Cyberattackers Accessed HealthEquity Customer Info via Third Party | Smart Cars Prompt Calls for Federal Scrutiny

Data thieves heisted the HSA provider's data repository for 4.5 million people's HR information, including employer and dependents intel. [TechWeb]( Follow Dark Reading: [RSS]( August 01, 2024 LATEST SECURITY NEWS & COMMENTARY [Cyberattackers Accessed HealthEquity Customer Info via Third Party]( Data thieves heisted the HSA provider's data repository for 4.5 million people's HR information, including employer and dependents intel. [Smart Cars Share Driver Data, Prompting Calls for Federal Scrutiny]( Two US senators accuse carmakers of deceptive language and shifty practices in sharing and resale of driver data. [Ransomware Gangs Exploit ESXi Bug for Instant, Mass Encryption of VMs]( With sufficient privileges in Active Directory, attackers only have to create an "ESX Admins" group in the targeted domain and add a user to it. [Microsoft: Azure DDoS Attack Amplified by Cyber-Defense Error]( The sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30. [India-Linked SideWinder Group Pivots to Hacking Maritime Targets]( The nation-state espionage group known for attacking Pakistan has expanded its reach to targets in Egypt and Sri Lanka. [CrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball]( The fake updates are part of a phishing and fraud surge that is both more voluminous and more targeted that the usual activity around national news stories. [Dynamically Evolving SMS Stealer Threatens Global Android Users]( A network of more than 2,600 Telegram bots has helped exfiltrate one-time passwords and data from devices for more than two years. [North Koreans Target Devs Worldwide With Spyware, Job Offers]( DEV#POPPER is back, looking to deliver a comprehensive, updated infostealer to coding job seekers by way of a savvy social engineering gambit. [Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4]( A software engineer hired for an internal IT AI team immediately became an insider threat by loading malware onto his workstation. [Siri Bug Enables Data Theft on Locked Apple Devices]( Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device. [7 Sessions Not to Miss at Black Hat USA 2024]( This year's conference will be a treasure trove of insights for cybersecurity professionals. [The CrowdStrike Meltdown: A Wake-up Call for Cybersecurity]( The incident serves as a stark reminder of the fragility of our digital infrastructure. By adopting a diversified, resilient approach to cybersecurity, we can mitigate the risks and build a more secure digital future. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Patch Now: ServiceNow Critical RCE Bugs Under Active Exploit]( One threat actor claims to have already gathered email addresses and associated hashes from more than 110 remote IT management databases. [Unexpected Lessons Learned From the CrowdStrike Event]( How your organization can leverage the disruptive CrowdStrike update to become more resilient. [Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue]( Several vendors for consumer and enterprise PCs share a compromised crypto key that should never have been on the devices in the first place. [Criminal Hackers Add GenAI Credentials to Underground Markets]( According to the study, around 400 stolen GenAI credentials are being sold by threat actors per day. [MORE]( PRODUCTS & RELEASES [Protect AI Acquires SydeLabs to Red Team Large Language Models]( [Cowbell Secures $60 Million Series C Funding From Zurich Insurance Group]( [AI-Driven Executive Impersonations Emerge As Significant Threat to Business Payment Processes]( [Heimdal Security Presents its Latest Report on Brute-Force Cyberattacks]( [Lakera Raises $20M Series A to Secure Generative AI Applications]( [ESET Reveals Latest Cloud-Native Authentication Solution]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Make Your Voice Heard!]( Tell Dark Reading about your cybersecurity budget challenges and concerns, such as a rise in cyberattacks, ransomware, or attacks on software supply chains and partners. Take our survey, and you could could win one of 10 $50 Amazon gift cards to be given away through a random drawing. LATEST FROM THE EDGE [Google Will Not Remove Third-Party Cookies From Chrome]( Cookies aren't going away, after all. After years of saying it will do so, Google has decided to not remove third-party cookies from Chrome. LATEST FROM DR TECHNOLOGY [Could Intel Have Fixed Spectre & Meltdown Bugs Earlier?]( Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn't always the case. LATEST FROM DR GLOBAL ['Zeus' Hacker Group Strikes Israeli Olympic Athletes in Data Leak]( Security presence has been heightened in Paris to ensure that the Games are safe, and Israeli athletes have been provided with even more protection. WEBINARS - [Securing Your Cloud Assets]( - [CISO Perspectives: How to make AI an Accelerator, Not a Blocker]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( - [State of Enterprise Cloud Security]( - [Google Cloud Threat Horizons Report, H1 2024]( - [2024 InformationWeek US IT Salary Report]( - [5 Essential Insights into Generative AI for Security Leaders]( - [SecOps Checklist]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124926&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_08.01.24&sp_cid=54547&utm_content=DR_NL_Dark%20Reading%20Weekly_08.01.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#c4 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)