New York City launched first mayoral blockchain office.

2022 Ransomware Attack, Data Theft Affected 3.4 Million Patients
A California-based network of nine affiliated physician practices will pay nearly $50 million to settle consolidated class action litigation involving a 2022 ransomware and data theft attack that affected more than 3.4 million patients. Plaintiffs claimed their data was leaked on the darkweb.

Capita Ignored EDR Alert for 58 Hours, Say Investigators
British outsourcing giant Capita must pay 14 million pounds to British data regulators for privacy violations tied to a 2023 hack that impacted 6 million individuals. An EDR system caught the malicious file within 10 minutes but the company didn't respond to the alert until 58 hours later.

Symantec Says It Spotted Likely Supply Chain Hack
Suspected Chinese state-linked hackers reportedly breached a Russian IT service provider in an espionage campaign targeting government-related networks. Symantec uncovered Chinese hackers they named Jewelbug, infiltrating a Russian company between January and May.

Point Wild's Zulfikar Ramzan Says Cryptography Is Crucial Against Quantum Risks
Cyber resilience is a critical part of defense strategies today, and resilience is rooted in strong, well-managed cryptography, said Zulfikar Ramzan, chief technology officer at cybersecurity firm Point Wild. He shares key drivers for organizations to move toward quantum migration.

State cybersecurity regulations that apply to some hospitals in New York state go well compliance under the federal HIPAA security rule, posing expanded data governance challenges for providers, said Matthew Bernstein of consulting firm Bernstein Data.

The Payments Giant Is Creating Digital Rails for Secure, AI-Driven Commerce
Visa is doubling down on both B2C and B2B agentic AI use cases. Early experiments focus on automating repetitive, trust-sensitive financial tasks, but the company is rapidly expanding into more sophisticated scenarios, positioning itself at the center of the next major shift in global payments.

Study Finds Weak Authentication Practices Across AI Agent Servers
Tools developers use to connect artificial intelligence tools with external applications and data sources typically are secured by static credentials such as API keys and personal access tokens, exposing AI agent systems to theft or misuse, research shows.

Eclypsium Researchers Find UEFI Weakness in Framework Laptops and Desktops
Roughly 200,000 laptops and desktops made by modular sensation Framework contain a firmware vulnerability allowing attackers to disable Secure Boot and run unsigned code, say security researchers.

Federal Agencies Ordered to Patch or Decommission F5 Devices Amid Imminent Risk
An advanced nation-state threat actor stole sensitive F5 source code and vulnerability data to craft tailored exploits, prompting an emergency directive amid a U.S. government shutdown that has left cyber defenses strained and federal networks at "imminent risk."

Recent Cybersecurity Conferences Highlight Resilience and Shoring Up Critical Infrastructure Systems
Learn how recent cybersecurity conferences focused on resilience and shoring up critical infrastructure systems spotlight the need for virtual segmentation, OT visibility and zero trust adoption.

Cybereason Deal Bolsters LevelBlue's XDR, DFIR and Global Incident Response Reach
LevelBlue is acquiring Cybereason to enhance its extended detection and response, digital forensics, and global threat intelligence capabilities. The move brings top talent, expands the firm's footprint in Japan and follows LevelBlue's acquisitions of Aon and MDR provider Trustwave.

Cambodian Firm Worked Directly With North Korea, Say US Officials
The U.S. and U.K. imposed sanctions on Cambodia’s Huione Group and 146 affiliates linked to the Prince Group TCO, citing human trafficking, forced labor and over $4 billion in laundered cybercrime proceeds tied to North Korean hacks and Western-targeted scams.

NCSC Chief Says Recent Retailer Hacks Should Be 'Wake-Up Call' for Cyber Defenders
The number of cyberattacks in the United Kingdom surged 50% in the past year, with ransomware continuing to be the top threat. National Cyber Security Centre CEO Richard Horne said recent high-profile hacks at major retailers exposed supply chain vulnerabilities and are a "wake-up call" to defenders.

Researchers Show Minimal Data Poisoning Can Disrupt Large Language Models
Only a couple hundred malicious training documents are needed before a large language model puts out meaningless text when prompted with a specific trigger phrase, say researchers.

3 Private Equity Firms Kick the Tires, But Proposed Price Wasn't to Snyk's Liking
Slowing growth, continued losses and increased competition have turned a Snyk IPO into an increasingly unlikely prospect. The Information reported this month that Snyk has spoken with at least three private equity firms about a potential deal, but has been unable to reach an agreement on price.

Medusa Group Tied to Attack on SimonMed and Threats to Leak Stolen Data
Two radiology practices are notifying nearly 1.5 million people of separate hacking incidents compromising their sensitive health information. Cybercrime gang Medusa claimed credit for attacking Arizona-based SimonMed Imaging in January and threatened to leak the stolen data of nearly 1.3 million patients on the darkweb.

Dutch Ministry Invokes National Security Law to Impose Domestic Control
The Dutch government said it is severing semiconductor chipmaker Nexperia from control by its Chinese parent after invoking a national security law allowing it to impose domestic control. Partially Chinese state-controlled Wingtech Technologies acquired a three quarters stake in Nexperia in 2018.

Today's Hapless Hackers Are Tomorrow's Threat, Warns Forescout
A pro-Russian hacktivist group boasted on Telegram that it hacked a Western water treatment plant - but actually succeeded in attacking a honeypot left by security researchers at Forescout, the firm said. TwoNet appears to have ceased operations on Sept. 30.