Several important events happened that merit your attention:
NYSE hack fine: The US SEC has fined Intercontinental Exchange (ICE), the company behind the New York Stock Exchange (NYSE), $10 million for failing to report an April 2021 security breach in a timely manner.
Apple's WPS is leaking: Apple's Wi-Fi Positioning System (WPS) is leaking too much information about nearby devices to a threat actor querying its official API. Researchers say that by constantly updating this map, they can track the movement of individuals and groups of people over time.
Iranian hackers target Albania and Israel: In a series of calculated cyberattacks linked to Iran's Ministry of Intelligence and Security, hackers targeted critical infrastructure in Albania and disrupted Israel's security systems amid the Israel-Hamas conflict.
GitHub and FileZilla hijacked in new malware scheme: Russian-speaking cybercriminals are leveraging GitHub and FileZilla to spread malware, including Atomic and Vidar. The operation has employed malvertising and SEO poisoning to target users on Android, macOS, and Windows.
Is Microsoft spying on You: The UK's Information Commissioner's Office haslaunched an investigation into Microsoft's "Recall," a controversial feature exclusive to Copilot+ PCs, which captures frequent screenshots to facilitate AI-assisted file searches but has faced backlash for potential privacy risks.
US EPA warns water utilities amid cyber vulnerabilities: The US Environmental Protection Agency (EPA) has issued an enforcement alert to water utilities, urging them to enhance their cybersecurity defenses. After inspections revealed that over 70% of facilities fail to meet basic standards, including unpatched systems and default passwords, the EPA warned of potential civil and criminal actions against non-compliant utilities.
Space warfare escalates: The U.S. accuses Russia of launching a space weapon capable of attacking satellites, which Russia dismisses as "fake news." Despite the denial, the Pentagon asserts the weapon is in the same orbit as a U.S. government satellite, posing a direct threat.
Industry news: Lumos, an identity and access management (IAM) and identity governance platform, raised $35 million. Witness AI, an AI governance and safety platform, raised $27.5 million. SOCRadar, anattack surface management (ASM) platform, raised $25.5 million. Patronus AI, platform focused on automated adversarial testing and risk assessment of Large Language Models (LLMs), raised $17 million. AuditBoard was acquired by Hg for $3 billion. Venafi was acquired by CyberArk for $1.5 billion. Informer was acquired by Bugcrowd. Netsurion was acquired by Lumifi Cyber.
These are virtual and live events for the cyber community you may find interesting:
Christie's auction house confirmed a data breach by the Ransom Hub group, involving the theft of sensitive data of 500,000 individuals, including high net worth clients.
EquationCorp and USDoD (threat actors), just dumped a 70 million row database of American criminal records.
Sav-Rx data breach leaves over 2.8 million Americans' health and personal information exposed.
The US pharmaceutical giant Cencora breach rocked the healthcare world, as US patient data from 11 drug companies was leaked.
BAMSI reveals that data breaches have impacted over 20,000 individuals in major security lapses.
Western Sydney University was hit by a data breach, compromising emails and SharePoint of 7,500 students and staff.
Nearly 55,000 are at risk as California school administrators' group was hit by a cyberattack.
Nearly all Eindhoven resident's details were exposed in a massive city data breach.
Hackers leak pcTattletale's secrets, such as the spyware app's source code and internal data, which are exposed after website defacement.
ABN AMRO client data is potentially exposed after supplier AddComm falls victim to a ransomware attack.
Patriot Mobile, America's exclusive Christian conservative wireless provider, was hit by a major data breach.
The American Radio Relay League, ARRL, was hit by a ransomware attack, causing widespread disruption for radio enthusiasts.
Nissan Oceania's emergency call center, established post-cyberattack, falls victim to its own security breach.
But a handful of them were nabbed 👮:
Neculiti brothers: Infosec reporter Brian Krebs has picked up and expanded on a Correctiv report covering the Neculiti brothers, Ivan and Juri, two Moldavian nationals behind several shady web hosting companies.
Russian hacker indicted for unauthorized network access: Evgeniy Doroshenko, a 31 years old Russian citizen, also known as "Flanker," has been indicted for selling unauthorized access to networks, including a U.S. company in New Jersey, facing charges of wire fraud and computer fraud.
Phishing scammer caught in a $37 million Coinbase fraud: Indian national Chirag Tomar, 30, admitted to a Coinbase phishing scam, stealing $37 million, pleading guilty to hefty federal charges, confirmed U.S. Attorney Dena J. King.
Dark web kingpin arrested in New York: Rui-Siang Lin, known as "Pharoah," the alleged mastermind behind the Incognito dark web market, was captured in New York. His platform processed over $100 million in illicit drug transactions. Lin now faces potential life imprisonment.
Georgia man sentenced for $4.5 million email and romance scams: Malachi Mullings of Sandy Springs, Georgia, received a 10-year prison sentence today for laundering over $4.5 million through business email compromise and romance scams, including defrauding elderly victims and a health care program.
