DataBreachToday.com

Kivera Integrates Controls Into Cloudflare One to Prevent Cloud Misconfigurations
With the acquisition of New York-based startup Kivera, Cloudflare will enhance its Cloudflare One platform, adding proactive controls that secure cloud environments, prevent misconfigurations and improve regulatory compliance for businesses using multiple cloud providers.

Russian Nationals, Agencies Engaged in Cyberattacks, Misinformation to be Targeted
The European Council on Tuesday introduced a new sanctions framework to target Russian nationals and organizations engaged in malicious cyber activities such as election misinformation and disruptive cyberattacks. It seeks to address activities such as influence operations and hacking.

Healthcare organizations should rethink some of their approach to security, enhancing focus on insider threats, improving cyber awareness training and securing mobile applications and devices, said Ryan Witt, vice president of industry solutions at Proofpoint, discussing findings of a new study.

Parties Vow to Continue Negotiations
Time ran out for a non-binding takeover bid from the French government for the cybersecurity business of beleaguered Parisian IT consultancy Atos. Among the world's largest managed security service providers, the financially struggling firm is strategically important to the French government.

DHS Says Adversaries May Stoke Voter Fraud Fears Long After Election Day
The latest Homeland Security threat assessment lists this year’s election cycle as a top concern for 2025 and a potential trigger for domestic terrorism. The agency says foreign adversaries and violent extremists may take advantage of the outcome to further sow discord in the United States.

Settlement Addresses Claims of False Revenue Forecasts, Investor Misrepresentation
IronNet and several former executives agreed to a $6.6 million settlement, ending a class action lawsuit accusing the company of misleading investors with inflated revenue projections. The settlement aims to provide relief for investors misled by allegedly inaccurate revenue projections.

Mark Sokolovsky Admits to Felony Conspiracy Charge in US Federal Court
A Ukrainian national pleaded guilty Monday in U.S. federal court to one count of conspiracy to commit computer intrusion in connection with his role in the Raccoon malware-as-a-service info stealer criminal operation. Dutch authorities extradited him in February after arresting him in March 2022.

Verizon, AT&T and Lumen's Systems for Lawful Broadband Wiretaps Reportedly Breached
The U.S. government is reportedly probing suspected national security breaches tied to Chinese nation-state hackers infiltrating broadband providers' infrastructure used to comply with court-authorized "lawful intercept" wiretaps of subscribers' networking traffic.

Common Cloud Assumptions and Takeaways for Healthcare Organizations
As healthcare providers migrate their infrastructure and services to the cloud, they gain benefits such as increased flexibility, scalability and optimized patient data access and sharing. But misconceptions about cloud security are jeopardizing the security of electronic patient health information.

European Court of Justice Says Meta May Not Indefinitely Retain User Data
Targeted advertising may face additional restrictions following a ruling by the top European Union court that social media giant Meta cannot indefinitely retain user data. Nor can it use data for advertising "without distinction as to type of data," the European Court of Justice said Friday.

Illumio, Akamai Stay Atop Forrester Wave, While ColorTokens, Cisco Join Leaderboard
Illumio and Akamai remained atop Forrester's microsegmentation rankings, while ColorTokens and Cisco climbed into the leader space.The microsegmentation market has expanded beyond traditional on-premises networks to address modern public cloud workloads.

US-Sanctioned Crypto Exchange Founder Sergey Ivanov Included in Sweeping Arrests
Russia’s primary federal investigative agency announced a rare and sweeping investigation into the United States-sanctioned cryptocurrency exchange Cryptex and other platforms used to carry out illegal transactions and launder millions from ransomware groups.

Company Has Long Running Fight Against Fare Scrappers
The Irish data regulator launched an investigation into Dublin-based ultra low-cost carrier Ryanair to identify potential privacy violations related to the company's use of third-party facial recognition technology, stepping into a running fight Ryainair has fought against online ticket sellers.

FSB Hackers Stripped of 107 Domains Used to Steal Credentials
The U.S. Department of Justice and Microsoft seized more than 100 websites allegedly used by a Russian intelligence cyberespionage operation with a fondness for spear phishing. Targets include the national security apparatus and journalists, think tanks, and non-governmental organizations.

CorrectCare to Settle Lawsuit After 'Inadvertently' Exposing PHI on Web for Months
A misconfigured web server and the exposure of sensitive information for nearly 600,000 prison inmates in 2022 will cost medical claims processing company CorrectCare $6.49 million to settle a consolidated proposed class action lawsuit, according to court records.

Also: Prison Sentences for BEC Scammers and a West African Cybercrime Crackdown
This week, AI nudify sites spread malware, BEC scammers head to prison, London man charged with hacking, and a Spanish insurance company with a breach. Also, a North Korean hacking group and a West African crackdown on online scammers. And, a Schrödinger Windows vulnerability: Is it real?

US Cyber Defense Agency Plans to Review Updated Implementation Plans in November
A top official from the U.S. Cybersecurity and Infrastructure Security Agency said Thursday the agency is planning to review updated federal implementation plans and ensure agencies are aligning with zero trust security objectives and addressing any funding gaps or technical challenges.

Counter Ransomware Group Focuses on Timely Reporting, Avoiding Paying the Ransom
New voluntary ransomware guidance released during the International Counter Ransomware Initiative meeting this week calls for victims to report attacks to law enforcement on a more timely basis - and involve more advisers in deciding whether to pay a ransom.

A 2023 Breach Exposed Personal Details of All PSNI Officers and Staff
The U.K. data regulator fined the Northern Ireland's Police Service 750,000 pounds following a 2023 data breach that exposed personal details of the entire workforce. The U.K. Information Commissioner's Office determined the breach occurred when police attempted to respond to two open records requests.