In today’s cybersecurity news…
Insight Partners warns thousands after ransomware breach
Venture capital and private equity firm Insight Partners is notifying 12,657 people that their data was stolen in a ransomware attack, following a social engineering breach in October 2024. This included banking, tax, employee, and investor information before the firm encrypted servers in January. Insight Partners is offering affected individuals credit and identity monitoring. No ransomware group has claimed responsibility. (Bleeping Computer)
Scattered Spider gang feigns retirement, breaks into bank instead
Scattered Spider, the group that recently claimed it was retiring, has appeared to infiltrate a U.S. bank, according to researchers at ReliaQuest. The attackers gained access by social engineering an executive’s Microsoft Entra ID account, then moved laterally through Citrix, VPN, and VMware systems, stealing credentials and targeting data in Snowflake and AWS. (The Register)
Consumer Reports calls Microsoft ‘hypocritical’
Consumer Reports called Microsoft “hypocritical” for ending free Windows 10 support next month, saying it will strand millions of PCs that can’t run Windows 11 and pose national security risks. PIRG, iFixit, and others joined in, arguing users will be forced to pay $30 for extended support, buy new hardware, or face degraded security. Consumer Reports says Microsoft should provide free updates, citing survey data showing most Windows PCs bought since 2019 are still in use, and were expected to last through the next OS cycle. (ZDNet)
SonicWall warns customers to reset credentials
SonicWall warned customers to reset credentials after attackers accessed firewall configuration backup files in fewer than 5% of MySonicWall accounts using brute-force attacks. Those exposed files contained encrypted passwords but also details that could help exploit firewalls. SonicWall says it’s blocked the attackers’ access, is working with law enforcement, and published guidance for administrators to reset all passwords, keys, and tokens. The company says this wasn’t ransomware and has no evidence the stolen files were leaked online. (Bleeping Computer)
Huge thanks to our sponsor, Drata
With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction.
That means less manual work, and faster deal cycles.
Win with Trust. Learn more at SafeBase.io.
TA558 Deploys Venom RAT
TA558, a threat group tracked as RevengeHotels, is using AI-generated scripts in new phishing campaigns targeting hotels in Brazil and Spanish-speaking markets, according to Kaspersky. The attacks deliver Venom RAT, malware that can steal data, act as a proxy, and disable security tools, while also using anti-kill protections and persistence mechanisms. The phishing lures, written in Portuguese and Spanish, carry JavaScript and PowerShell loaders, with evidence that large language models generated portions of the code. The group has targeted hospitality firms in Latin America since at least 2015. (The Hacker News)
CISA seeks more international involvement in cyber vulnerability
CISA plans to expand international participation in the Common Vulnerabilities and Exposures (CVE) Program, which avoided a funding lapse in April. Assistant Executive Director Nick Andersen emphasized including global partners like ENISA to improve data quality. Andersen also says management won’t shift to another agency, but more U.S. agency engagement is expected. (NextGov)
NIST Awards More Than $3 Million to Support Cybersecurity
The U.S. Department of Commerce’s National Institute of Standards and Technology, known as NIST, is awarding more than $3.3 million in 17 cooperative agreements to organizations across 13 states to address the U.S. cybersecurity workforce shortage. NIST says this leaves 514,000 job openings, with roughly 74 qualified workers per 100 jobs. The grants will fund Regional Alliances and Multistakeholder Partnerships to Stimulate, AKA RAMPS projects, that align local workforce needs with government, academia and the private sector. 47 RAMPS communities in 25 states are now focused on developing skilled cybersecurity professionals. (NIST)
Bridgestone Americas restores network connections after attack
Bridgestone Americas has restored network connections across its North and Latin American facilities after a cyberattack disrupted production earlier this month. The company says it’s gradually ramping operations back to pre-attack levels while investigating the incident with third-party experts and federal law enforcement. Bridgestone hasn’t disclosed how the attackers gained access, whether customer data was affected, or the financial impact. (Cybersecurity Dive)