DataBreachToday.com

Legal Firm Joins Other Class Action Litigators Targeted by Hackers
Wolf Haldenstein Adler Freeman & Herz LLP, a law firm that represents consumers in data breach lawsuits, has reported to regulators its own 2023 hack affecting more than 3.4 million individuals. The incident isn't the first time a law firm that handles data breach litigation reported a major hack.

Acquisition Boosts Standardized Consent Frameworks, Identity Data Interoperability
Prove’s acquisition of Philadelphia-based startup Portabl focuses on enhancing interoperability and reusable identity solutions. The move supports emerging industry standards, bridging gaps between identity verification, authentication, and payments for seamless customer experiences.

Google Says Platforms Shouldn't Use Emails as Unique Identifiers
A security researcher purchased abandoned online domains belonging to failed startups and found he could recreate email addresses and access third party services containing sensitive information collected by the shuttered companies by signing onto the platforms using "Sign in with Google."

Final Cybersecurity Executive Order Unlocks New Powers for Next Administration
Biden’s final cybersecurity order expands sanctions authorities to better target ransomware hackers and the financial facilitators and infrastructure providers enabling their attacks, a White House official said Thursday, as the administration aims to disrupt the broader cybercrime ecosystem.

Attackers Can Employ a Vulnerable Driver to Target Most Windows and Linux Systems
Researchers are warning Microsoft Windows as well as many Linux distribution users to install updates that revoke permissions for a vulnerable driver that attackers can use to target most systems, allowing them to bypass UEFI Secure Boot and install a bootkit to take full control of a system.

UALink Crafts Alternative to Nvidia NVLink to Speed AI Accelerator Links
Device-maker Apple joined the board of a recently incorporated industry group that aims to establish open standards for directly connecting AI accelerator chip clusters in data centers. The direct connection optimizes the parallel computing and high data throughput that make GPUs efficient.

Administration Officials Say Executive Order is 'Pretty Bipartisan'
An executive order set for publication Thursday during the final countdown of the Biden administration aims to use federal purchasing power as a main lever for coaxing the private sector into better cybersecurity. The order also strengthens sanctions authority against hackers.

Working in Open-Source Intelligence: Get Paid for Something You Do Every Day
Open-source intelligence, commonly referred to as OSINT, is the collection, analysis and use of publicly available information from open sources. These sources include websites, social media, news articles, public records, forums and even multimedia content such as videos and photos.

Hackers Repeatedly Compromised GoDaddy's Web Hosting Environment
Internet registrar and web host GoDaddy agreed to two decades worth of third-party assessments over its cybersecurity practices in a settlement with the U.S. FTC. GoDaddy in February 2023 attributed a run of hacking incidents that began in 2019 to a "sophisticated threat actor group."

Cases are Latest in a Spate of HIPAA Settlements As Biden Administration Wraps Up
A medical supply firm will pay $3 million to settle issues found by a HIPAA investigation into a breach. Also, a public health system will pay $60,000 to resolve a right-of-access dispute. The cases are among the latest in a spate of HIPAA enforcement actions as the Biden administration wraps up.

US Cyber Defense Agency Was Not Initially Aware Hackers Were Part of Salt Typhoon
The U.S. federal government's first hint that Chinese hackers penetrated American telecommunications infrastructure came from telemetry on government networks, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

Hackers Exploit Malicious Macros in Diplomatic Documents to Target Asian Nations
Hackers possibly from the Russian Main Intelligence Directorate have been spying on neighboring government of Kazakhstan using legitimate documents that have been booby-trapped with malicious macros. The latest campaign, dubbed "Double-Tap," emerged in October 2024.

CFP Board Members Discuss AI, Hardware Access and Emerging Trends for Nullcon 2025
Cybersecurity research submissions for the Nullcon 2025 CFP Review Board reflect prominent trends and challenges in the field. Nullcon CFP Review Board members Anant Shrivastava and Neelu Tripathi noted a growing focus on AI, supply chain and applied security.

RansomHub, Play and Akira Appear to Dominate; Numerous Newcomers Join the Fray
While ransomware groups' data-leak sites regularly lie, if taken at face value, in December 2024 they collectively listed the largest number of victims ever seen in a one-month period, dominated by RansomHub, Play and Akira operations, plus a bevy of newcomers, researchers report.

New Identity Infrastructure Streamlines Compliance Adherence in Regulated Settings
Identity management startup Orchid Security raised $36 million in a seed round led by Team8 and Intel Capital to tackle compliance challenges. The company's infrastructure addresses complex compliance and security needs for enterprises, enabling efficient application onboarding and integration.