Ransomware DataBreachToday.com

US National Security Agency Says It Has More Than 1,000 New Cybersecurity Alliances
The United States National Security Agency is banking on recently developed partnerships with leading technology firms around the world and foreign partners to combat the growing cybersecurity risks from Chinese-based threat actors, a top official from the agency said Wednesday.

5th Nation to Investigate Software Firm Imposes Largest GDPR Penalty, Bans Use
The Dutch data regulator is the latest agency to fine artificial intelligence company Clearview AI over its facial data harvesting and other privacy violations of GDPR rules, joining regulatory agencies in France, Italy, Greece and the United Kingdom.

Tennessee-Based Specialty Networks Incident Is Latest Attack on Business Associates
A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.

Sprague Replaces Veteran CEO, Plans to Double Down on PTaaS and AI Red Teaming
HackerOne has tapped F5's longtime product leader as it next chief executive to continue expanding its portfolio beyond operating vulnerability disclosure programs. The firm tasked Kara Sprague with building on existing growth in areas including AI red teaming and penetration testing as a service.

Director Hails New Guidance as 'First Step' in Resolving BGP Security Risks
Harry Coker, director of the Office of the National Cyber Director, described new guidance published Tuesday that aims to bolster internet routing security as a critical "first step" in addressing long-standing security issues that threaten the backbone of global communications.

Agency Publishes Notice Soliciting Comments on Potential Federal Response
An artificial intelligence-fueled growth in data center construction has the federal government asking what it should do to help manage data security risks. The NTIA is interested in identifying opportunities "to improve data centers’ market development, supply chain resilience, and data security."

Cloud-Based Security Camera Firm Pledges Better Security in US FTC Settlement
A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women's health clinics.

Automated Service Helped Subscribers Trick Victims Into Sharing One-Time Codes
Three men have pleaded guilty to running OTPAgency, a subscription service for fraudsters designed to automatically phone targets and trick them into sharing the one-time codes criminals need to log into their bank accounts. The service targeted more than 12,500 individuals over its 18-month run.

Firm Says It Is Still 'Evaluating the Nature and Scope of the Information'
Oil service giant Halliburton told U.S. federal regulators Tuesday that hackers stole data after the firm acknowledged "unauthorized activity" on its networks in late August. The incident "caused disruptions and limitation of access to portions of the company's business applications," the firm said.

Feds Count Over 200 Known US Victims of Ransomware Group That Launched in February
Beware a surge in attacks tied to a ransomware group called RansomHub that's recruited affiliates from down-or-out operations LockBit and BlackCat and successfully crypto-locked systems at more than 200 organizations nationwide, including critical infrastructure, the U.S. government warned.

Growth, Profitability and Stock Price Woes Have Dell Primed to Cash Out Its Chips
Majority owner Dell is exploring a possible sale of Atlanta-based cybersecurity services vendor Secureworks, tapping investment bankers at Morgan Stanley and Piper Sandler to gauge takeover interest from potential acquirers, which include private equity firms, Reuters reported Thursday.

Telegram Messages Hard to Encrypt But CEO Faces Charges for Noncompliant Cryptology
The arrest and indictment of Telegram CEO Pavel Durov is sparking concerns about the viability of encrypted communications in France. The Paris Prosecutor's Office indicted Durov, the 39-year-old Russian-born owner of Telegram on Wednesday, after arresting him Saturday night.

Bill Is Similar to Senate Proposals, But Will Congress Take Action Before Election?
A bipartisan House bill aims to bolster cybersecurity in the healthcare sector by requiring stronger collaboration between CISA and the Department of Health and Human Services. The bill is a companion to nearly identical bipartisan legislation introduced in the Senate in July.

The AI Safety Institute Will Evaluate Safety and Suggest Improvements
AI companies OpenAI and Anthropic made a deal with a U.S. federal body to provide early access to major models for safety evaluations. The agreements are "are an important milestone as we work to help responsibly steward the future of AI," said U.S. AI Safety Institute Director Elizabeth Kelly.

Cloud-Based Security Camera Firm Pledges Better Security in US FTC Settlement
A California security camera company agreed to pay a $2.95 million civil penalty and implement a security program after hackers in 2021 accessed video from 150,000 internet-connected security cameras, including from devices placed inside psychiatric hospitals and women's health clinics.

Also: Turn in Volodymyr Kadariya, Get $2.5 Million from Uncle Sam
This week, an ex-Verizon employee pleaded guilty, SonicWall fixed critical flaws,South Korean hackers exploited a zero-day, U.S. retailer Dick's Sporting Goods was breached, the U.S. government offered a big reward, Grok AI will send election queries to Vote.gov, and HIPAA is 28 years old.

Cybercriminal Group Claims to Have Published 100 Gigabytes of Agency's Stolen Data
Two months after RansomHub claimed to have published 100GBs of its stolen data on the dark web, the Florida Department of Health is notifying citizens that their sensitive information has been compromised. The attack affected the vital statistics system used to issue birth and death certificates.

Compliance Expert on Readiness, Compliance and Rapid Incident Reporting
The NIS2 Directive focuses on addressing gaps and strengthening the security of network and information systems across the European Union. NIS2 mandates rapid incident reporting and holds senior management accountable for cybersecurity, shifting responsibilities to the board level.

Proposed Legislation Divides Tech World, AI Experts, Lawmakers
California state lawmakers on Wednesday handed off a bill establishing first-in-the-nation safety standards for advanced artificial intelligence models to their Senate counterparts after weathering opposition from the tech industry and high-profile Democratic politicians.

CEO George Kurtz on New Recovery Techniques and Controls Implemented Post-Incident
CEO George Kurtz said CrowdStrike has blunted the business impact from the massive July 19 outage and is implementing changes to prevent a repeat occurrence. CrowdStrike is boosting the resilience of its Falcon platform through improved content visibility and control and enhanced quality assurance.