CSO, Data breaches and Phishing - Cyber Security Informer

Security Roundup April 2025

BH Consulting

APRIL 30, 2025

Third-party risk rises as a factor in breaches: Verizon DBIR 2025 Verizons latest annual Data Breach Investigations Report (DBIR) shows some concerning trends with a sharp escalation in global cyber threats. Landed earlier than usual, the 2025 edition found that 30 per cent of breaches involved third-parties, doubling from 2024.

Data breaches

Data breaches Scams Cybercrime CSO

Key Cybersecurity Trends for 2025. My Predictions

Jane Frankland

JANUARY 12, 2025

Sophisticated social engineering tactics, phishing campaigns, or financial incentives make it easier for cybercriminals to use insiders as tools for gaining access and maintaining their foothold in systems rather than hacking in. Cyber threats often exploit human errors, whether through phishing attacks, weak passwords, or lapses in protocol.

Cybersecurity

Cybersecurity CISO Insurance IoT

How attackers could exploit breached T-Mobile user data

CSO Magazine

AUGUST 23, 2021

T-Mobile has confirmed a data breach that impacted nearly 50 million people, including current, former and prospective subscribers. Victims of the T-Mobile or any other breach where personal data is stolen should be aware of follow-on attacks and take steps to mitigate them.

Mobile

Mobile CSO Data breaches Phishing

Timeline of the latest LastPass data breaches

CSO Magazine

JANUARY 11, 2023

The security incident was the latest to affect the service in recent times in the wake of unauthorized access to its development environment in August last year , serious vulnerabilities in 2017 , a phishing attack in 2016 , and a data breach in 2015. To read this article in full, please click here

Data breaches

Data breaches Password Management Passwords Encryption

Credential stuffing explained: How to prevent, detect, and defend against it

CSO Magazine

MAY 27, 2021

Billions of login credentials have landed in the hands of hackers over the past several years as a result of data breaches. These credentials fuel the underground economy and are used for everything from spam to phishing and account takeovers. Get the latest from CSO by signing up for our newsletters. ]

CSO

CSO Passwords Data breaches Accountability

Attackers use stolen banking data as phishing lure to deploy BitRAT

CSO Magazine

JANUARY 4, 2023

In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. Stolen data used to add credibility to future attacks.

Banking

Banking Phishing Data breaches Marketing

Survey: Alarming Number of IT Professionals Told to Conceal Breaches

SecureWorld News

APRIL 10, 2023

Imagine your company experienced a major data breach, but instead of notifying the appropriate parties and taking necessary actions, you were instructed to keep it quiet! was also leading the list in terms of the percentage of respondents who claimed they'd been told to keep a breach concealed (71%).

Data breaches

Data breaches CSO Social Engineering Cyber threats

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

Guardz releases AI-powered phishing protection solution for SMEs, MSPs

CSO Magazine

JUNE 8, 2023

Cybersecurity vendor Guardz has announced the release of a new AI-powered phishing protection solution to help small- and medium-sized businesses (SMBs) and managed service providers (MSPs) prevent phishing attacks. To read this article in full, please click here

Phishing

Phishing Small Business Data breaches Technology

BrandPost: Why the phishing blame game misses the point

CSO Magazine

MARCH 22, 2023

Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. When they do, and that phishing attack leads to a damaging data breach, who’s at fault? The phishing ‘click this, not that’ contradiction To read this article in full, please click here

Phishing

Phishing Data breaches Mobile Marketing

Uber data stolen via third-party vendor

Malwarebytes

DECEMBER 15, 2022

Attack dates against Teqtivity and Uber have yet to be established; however, a threat actor named "UberLeaks" began leaking the stolen data on BreachForums, a site infamous for posting data breaches, around early Saturday morning, according to BleepingComputer. UberLeaks claimed the data came from Uber and Uber Eats.

Data breaches

Data breaches CSO Backups Mobile

Uber Data Exposed After Law Firm's Breach

SecureWorld News

APRIL 6, 2023

Uber has suffered yet another data breach after a third-party law firm's servers were attacked. The law firm, Genova Burns, which provides legal counsel to Uber, has notified an unknown number of its drivers that sensitive data has been exposed and stolen due to a cyberattack.

Data breaches

Data breaches CSO Phishing Risk

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

The Last Watchdog

MARCH 25, 2019

That’s how they’re going to transfer data in, hopefully, a secure channel to pass information back and forth with each other.”. However, APIs are also more frequently the source of data breaches and other cyber incidents. No one really knows exactly how many APIs are out there. And that’s just one phone. Postal Service.

Digital transformation

Digital transformation Software Data breaches Authentication

BrandPost: Secure Microsoft 365 with Reveal(x) 360 Network Detection and Response

CSO Magazine

NOVEMBER 5, 2021

User identities can be compromised through phishing, brute force, or simple abuse by malicious insiders. Once an identity or set of credentials is compromised, any data they have access to is at risk and the identity can be used as part of a social engineering or spear-phishing attack to access more privileged credentials.

Social Engineering

Social Engineering Phishing Data breaches Risk

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

Viewing these videos, adversaries can begin to compile metadata about an individual’s behaviors preferences – intel that could be applied toward targeting phishing campaigns, according to Setu Kulkarni, vice president of Strategy at WhiteHat Security. Odds are more than one was breached here,” said Davisson. “I

Surveillance

Surveillance IoT Accountability Hacking

ChatGPT Security and Privacy Issues Remain in GPT-4

eSecurity Planet

APRIL 27, 2023

In March, the company disclosed a data breach that exposed about 1.2% Those issues continue to exist in ChatGPT, and both can be tricked into creating ransomware , obfuscating malware , and other exploits, they said. But OpenAI has experienced some problems with its generative AI platform that could also apply to GPT-4.

Engineering

Engineering Risk CSO Software

Security Roundup October 2023

BH Consulting

OCTOBER 15, 2023

It found the most common intrusion tactics are phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing, and exploiting Virtual Private Network (VPN) vulnerabilities. Data protection and privacy developments Local and international news takes the stage here. MORE Have you signed up to our monthly newsletter?

Ransomware

Ransomware Data breaches CSO Cyber Attacks

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

The Last Watchdog

JULY 25, 2024

Starting now and for at least the next month, all organizations should be in a heightened state of vigilance for phishing emails purporting to be from, or affiliated with, CrowdStrike. Dimitri Chichlo , CSO, BforeAI Chichlo Our networks remain fragile because of interdependence and the assumption that technology always works.

Technology

Technology Ransomware Software Cyber Attacks

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Cyber Security Informer

Security Roundup April 2025

Key Cybersecurity Trends for 2025. My Predictions

Trending Sources

How attackers could exploit breached T-Mobile user data

Timeline of the latest LastPass data breaches

Credential stuffing explained: How to prevent, detect, and defend against it

Attackers use stolen banking data as phishing lure to deploy BitRAT

Survey: Alarming Number of IT Professionals Told to Conceal Breaches

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Guardz releases AI-powered phishing protection solution for SMEs, MSPs

BrandPost: Why the phishing blame game misses the point

Uber data stolen via third-party vendor

Uber Data Exposed After Law Firm's Breach

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

BrandPost: Secure Microsoft 365 with Reveal(x) 360 Network Detection and Response

Camera tricks: Privacy concerns raised after massive surveillance cam breach

ChatGPT Security and Privacy Issues Remain in GPT-4

Security Roundup October 2023

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

Top Cybersecurity Accounts to Follow on Twitter

Stay Connected