Syniverse Routes Over 1 Trillion Messages Annually for AT&T, Verizon, Others
Telecommunications service provider Syniverse, which routes 1 trillion messages annually for many of the world’s mobile phone carriers, has disclosed a five-year breach of its systems, which handle call metadata and text messages. Experts say the exposed data poses serious criminal and espionage risks.

https://www.inforisktoday.co.uk/text-messaging-routing-firm-syniverse-reveals-5-year-breach-a-17682

This Is the 3rd Attack Involving the US Web Hosting Service Epik
Hacktivist collective Anonymous has for the third time carried out an attack involving Washington-based domain name registrar and web hosting service Epik, according to independent Texas journalist Steven Monacelli. This time around, the group leaked data belonging to the Republican Party of Texas.

https://www.inforisktoday.co.uk/anonymous-leaks-data-from-texas-gop-a-17679

FDA Warns Exploitation of Security Flaw Could Cause Death
The Food and Drug Administration on Tuesday issued a warning notifying patients that medical device maker Medtronic has expanded a recall of remote controllers for certain wireless insulin pumps that were part of an earlier recall. The FDA has classified the recall as the most serious type due to issues that could result in serious injury or death.

https://www.inforisktoday.co.uk/medtronic-insulin-pump-devices-recalled-due-to-serious-risks-a-17680

Agency Issues Best Practices for Communicating Device Vulnerabilities
The Food and Drug Administration has issued a new best practices document for healthcare industry stakeholders and government agencies to use when communicating medical device vulnerabilities to patients and caregivers.

https://www.inforisktoday.co.uk/fda-how-to-inform-patients-about-medical-device-cyber-flaws-a-17677

Head of NSA, Cyber Command Says US Will Continue to Battle Ransomware for Years
Some of the highest-ranking cybersecurity officials in the U.S. government discussed the pervasive threat of ransomware on Tuesday, likening it to a clear issue of national security with the ability to inflict measurable damage on major world powers.

https://www.inforisktoday.co.uk/top-us-cyber-officials-say-ransomware-here-to-stay-a-17678

BlackMatter, HelloKitty and REvil Among Groups Targeting VMware’s ESXi Hypervisor
Hypervisors under fire: BlackMatter, HelloKitty and REvil are among the ransomware groups targeting instances of VMware’s ESXi. In one case investigated by security firm Sophos, after first accessing a TeamViewer account, attackers left an organization’s ESXi environment crypto-locked just three hours later.

https://www.inforisktoday.co.uk/how-ransomware-attackers-hit-virtual-machine-hypervisors-a-17675

Social Media Giant Confirms Incident via Twitter; Analysis Suggests DNS Issue
Social media giant Facebook experienced a global outage on Monday that also involved its properties - including Instagram, Messenger and WhatsApp. According to Cisco’s internet analysis division, ThousandEyes, the tech giant experienced a DNS issue that hindered access to Facebook’s tools and apps.

https://www.inforisktoday.co.uk/facebook-instagram-whatsapp-suffer-widespread-outage-a-17669

DOJ: Thousands of US Service Members, Veterans Targeted
A former U.S. Army contractor has been sentenced to 12 years and seven months in prison and ordered to pay $2,331,639.85 in restitution, for conspiring to commit wire fraud and launder money, targeting thousands of military-affiliated individuals, according to a Department of Justice statement.

https://www.inforisktoday.co.uk/ex-army-contractor-sentenced-to-12-years-for-fraud-a-17670

Some Patients’ Care Previously Postponed Due to COVID-19; What Happens Now?
Two Indiana hospitals say their IT systems are disabled as they recover from cyberattacks suffered last week. Both hospitals in recent weeks have had to divert patients or postpone elective procedures as COVID-19 cases surged in the state. So what’s the impact of the attacks on patient care?

https://www.inforisktoday.co.uk/cyberattacks-disable-networks-at-2-indiana-hospitals-a-17671

DSCI: Ransomware Alkhal Likely Spread Via Phishing, Malicious URLs
The Data Security Council of India has issued an advisory about newly discovered ransomware Alkhal, which uses a strong encryption tool and has no known decryptor to recover lost data. The ransomware was likely discovered on Oct. 1 by security firms Malwarebytes and Cyclonis.

https://www.inforisktoday.co.uk/new-file-locking-malware-no-known-decryptor-found-a-17673

$150 Million in Worldwide Losses Tied to Unnamed Ransomware Operation and Suspects
Police in Ukraine have arrested two members of a ransomware operation they say has targeted businesses in North American and Europe, leading to victim losses totaling at least $150 million. The operation also involved French cyber police, the FBI and Interpol, backed by Europol’s European Cybercrime Centre.

https://www.inforisktoday.co.uk/ukraine-busts-2-suspects-tied-to-major-ransomware-group-a-17667

Sarwent Malware Can Execute Remote Tasks
Fraudsters are impersonating Amnesty International by building a fake site to distribute malware purporting to be an anti-virus tool to protect against the NSO Group’s Pegasus tool, according to researchers at Cisco Talos.

https://www.inforisktoday.co.uk/hackers-impersonate-amnesty-international-to-spread-malware-a-17666

Cites Need to Secure Privately Owned Critical Infrastructure, Signs Proclamation
As Cybersecurity Awareness Month kicks off this week, U.S. President Joe Biden has weighed in on his administration’s efforts to curb cyberattacks and bolster the federal government’s security posture.

https://www.inforisktoday.co.uk/president-biden-touts-cybersecurity-efforts-a-17665

Suit Alleges Inability to Access Critical Fetal Monitoring Data Was Malpractice
The death of a baby born with complications during a 2019 ransomware attack on an Alabama hospital – one that left clinicians unable to access electronic health records and patient monitoring systems - is intensifying the spotlight on the potentially fatal consequences of such cyber incidents.

https://www.inforisktoday.co.uk/lawsuit-hospitals-ransomware-attack-led-to-babys-death-a-17663

‘Technology Modernization Fund’ Announces 7 Projects at 4 US Agencies
Four federal agencies have been awarded $311 million to bolster the U.S. government’s cyber defenses and address IT modernization challenges, according to the interagency board of the Technology Modernization Fund, a federal funding source, which made the announcement Thursday.

https://www.inforisktoday.co.uk/us-agencies-awarded-311-million-in-cybersecurity-funds-a-17664

Discussion Also Addresses Fraudsters’ Evolving Tactics
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why enterprises need a multilayered approach to securing identity, how fraud will evolve in 2022 and the need to secure backdoors to prevent ransomware attacks.

https://www.inforisktoday.co.uk/ismg-editors-panel-protecting-active-directory-from-ransomware-attacks-a-17660

Exposed Data Includes Login Credentials, Security Questions
Neiman Marcus Group says it is notifying 4.6 million of its online customers who are affected by a data breach that occurred in May 2020. The data includes personally identifiable data, payment and gift cards, online account credentials and security questions.

https://www.inforisktoday.co.uk/neiman-marcus-says-46m-affected-by-data-breach-a-17658

State’s Renewal of Relaxed Regs Mirrors Handling of Federal HIPAA Waivers
California is extending a waiver that was set to expire this week. Similar to action taken by federal regulators, the extended California waiver relaxes enforcement of certain privacy and security regulations related to healthcare providers that offer telehealth services.

https://www.inforisktoday.co.uk/california-extends-telehealth-privacy-security-waivers-a-17656

Agency Is Also Keeping Its ‘Rumor Control’ Website Active Ahead of Midterm Elections
A new self-assessment tool aims to help public and private sector organizations assess their level of vulnerability to insider threats, according to CISA. The agency also indicated this week it will keep its “rumor control” website active ahead of the 2022 midterm elections.

https://www.inforisktoday.co.uk/cisa-launches-insider-threat-self-assessment-tool-a-17657

Part 2 of ‘Operation Epik Fail’ Leaks 300GB of Data, Researcher Says
Hacktivist collective Anonymous has, for the second time this month, leaked data belonging to Washington-based domain name registrar and web hosting service Epik. The size of the second set: more than 300GB - double the amount in the first leak.

https://www.inforisktoday.co.uk/anonymous-leaks-epik-data-again-a-17655