DataBreachToday.com

Lawmaker Says Microsoft Lapses Led to Ascension Health's Major 2024 Hack
Sen. Ron Wyden, D-Oregon, is urging the Federal Trade Commission to investigate Microsoft over the software giant's alleged "negligent cybersecurity," which he says contributed to ransomware attacks on critical infrastructure sector organizations, including last year's attack on Ascension Health.

Enoflag's Nicolas Werner on How Hands-on Challenges Expand Offensive Security Skills
Capture the Flag, or CTF, competitions have become a global training ground for cybersecurity professionals. These events test offensive security skills across software vulnerabilities, reversing and even physical security, said Nicolas Werner, representative at Enoflag.

Calypso’s Red-Teaming and Agentic Threat Tools Boost F5’s Application Security Edge
F5’s latest acquisition brings Dublin, Ireland-based CalypsoAI’s unique AI security stack into its platform to secure application traffic against LLM misuse, data leakage and shadow AI, enhancing protection for hybrid and multi-cloud environments and helping secure apps and APIs.

Updated CVE Roadmap Follows Threats to Funding
The Cybersecurity and Infrastructure Security Agency is unveiling a new vision for its globally-adopted vulnerability tracking system but security analysts warn that funding threats and turmoil inside the federal agency could derail any reforms before they take hold.

Tech Tools Are Powerful 'Easy Buttons' But You Still Need to Know the Fundamentals
In their careers, cyber professionals are expected to move beyond clicking through alerts and develop more depth in the field. The "easy button" may feel efficient, but it could be your downfall if you don't push yourself to truly learn the ins and outs of cyber defense.

CMO Mike Plante on Nozomi Expanding Industrial Reach, Operating as Independent Unit
Japanese Industrial giant Mitsubishi Electric will acquire San Francisco-based cybersecurity firm Nozomi Networks for $883 million. The two companies aim to fuse industrial data insights with advanced threat detection while keeping Nozomi as an independent brand.

Experts Say Tool Geared to Small, Midsized Organizations
Federal regulators have updated their HIPAA security risk assessment tool that's long been aimed at helping small and midsized providers and business associates with risk analysis - an activity that many healthcare organizations can't seem to get right.

Company Targets Non-Binary Software Blind Spots Left by Endpoint Security Tools
With $48 million in funding, Koi is scaling up efforts to help enterprises secure browser extensions, AI models and package code often missed by legacy tools. CEO Amit Assaraf says Koi is the only firm offering centralized governance for this fast-growing risk category.

Department of Defense Releases Cybersecurity Maturity Model Certification Rule
The Department of War has published the final version of its Cybersecurity Maturity Model Certification Rule - dubbed CMMC 2.0 - following years of collaboration with defense vendors on a tiered-approach to developing standardized cybersecurity requirements across the Defense Industrial Base.

Why CISOs Must Rethink Access, Behavioral Analytics and AI Governance at Scale
Zero trust is evolving beyond static controls and network segmentation. CISOs must prepare for dynamic, behavior-driven security models that incorporate real-time intelligence, enforce identity and data safeguards, and manage AI as both a threat vector and a security tool.

In the Rush for AI-Run SOCs, Security Experts Warn of Trust and Governance Issues
AI SOC agents are touted as the future of security operations, promising nonstop triage and faster response. But cybersecurity experts warn most autonomous AI solutions are still immature, prone to false answers and lack the guardrails needed to keep them from running amok.

Attacker Socially Engineered Developer With Phishing Email
A hacker laced 18 popular npm packages with cryptocurrency stealing malware after socially engineering the developer into giving up his credentials to the JavaScript runtime environment. Aikido Security said the 18 software packages collectively have downloads of more than two billion each week.

State Department Offers Up to $10M for Tips on Volodymyr Tymoshchuk
A hacker who federal prosecutors say was behind the LockerGoga and MegaCortex ransomware strains faces a seven count criminal indictment in U.S. federal court, prosecutors said Tuesday. Ukrainian national Volodymyr Tymoshchuk, 28, was administrator of the two ransomware operations, prosecutors say.

Breach Affecting 104,000 Underscores Health Data Risks for Non-Healthcare Firms
An Ohio hand tool manufacturer that sells its products through franchises is notifying nearly 104,000 people of a breach potentially compromising their medical data. The incident is a cautionary tale for non-healthcare sector entities about the risks they face involving health information.

GhostRedirector Compromising Windows Servers in Brazil, Thailand and Vietnam
A suspected Chinese cybercrime group is deploying custom malware to compromise Windows servers in Brazil, Thailand, Portugal and Vietnam as part of search engine optimization fraud to promote gambling websites.

Nonprofit Is Among Several Blood Suppliers Hit by Cybercriminals Over the Past Year
New York Blood Center Enterprises said an undisclosed number of patients, employees and other individuals are potentially affected by a January cyberattack that compromised personal and health related information. The hack was among several attacks on blood suppliers over the past year.

Salesloft Says Hackers Broke Into Its GitHub Repository
Cybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft.