DataBreachToday.com

Flaw in Embedded Device Operating System Allowed Hackers to Bypass Integrity Check
A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, tracked as CVE-2024-54143, with a CVSS score of 9.3.

deviceTRUST, Strong Network Acquisitions Improve Zero Trust, Developer Protections
Citrix enhances its security for hybrid work by acquiring deviceTRUST and Strong Network. Purchasing these European startups boosts protection for VDI, DaaS and cloud development, empowering organizations to enforce zero trust principles and reduce risks across their hybrid environments.

Report: Financial Orgs Shift to Multi-Cloud to Address Cyber Threats and Regulation
Financial institutions are increasingly adopting multi-cloud strategies to mitigate rising cyber risks and comply with complex regulations, according to a new report. The move enhances flexibility and disaster recovery, though challenges remain, from implementation costs to a growing skills gap.

Startup Aims to Secure AI Agents, Expand Global Reach, Do User Access Management
Astrix raises $45 million to advance AI agent security and expand its global presence. The company plans to double its workforce, focusing on anomaly detection and fingerprinting techniques for non-human identities along the correlating information about human and non-human identities.

Copilot Enhancements and Other Key Announcements From Microsoft Ignite 2024
Advanced AI took the center stage at Microsoft Ignite 2024. Reflecting on AI as the "most transformative technology of our time," CEO Satya Nadella set the tone for Microsoft's future where every facet of technology is integrated with AI in all key aspects - productivity, collaboration and security.

From Automotive Exploits and Bootloader Bugs to Cybercrime and 'LLMbotomy' Trojans
Black Hat Europe returns to London with more than 45 keynotes and briefings tackling everything from bootloader bugs and flaws in artificial intelligence and large language model tools, to disrupting fake online brokerages and remotely hacking Volkswagen entertainment systems to track vehicles.

InfoSec Officer Shervin Evans on the State of Cyberdefense, Meeting the Challenges
Cybercriminals are launching relentless attacks. The potential for breaches and exploitation has increased as the world has become more connected, raising an urgent question: Are we winning the fight against cybercriminals, or are we just sinking deeper into their grasp?

Autodesk and AWS Are Driving the Next Generation of AI-Powered Design Innovation
At AWS re:Invent 2024, Autodesk unveiled its innovative vision for generative AI in design. From Project Bernini's billion-parameter foundation model to sustainable workflows powered by AWS, the company is transforming 3D CAD design and shaping the future of creativity.

Bulletin Comes In Wake of Recent Attacks Disrupting Blood Collection, Supplies
The Food and Drug Administration is urging blood suppliers - a recent target of attacks - to bolster their cybersecurity practices to prevent and mitigate cyber incidents that could affect the supply and safety of critical blood and blood components used for transfusions and other patient care.

Rhode Island Becomes First State to Shield Students From Cyber Risks With New Tool
Rhode Island will become the first state in the nation to launch a statewide cybersecurity tool for K-12 schools, offering enhanced protection against ransomware threats with a new, no-cost, federally funded service that will shield 136,000 students across 64 school districts.

Big Game Hunting Will Intensify in 2025, Says Credit Rating Agency
Improved cybersecurity will result in ransomware hackers targeting larger organizations to wring out high dollar extortion payments and intensified focus on supply chain attacks, predicts Moody's Ratings. The share of ransomware victims willing to meet criminal demands for money is at record lows.

Palo Alto, CrowdStrike, Zscaler Eye Firewall, SIEM Replacement, Incident Recovery
Three of the world's largest pure-play cybersecurity vendors recently reported earnings, grappling with SIEM and firewall displacement opportunities along with rebounding from a massive outage. Palo Alto Networks continues to reap the benefits of buying IBM's QRadar SaaS business.

Incidents at Pain Management Firm, Pediatric Hospital Affect 50,000 People
An insider breach at a Florida pain management firm and an email breach at a Colorado pediatric hospital have resulted in more than $1.7 million in fines for HIPAA violations found by federal investigators. The two incidents affected fewer than 50,000 people.

Possible Chinese State-Sponsored Exploit Kit Using Browser Flaws to Deploy Spyware
A possible Chinese state threat group is targeting vulnerabilities in messaging apps to deliver spyware in cross-platform devices used by members of ethnic minorities targeted for repression by Beijing. Trend Micro dubs the group "Earth Minotaur."

FBI Sees Rising AI-Enabled Fraud; Meta Reports Scant Election Interference Use
Artificial intelligence: What's it good for? Per the old song about war, the answer isn't "absolutely nothing," but so far it also isn't "absolutely everything." New findings pinpoint where generative AI and deepfakes are hot - fraud - and where they're not - election interference

The torrents of public hostility directed at health insurers in the aftermath of UnitedHealthCare CEO Brian Thompson's murder are serious signs of intensifying cyber and physical threats facing the C-suites of healthcare and many other sectors, said Chris Pierson, founder and CEO of BlackCloak.

Also, Man Who Stole $3.5M of Cloud Computing to Mine $1M in Crypto Pleads Guilty
This week, Solana npm package attack, a Brazilian banking giant entered crypto trading and a Nebraska man pleaded guilty to cryptojacking. Australia tightened rules for crypto businesses and crypto losses dropped in 2024 and DMM Bitcoin will cease operations.

Project Mellissa Contributed Toward Disruptive Actions
A Dutch public and private sector anti-ransomware initiative has contributed to ransomware disruptions globally, found an assessment from the University of Leiden. "Project Melissa" was launched in 2023 by Cybersafe Netherlands, the Dutch National Cyber Security Center and security companies.

David Sacks Appointed as Trump's AI and Crypto Czar Amid Growing Industry Concerns
President-elect Donald Trump's appointment of former PayPal executive David Sacks to serve as the inaugural White House czar for artificial intelligence and cryptocurrency is already raising significant concerns about potential conflicts of interest and market favoritism.