Schneier on Security

AUGUST 2, 2023

There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. The rules go into effect this December.

Cybersecurity 242

Cybersecurity Risk Government Accountability 242

Security Affairs

OCTOBER 23, 2024

It becomes increasingly difficult to gain complete visibility or transparency that could help security and privacy teams discover sensitive data, identify its security and compliance postures, and mitigate risks. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks.

Data privacy 126

Data privacy Unstructured Data Risk Data breaches 126

Security Affairs

FEBRUARY 4, 2025

The investigation revealed that attackers had compromised an account associated with a third-party provider of support services. Then GrubHub locked out the attackers and removed the hacked account. Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider.”

Data breaches 114

Data breaches Passwords Accountability Hacking 114

The Last Watchdog

DECEMBER 18, 2024

This shift is expected to place significant pressure on organizations that haven’t yet developed trusted data to manage risk effectively. Sherrets Dane Sherrets , Innovation Architect, HackerOne Well see greater industry adoption of AI security and safety standards. Failure risks fines or supplier bans.

Cybersecurity 130

Cybersecurity CISO Risk Government 130

Security Affairs

NOVEMBER 7, 2024

SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.” SentinelLabs researchers speculate DPRK-linked actors targeting the crypto industry since July 2024 as part of the Hidden Risk campaign.

Malware 123

Malware Risk Architecture Cryptocurrency 123

Security Affairs

DECEMBER 21, 2024

” Recently, The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. The BadBox malware, pre-installed on devices, creates email and messaging accounts for spreading disinformation.

Firmware 142

Firmware Malware Internet Internet 142

Security Affairs

DECEMBER 18, 2024

The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. “This data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the EU/EEA. ” reads the press release published by DPC.

Data breaches 106

Data breaches Accountability Risk Advertising 106

Security Affairs

NOVEMBER 7, 2024

CVE-2024-5910 – In July, Palo Alto Networks released security updates to address five security flaws impacting its products, the most severe issue, tracked as CVE-2024-5910 (CVSS score: 9.3), is a missing authentication for a critical function in Palo Alto Networks Expedition that can lead to an admin account takeover.

Firewall 125

Firewall Authentication Accountability Risk 125

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. reads a statement published by Sophos on Mastodon. “In In one case, attackers dropped Fog ransomware. concludes Sophos.

Backups 130

Backups VPN Ransomware Authentication 130

Security Boulevard

JUNE 9, 2025

In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. We’re information security engineers at Tenable. It's about understanding business risk and prioritizing actions that reduce the potential for attack.

Risk 52

Risk Mobile Engineering IoT 52

Security Affairs

JUNE 19, 2025

With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. While many records overlap, the true number of exposed accounts is still unclear. The leaked datasets range from 16 million to 3.5

Data breaches 111

Data breaches Identity Theft Passwords Malware 111

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 307

Scams Artificial Intelligence Cryptocurrency Accountability 307

Schneier on Security

NOVEMBER 9, 2018

The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. Many sets of data, both research and grey, fall outside privacy regulations such as HIPAA, FERPA, and PII.

Data collection 232

Data collection Cyber Risk Risk Government 232

SecureWorld News

NOVEMBER 14, 2024

Significant Financial and Operational Costs: Healthcare providers, faced with potential HIPAA fines and the risk of service interruptions, may feel pressured to pay ransom demands. This stolen data is often exposed on both the clear and dark web, heightening risks of identity theft and further perpetuating cybercrime. Louis, Missouri.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

Security Affairs

APRIL 27, 2024

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Your account may have been one of those accessed.” ” continues the notification.

Accountability 139

Accountability Passwords Data breaches Hacking 139

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Security Affairs

OCTOBER 22, 2024

The security breach exposed low-sensitivity performance monitoring data, including customer usernames, account info, and encrypted internal credentials. A threat actor exploited a zero-day vulnerability in a non-Rackspace utility bundled with the ScienceLogic application. Rackspace helped ScienceLogic address this issue.

Encryption 123

Encryption Hacking Accountability Cybersecurity 123

Security Affairs

MARCH 24, 2025

The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device.

Malware 116

Malware Scams Identity Theft Antivirus 116

SecureWorld News

MARCH 20, 2025

Phishing plays straight out of the cybercrime playbook "March Madness brings heightened cybersecurity risks this year, especially with the expansion of sports gambling beyond traditional office pools creating new attack vectors for credential harvesting and financial fraud," warns J.

Scams 82

Scams Social Engineering Mobile Phishing 82

Zero Day

JUNE 6, 2025

Collectively, they could easily put affected customers at risk for account takeovers and identity theft. million former account holders. This leak reportedly included full names, dates of birth email addresses, mailing addresses, phone numbers, social security numbers, and AT&T account numbers.

Password Management 128

Password Management Passwords Artificial Intelligence Software 128

Security Affairs

MAY 17, 2025

Google Chromium Loader Insufficient Policy Enforcement Vulnerability – This week Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. CVE-2025-4664 (CVSS score of 4.3) CVE-2025-42999 (CVSS score of 9.1)

Risk 102

Risk Hacking Accountability Cybersecurity 102

SecureWorld News

DECEMBER 12, 2024

Trey Ford, Chief Information Security Officer at Bugcrowd, observed, "This incident may not have been made public if it wasn't for the Form 8-K requirement." To mitigate such risks, organizations must adopt proactive measures.

Password Management 109

Password Management Passwords CISO Cybersecurity 109

Security Affairs

NOVEMBER 18, 2024

The Irish Data Protection Commission found that Instagram’s default settings made children’s accounts visible to the public, exposing personal information like phone numbers and email addresses. For businesses operating internationally, staying ahead of regulatory changes is key to mitigating risk.

Data privacy 128

Data privacy Risk Surveillance Government 128

Krebs on Security

OCTOBER 5, 2022

The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Accountability 316

Accountability Scams Artificial Intelligence Cryptocurrency 316

Daniel Miessler

MAY 8, 2020

Use a password manager to make and store good passwords that are different for every account/device. The second most important thing to do is make sure you keep all your computers and devices updated with security fixes. Enable 2FA for high-risk systems. Segment your high-risk devices onto a separate network.

Passwords 255

Passwords DNS Accountability IoT 255

Security Affairs

DECEMBER 19, 2023

By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk. The BMW Kun Exclusive put its systems at risk by leaving an environment configuration file (.env) Cybernews has no information on how the companies are connected.

Risk 120

Risk Identity Theft Data breaches Accountability 120

Centraleyes

MARCH 17, 2025

Every organization faces risks that threaten its objectives, assets, and operations. A risk assessment is the foundation for identifying, analyzing, and prioritizing these risks. Understanding the basics of risk assessment is the first step in building a resilient and proactive strategy to mitigate risks and vulnerabilities.

Risk 52

Risk Insurance Small Business Cybersecurity 52

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The French agency noticed that the threat actors used different techniques to avoid detection, including the compromise of low-risk equipment monitored and located at the edge of the target networks.

Accountability 129

Accountability Government Phishing Authentication 129

The Last Watchdog

APRIL 13, 2022

Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S. Accounting for humans.

Cybersecurity 214

Cybersecurity Cybercrime Education Government 214

Security Affairs

OCTOBER 29, 2024

The vendor also provided a workaround to minimize potential risks, they recommended to restrict firewall management to trusted sources or disable firewall WAN management from Internet access. Visibility gaps hampered analysis of firewall logs across a subset of intrusions, while others suggested that existing accounts had been compromised.”

VPN 129

VPN Ransomware Firewall Internet 129

Krebs on Security

DECEMBER 1, 2022

While modern Microsoft Windows operating systems by default will ask users whether they want to run a downloaded executable file, many systems set up for remote administration by MSPs disable that user account control feature for this particular application. build and the then-canary 22.9

Phishing 315

Phishing Architecture Passwords Accountability 315

SecureWorld News

MARCH 13, 2025

While the AI-generated malware in this case required manual intervention to function, the fact that these systems can produce even semi-functional malicious code is a clear signal that security teams need to adapt their strategies to account for this emerging threat vector."

Malware 112

Malware Cybersecurity Cyber threats Threat Detection 112

SecureWorld News

DECEMBER 30, 2024

This may involve identifying compromised servers, web applications, databases, or user accounts. Disable compromised accounts or restrict their permissions immediately, update passwords for authorized users to prevent further unauthorized access. Introduce MFA for all corporate accounts.

Data breaches 111

Data breaches Social Engineering Passwords Accountability 111

SecureWorld News

JULY 3, 2024

However, this trend also introduces significant data security risks that cannot be overlooked. To navigate the complexities of global talent outsourcing while safeguarding valuable data, organizations must adopt a proactive and comprehensive approach to risk mitigation. Unauthorized access to sensitive data 1.

Risk 111

Risk Data breaches Penetration Testing Encryption 111

Security Affairs

OCTOBER 16, 2024

“All information related to the cybercriminal has already been handed over to the authorities. Among them, it was possible to identify tax registration, email addresses, registered domains, IP addresses, social media accounts, telephone number and city. Exposing the identities of individuals in an intelligence report presents risks.

Data breaches 127

Data breaches Media Cybercrime Accountability 127

Security Affairs

MARCH 10, 2025

“Working with dozens of victims, security researchers Nick Bax and Taylor Monahan found that none of the six-figure cyberheist victims appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto theft, such as the compromise of ones email and/or mobile phone accounts, or SIM-swapping attacks.”

Password Management 83

Password Management Cryptocurrency Passwords Data breaches 83

SecureList

DECEMBER 9, 2024

This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. However, delegating tasks also introduces new information security challenges.

Internet 111

Internet Internet Risk Social Engineering 111