DataBreachToday.com

NextJenSecurity Founder Calls for Global Policy Shifts to Reduce Vulnerabilities
Governments worldwide are shifting from reactive responses to preventive strategies to tackle ransomware attacks. Jen Ellis, founder of NextJenSecurity, stresses the need for vulnerability accountability and secure-by-design policies to tackle systemic cybersecurity flaws.

Also: 5 Guilty Pleas in Cambodia-linked $36.9 Million Scam
Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, charges against a crypto firm founder in a $530M sanctions evasion and money laundering case, guilty pleas in a $36.9M scam, an $8.3M exploit of Alex Lab, and Cetus Protocol relaunched after a $223M hack.

Agentic AI Is Creating New Risks, New Career Opportunities for Cyber Professionals
If your AI agent decided to act on its own tomorrow, would your systems know who it was, what it did, and whether it had the right to do it? If the answer is no, it's time to give your new coworker a badge and a policy framework. These non-human identities are creating new career opportunities.

Group's Advisory Follows an Updated Joint Alert from US, Australian Agencies
The American Hospital Association is warning hospitals and other healthcare sector organizations of rising double-extortion attack threats involving the Play ransomware group. The AHA alert follows an updated joint government advisory issued last week about Play's latest tactics.

Check Point: 'Stealth Falcon' Exploited WebDAV Flaw
Microsoft on Tuesday patched a zero-day vulnerability in WebDAV that was exploited by UAE-linked threat actors as part of an espionage campaign in the Middle East and Africa. Check Point attributed the campaign to the Emirates APT group Stealth Falcon.

Firm Hits $6B Valuation, Eyes Fast Delivery of Unified DSPM, DLP and Identity Tools
Cyera’s latest $540 million Series E funding underscores growing urgency among global firms to secure sensitive data before feeding it into AI models. With demand soaring, the startup is investing heavily in DSPM, DLP and identity innovation across cloud and on-prem environments.

Russian Speaking Hackers FIN6 Flip Job Fraud Script
Financially-motivated hackers tracked as FIN6 have flipped the script on job fraud, impersonating job seekers to phish recruiters and deploy stealthy malware through fake resumes hosted on trusted cloud platforms. The group engages recruiters on LinkedIn and Indeed with realistic resumes.

Insights on the Expanding Threat Landscape from AWS and Deloitte
As geopolitical tensions rise, companies face an expanding threat landscape - particularly through IoT and OT vulnerabilities that leave cloud infrastructures at risk, said PJ Hamlen at Amazon Web Services, and Julie Bernard at Deloitte & Touche LLP.

Lawmakers Quiz Execs on Security; State AG Seek to Block Sale of Bankrupt Firm
While a Congressional committee grilled 23andMe executives on Tuesday about security and privacy, 28 states filed a lawsuit to stop the sale of the bankrupt genetics testing firm unless the company obtains explicit consent from each customer for the transfer or their information to a third party.

Crash Records and Driver Data Exposed in Texas Transportation Hack
Hackers accessed the Texas Department of Transportation's crash records system using a compromised account, stealing nearly 300,000 reports containing personal and vehicle information that could be used for fraud, the department warned in a letter to impacted individuals.

Experts Call for Continuous Assessments of Vendor Risk - Not Just at Onboarding
As vendor ecosystems grow in complexity, many organizations still view third-party risk management as a static assessment of vendors as they're onboarded. But organizations often focus too heavily on upfront vetting of vendors and fail to track how their risk profiles may change over time.

Malicious Accounts Linked to Malware, Influence Operations
OpenAI is using its artificial intelligence models to detect and counter abuse and has banned accounts associated with malicious state-linked operations. Hackers aligned with Russia, China, North Korea and Iran have used OpenAI's tools for malware development and social media manipulation.

United Natural Foods Inc. Launches Investigation, Confirms IT Systems Breach
A cyberattack on United Natural Foods, the largest U.S. health food distributor and a key Whole Foods supplier, has disrupted the company's fulfillment operations, prompting a notification to law enforcement and a forensic investigation as it works to restore affected systems.

A Mirai Offshoot Uses DVR Command Injection Bug to Spread, Hitting 50,000 Devices
A Mirai botnet malware variant is targeting a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance, enabling attackers to take control of the devices and add them to a botnet. A security researcher first identified the vulnerability in April 2024.

Attorney Jonathan Armstrong Says Board Diversity Must Include Cybersecurity Skills
Many boards lack cybersecurity expertise, leaving CISOs exposed to legal risks. New fraud laws and AI regulations compound the challenge as security leaders struggle for boardroom support, said Jonathan Armstrong, partner at Punter Southall Law.

Modular Mirai Malware Code Strikes Again
No fewer than two separate Mirai botnets are on the hunt for unpatched servers hosting open source SIEM solution Wazuh, an unusual variation of hackers' typical focus on Internet of Things devices for stringing together infected computers. Akamai dates the first campaign to March, the other to May.

NHS in England Urging One Million People to Donate Blood to 'Secure' Supply
The National Health System in England is still dealing with blood supply issues one year after a ransomware attack on a British pathology laboratory services provider disrupted patient care and testing services at several London-based hospitals and triggered a nationwide blood shortage.

Intrusion Involved ShadowPad Malware, Wielded in Attacks Tied to Chinese APT Groups
Cybersecurity firm SentinelOne said suspected Chinese attackers, wielding ShadowPad backdoor malware, infiltrated a logistics firm that it used for supplying hardware to its employees, but that the intrusion doesn't appear to have resulted in any infiltration of its own, corporate network.