The Department of Health and Human Services has introduced updates to the Health Insurance Portability and Accountability Act that would prevent healthcare organizations, doctors, and insurers from providing protected health information to state prosecutors in a bid to bolster abortion providers' and patients' privacy protections, according to The Record, a news site by cybersecurity firm Recorded Future.
Stealthy industrial-scale data exfiltration attacks have been launched by Chinese cyberespionage operation ToddyCat against government entities, including defense organizations, across the Asia-Pacific through its arsenal of advanced hacking tools, according to The Hacker News.
Data exfiltration and privilege escalation attacks leveraging the novel GooseEgg hacking tool to exploit an already addressed Windows Print Spooler flaw, tracked as CVE-2022-38028, have been deployed by Russian cyberespionage operation APT28, also known as Forest Blizzard, against government, education, transportation, and non-government organizations since April 2019, BleepingComputer reports.
Approval has been given by the Senate to legislation that would extend Section 702 of the Foreign Intelligence Surveillance Act for another two years, which headed to the desk of President Joe Biden just minutes after the surveillance law expired, reports CyberScoop.
Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.
Information-stealing trojan RedLine Stealer has gained a more advanced variant leveraging the Lua bytecode and spoofing game cheats to facilitate increased stealth, The Hacker News reports.
Ransomware operation HelloKitty has coincided its rebranding to HelloGookie with the publication of internal Cisco network data exfiltrated from a 2022 attack, exfiltrated source code for several CD Projekt Red games from a 2021 attack, and four private decryption keys for other intrusions that involved an older iteration of its ransomware encryptor, according to BleepingComputer.