Integris Health, Oklahoma's largest non-profit healthcare system, has recently started informing patients of a data breach impacting their personal information.  The data breach occurred at the end of November, but the attack did not impact the healthcare provider's operations.  The company announced that the compromised personal information includes names, contact information, dates of birth, demographic data, and Social Security numbers.  Integris Health says that the personal information potentially affected varies by individual.

Since 2019, Operation Triangulation spyware attacks on iPhone devices have used undocumented features in Apple chips to evade hardware-based security protections. Over the past year, analysts have been reverse-engineering the sophisticated attack chain to get further details on the campaign discovered in June 2023. The use of obscure hardware features, most likely reserved for debugging and factory testing, to execute spyware attacks against iPhone users suggests that an advanced threat actor carried out the campaign.

The systems and operations of First American Financial Corporation and several of its subsidiaries appear to have been significantly disrupted by a cyberattack. First American provides title insurance and settlement services to the real estate and mortgage industries. It’s one of the largest title insurance companies in the United States.

National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS has recently confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people.  The company announced that the hackers stole personal information from 82,128 people during a December 2022 data breach.  Details of the December 2022 breach only came to light a year later, after the company began notifying those affected last week.

Mint Mobile has recently disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks.  Mint is a mobile virtual network operator (MVNO) offering budget, pre-paid mobile plans.  On December 22nd, the company began notifying customers via emails titled "Important information regarding your account," stating that they suffered a security incident and a hacker obtained customer information.

Security researchers at Scam Sniffer have discovered a new series of "crypto drainer" malware attacks that have stolen $59m from victims so far after luring them to phishing pages via Google and X ads.  The researchers defined a crypto drainer as a type of malware that tricks the user into approving a transaction, which then automatically drains their cryptocurrency wallets.  The researchers revealed that one particular version, MS Drainer, was behind the new spate of attacks.

Security researchers at ReasonLabs have discovered that three malicious Chrome extensions posing as VPNs were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers.  The researchers noted that the malicious extensions are spread via an installer hidden in pirated copies of popular video games like Grand Theft Auto, Assassins Creed, and The Sims 4, which are distributed from torrent sites.  The researchers notified Google of its findings, and the tech giant removed the offending extensions from the Chrome Web Store.

According to security researchers at Corvus Insurance, ransomware groups seemed to return with a vengeance in November after a quieter month in October, with the highest number of listed victims ever recorded.  The researchers observed 484 new ransomware victims posted to leak sites in November.  This represents a 39.08% increase from October and a 110.43% increase compared with November 2022.  The researchers noted that this is the eleventh month in a row with a year-on-year increase in ransomware victims and the ninth in a row with victim counts above 300.

The National Cybersecurity Center of Excellence (NCCoE) has released NIST Internal Report (IR) 8432, "Cybersecurity of Genomic Data," which delves into current genomic data security practices, challenges, and proposed solutions identified by genomic data stakeholders from industry, government, and academia. The growth of the US bioeconomy has been fueled by genomic data, including DNA sequences, variants, and gene activity. The value of this information has sparked cybersecurity and privacy concerns.

Sauvik Das, assistant professor at Carnegie Mellon's Human-Computer Interaction Institute, and fellow researchers have explored how to disable smart speakers' microphones and provide users with perceptible assurance that they are not being recorded. Many users know that their smart speakers have built-in microphones, but they are unsure when the speakers are recording data and what data is eventually transmitted and processed. Smart speaker manufacturers are commonly companies that gain significant benefits from collecting users' personal data, but there are privacy risks.