DataBreachToday.com

Event to Feature Innovation Sandbox 20-Year Anniversary, DARPA, Hacking Sessions
RSAC Conference brings together thousands of cybersecurity professionals with one goal: finding innovative ways to defend enterprises. This year for the event's annual Innovation Sandbox, the stakes couldn't be bigger. This year, leading-edge projects will receive $5 million in investment funding.

Company Files Report With SEC About Incident Discovered Over the Weekend
Denver-based DaVita Inc., which runs more than 3,100 dialysis and other kidney care facilities in the U.S. and in 13 other countries, reported to the U.S. Securities and Exchange Commission that a ransomware attack over the weekend is disrupting some of its operations.

Staffers Considering Deferred Resignation, Payout Options Ahead of Looming Deadline
CISA employees face a Monday deadline to accept a deferred resignation, early retirement or payout as DHS prepares sweeping workforce cuts - potentially reducing the agency’s staff by a third and heightening risks to critical infrastructure across the U.S.

At-Bay Cyber Insurance Claims Report Finds 83% of Financial Fraud Starts With Email
Financial fraud remains the leading driver of cyberinsurance claims, with 83% of cases traced back to email-based attacks. Common tactics used to deceive employees include wiring funds to fraudulent accounts, generative AI-crafted emails, executive and vendor impersonation and BEC scams.

most OT attacks go unnoticed until they result in significant damage, due to the absence of real-time monitoring and OT-specific threat intelligence. Consequently, even when a cyber breach occurs within IT systems, organizations often struggle to ascertain whether the OT network has also been compromised.

Symbolic Links Planted by Attackers Survived Patching, Provide Read-Only Access
Attackers have been using a new type of post-exploitation technique to maintain remote access to hacked Fortinet FortiGuard devices - even if they had the latest patches - by dropping symbolic links in the device's filesystem designed to survive the patching process, the vendor has warned.

LLMs Falter on Real-World Bugs, Even With Debugger Access: Microsoft
Artificial intelligence can code but it can't debug says Microsoft after observing how large language models performed when given a series of real world software programming tests. Most LLMs struggle to resolve software bugs, even when given access to traditional developer tools such as debuggers.

Domain Controllers Commandeered to Distribute Malware, Warns Microsoft
Ransomware hackers are hitting up Active Directory domain controllers to boost privileges within compromised networks, warns Microsoft. Nearly eight out of every 10 human-operated cyberattacks involve a breached domain controller. Securing the servers is a challenge.

Also: Ransomware Profits Down, Meta's Benchmarking Controversy
In this week's update, ISMG editors previewed our return to the RSAC Conference studios in San Francisco, explored cracks in the ransomware business model, and unpacked the debate over Meta's Llama 4 benchmarks and their implications for AI transparency.

Senior Technology, Cybersecurity Officials Removed From Interior Department
The U.S. Department of Interior has reportedly removed several key cybersecurity and technology officials from their posts following a reported dispute with staffers from the Department of Government Efficiency over its access to government systems and sensitive federal data.

HHS Cites Security Risk Analysis Failures in Hack That Affected Nearly 300,000
A medical imaging practice with offices in New York and Connecticut has agreed to pay $350,000 to federal regulators and implement a corrective action plan to settle potential HIPAA violations uncovered in an investigation of a 2020 hacking incident that affected nearly 300,000 people.

Laboratory Services Cooperative Says 1.6 Million Patients, Workers, Others Affected
A laboratory that provides medical testing services to Planned Parenthood is notifying 1.6 million patients, workers and those who paid for healthcare on behalf of another person that their sensitive personal and health information was accessed or removed in an October 2024 hacking incident.

Chief Information Officer Meerah Rajavel shares Palo Alto Networks' strategy for enterprise AI: securing models from the outset, combating adversarial use and leveraging increased productivity and automation to cut manual workloads across engineering, support, sales and HR.

Also, Oracle Denies Cloud Breach, Blames Hack on Obsolete Servers
This week, Port of Seattle notified victims, Oracle blamed hack on obsolete servers, Google and Microsoft released April patches, WK Kellogg breached, six arrested in Spain for AI-investment scam, Scattered Spider's "King Bob" pleaded guilty, SmokeLoader users busted.

California Health Plan With 6 Million Members Blames Software Configuration Error
Blue Shield of California is notifying health plan members that their protected health information was potentially shared for nearly three years with Google for advertising purposes because of the way Google Analytics online tracking tools were configured on the insurer's websites.

Incident Reporting Low, Government Study Finds
Ransomware attacks targeting U.K. organizations continued to rise last year concluded the British government despite a low reporting rate by victims. The findings come as the government is considering banning public sector organization from paying ransom and mandating incident reporting.

3 Key Strategies for Security Leaders for Managing On-Premises and Cloud Identities
Machine identities now outnumber human identities 45:1, creating new security risks in an increasingly digital world. As organizations expand across hybrid and multi-cloud environments, fragmented identities become harder to manage, requiring proactive strategies to enhance security and governance.

Lowering Machine Identity Risks in AI, ML and Bot Workflows
While AI, ML and bot workflows boost efficiency, they also expand the attack surface. Over-permissioned identities, exploitable vulnerabilities and AI misuse pose significant security risks. AI-driven security tools can mitigate these risks by detecting anomalies and automating threat response.