SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales which may have slipped below the radar.
We offer a precious abstract of tales that won’t warrant a whole article, however are nonetheless vital for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault strategies to important coverage modifications and trade experiences.
Listed below are this week’s tales:
AT&T agrees to $177 million knowledge breach lawsuit settlement
AT&T has been granted preliminary approval to settle lawsuits associated to knowledge breaches that occurred in 2019 and 2024. The telecom large has agreed to pay a complete of $177 million to impacted prospects, who’re eligible to obtain as much as $2,500 or $5,000 relying on the incident that affected them and the losses they suffered. AT&T denied the allegations within the lawsuits and stated it has agreed to the settlement to “keep away from the expense and uncertainty of protracted litigation”.
United Pure Meals restores programs hit by cyberattack
United Pure Meals (UNFI), a distributor for Complete Meals and lots of different supermarkets in North America, has knowledgeable the general public and the SEC that it has restored core programs following the disruptions brought on by a current cyberattack. The incident led to grocery shortages, however the firm now says there isn’t any indication that non-public or protected well being info has been breached. No ransomware group has taken credit score for the assault. Commercial. Scroll to proceed studying.
US Home of Representatives bans WhatsApp
Employees on the US Home of Representatives have acquired a memo instructing them to not use WhatsApp on official gadgets “as a result of lack of transparency in the way it protects consumer knowledge, absence of saved knowledge encryption, and potential safety dangers concerned with its use”. WhatsApp proprietor Meta doesn’t agree, arguing that the app is safer than the alternate options really helpful by the Home, comparable to Microsoft Groups, Wickr, Sign, iMessage and FaceTime. WhatsApp customers are identified to have been focused with refined adware.
FDA releases whitepaper on securing OT used for medical product manufacturing
The FDA has launched a whitepaper on securing operational expertise (OT) used for medical product manufacturing. The paper cites identified ICS assaults and their affect, outlines the challenges of securing OT environments, and summarizes three key elements: technical info trade, safety requirements and compliance, and the necessity for safety by design.
SAP GUI shopper vulnerabilities
Pathlock has disclosed the main points of two not too long ago patched SAP GUI shopper vulnerabilities. Researchers discovered that the SAP GUI enter historical past function shops delicate consumer‑entered values in an unsafe method. Whereas SAP has launched up to date variations that introduce stronger encryption, the fallback mechanisms should depart some shoppers susceptible and Pathlock recommends absolutely disabling the enter historical past performance.
Interpol warns of surge in cybercrime in Africa
A brand new report from Interpol says greater than 30% of all reported crime in Japanese and Western Africa is cybercrime. On-line scams are the commonest, however ransomware, BEC assaults, and sextortion are additionally widespread. Interpol discovered that 90% of African international locations want important enchancment in legislation enforcement and prosecution capability.
Forescout publishes 2025 World Industrial Cybersecurity Benchmark
Forescout’s 2025 World Industrial Cybersecurity Benchmark report exhibits that greater than half of organizations deploy no less than three separate instruments for IT, OT and IoT monitoring, which might create blind spots and delay risk detection and response. As well as, almost 60% of organizations have low or no confidence of their OT and IoT risk detection capabilities. Most are primarily involved about provide chain threats and cybercriminal actions, fairly than state-sponsored assaults and zero-day exploitation.
Ransomware assault contributed to demise
An investigation performed within the UK revealed {that a} ransomware assault launched in 2024 contributed to a affected person’s demise. The assault was launched by the Qilin ransomware group and it focused a pathology companies supplier, which led to lengthy wait occasions for blood check outcomes requested by hospitals. This was one of many elements cited in an investigation into the demise of a person being handled at one of many impacted hospitals.
Norwegian dam hacked
Programs at Norway’s Lake Risevatnet dam had been hacked earlier this yr and the attackers opened water valves at full capability. The unidentified risk actor brought about water to circulate at almost 500 liters per second over the minimal requirement, however that’s nowhere close to the riverbed’s 20,000 liter per second capability, which meant that no actual hurt was brought about. The hack was detected 4 hours later. Much like many different ICS assaults, the incident concerned a weak password fairly than any refined hacking strategies.
Nova Scotia Energy shares cyberattack replace
Canadian electrical utility Nova Scotia Energy has shared one other replace on the current cyberattack. The corporate stated a ransomware group compromised the data of not solely present but additionally former prospects, all of that are being supplied 5 years of free credit score monitoring companies. Nova Scotia Energy beforehand stated that it had notified 280,000 individuals concerning the knowledge breach.
Associated: In Different Information: Viasat Hacked by China, Washington Publish Cyberattack, Crowhammer
Associated: In Different Information: Cloudflare Outage, Cracked.io Customers Recognized, Victoria’s Secret Cyberattack Price
