DataBreachToday.com

'Nearest Neighbor Attack' Bypasses Cyber Defenses by Breaching WiFi Networks
A Russian cyberespionage group hacked a Washington, D.C.-based organization focused on Ukraine by deploying a new attack technique that exploits Wi-Fi connectivity, according to new research. The "nearest neighbor attack: methodology could lead to a significant broadening of targeting and attacks.

Money Aims to Simplify Fundraising for RSA Conference Innovation Sandbox Finalists
Finalists selected for RSA Conference’s Innovation Sandbox competition will now each receive a $5 million investment from Crosspoint Capital. Managing Partner Hugh Thompson said this initiative ensures top cybersecurity startups are equipped to handle increased demand and scale effectively.

Speech by UK Minister Pat McFadden Sparks Backlash
A warning from a British government official over the Russian cyberwar sparked a backlash from cybersecurity specialists who urged a measured approach. Russian attacks could "turn the lights off for millions of people," said Pat McFadden, minister for intergovernmental

Group Deploys Upgraded Malware Disguised as Microsoft File on Pilgrimage Goers
A South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML Help file.

US Cyber Command Says National Mission Force was Deployed Over 85 Times in 2024
A secretive U.S. military unit has surged its support to partner nations across the globe in 2024 while combatting escalating threats from foreign adversaries like China and North Korea, a top official from Cyber Command told the Cyberwarcon summit on Friday.

Research Finds Deep Ties to North Korea Among Fake IT Service Firms' Websites
North Korean state actors are using fake websites of foreign technology service firms to sidestep sanctions and raise funding for Kim Jong-Un regime's weapons development programs. SentinelLabs found many of these sites shared similar infrastructure, owners and locations.

Also: Highlights from ISMG's Financial Services Summit and Key Insights on AI Adoption
On the 200th episode of the ISMG Editors' Panel, the team discussed the major China-linked cyberespionage campaign targeting U.S. telecommunications, highlighted key insights from ISMG's Financial Services Summit in New York and unpacked the top findings from ISMG's annual Generative AI Survey.

PE Firm Takes Majority Stake to Drive Certificate Lifecycle Management Innovation
Private equity firm Haveli has purchased a majority stake in AppViewX to scale globally, targeting automation in certificate lifecycle management and public key infrastructure. CEO Gregory Webb says the acquisition will fund international expansion and next-gen technology investments.

DeepSeek-R1 Struggles with Logic Tests and Is Vulnerable to Jailbreaks
Chinese artificial intelligence research company DeepSeek, funded by quantitative trading firms, introduced what it says is one of the first reasoning models to rival OpenAI o1. Reasoning models engage in self-fact checking and perform multi-step reasoning tasks.

One Vulnerability Had Been Undiscovered for Two Decades, Researchers Said
Google researchers used an AI-powered fuzzing tool to identify 26 vulnerabilities in open-source code repositories, some of which had been lurking undiscovered for several decades. Each was found with AI, using AI-generated and enhanced fuzz targets, Google said.

Members of Loosely Organized Group Recently Tied to Partnership With RansomHub
Will the indictment of five alleged members of the loosely affiliated Scattered Spider cybercrime group disrupt its wider activities? The current count of known attacks tied to the group stands at over 130, but the accused have so far been tied by the FBI to only 45 of the attacks.

Red Team Finds Vulnerabilities in Critical Infrastructure Org’s Security Framework
The U.S., cyber defense agency is urging critical infrastructure operators to learn from the experience of a volunteer read teaming test and not rely too heavily on host-based endpoint detection and response solutions at the expense of network layer protections.

Watchdog Agency Report Points to Unimplemented Cyber Recommendations
The U.S. Department of Health and Human Services needs to take important actions to do a better job of carrying out its duties as the lead federal agency responsible for strengthening cybersecurity in the healthcare and public health sector, said a new federal watch dog agency report.

Buy of Application Security Startup Enhances Code-to-Cloud Vulnerability Management
Wiz acquired application security posture management startup Dazz for $450 million to provide enterprises with a unified code-to-cloud solution. CEO Merav Bahat highlights how this partnership will streamline vulnerability management and strengthen remediation capabilities for global organizations.

Lawmakers Expressed Concerns Over Proposed Data Use and Access Bill
British lawmakers sought assurances Tuesday from the U.K. government that proposed data use reform legislation will not cause the country to lose its data-sharing rights with the European Union. Lawmakers also warned about potential AI risks arising from the bill.

FBI Ties Suspects to at Least 45 Attacks and Theft of Cryptocurrency Worth Millions
The U.S. government on Wednesday unsealed criminal charges against five suspected members of the "loosely organized, financially motivated cybercriminal group" Scattered Spider. The suspects have been tied to 45 attacks, disrupting businesses and stealing cryptocurrency worth millions of dollars.

Also: Bitfinex Launderer Razzlekhan Gets 18-Month Sentence
This week, sentences in FTX, Bitfinex and Helix cases, a $25.5M Thala hack, the WazirX hack and South Korea probed UpBit. U.S. lawmakers want a crackdown on Tornado. U.S. Prosecutors may scale back crypto cases. BIT Mining fined $10M and the Chinese Communist Party expelled a key blockchain figure

Security Operations Purchase Brings Cloud-Native XDR, MDR to IT Management Platform
With Adlumin’s cloud-native XDR and MDR services, N-able consolidates its position as a leader in IT management. Buying the Washington D.C.-based security operations vendor for up to $266 million drives value through AI-powered threat detection and compliance solutions tailored for MSPs.

Cybersecurity Training and Education Must Evolve to Keep Pace With the Profession
Over the past few decades, cybersecurity has evolved from a niche concern into a global priority, creating a vast and dynamic career field. While we celebrate the journey, let's also focus on how today's cybersecurity professionals will shape the future.