Category: Privacy/Governance Feed

The Supreme Court has upheld a law that could potentially ban TikTok in the US – Read More  –  

SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments – Read More  –  

Microsoft highlighted a new Star Blizzard campaign targeting WhatsApp accounts, as the group adapts its TTPs following the takedown of its infrastructure by law enforcement – Read More  –  

AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi are accused of operating unlawful data transfers to China – Read More  –  

The EU’s DORA regulation is in effect as of January 17, with mixed evidence around compliance levels among financial firms – Read More  –  

Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks – Read More  –  

Truth Social, launched by the Trump Media & Technology Group in 2022, has become a hotspot for scams like phishing and investment fraud – Read More  –  

The US President’s second cybersecurity Executive Order will impose stricter security standards on software providers – Read More  –  

Compliance with the Digital Operational Resilience Act (DORA) has cost many businesses over €1 million, according to research from Rubrik – Read More  –  

The leak likely comes from a zero-day exploit affecting Fortinet’s products – Read More  –  

HP Wolf highlighted novel techniques used by attackers to bypass email protections, including embedding malicious code inside images and utilizing GenAI – Read More  –  

A proposed settlement order from the FTC will require GoDaddy to strengthen its security practices following multiple data breaches at the web hosting giant – Read More  –  

A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence – Read More  –  

CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks – Read More  –  

The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io – Read More  –  

A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure – Read More  –  

Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024 – Read More  –  

The security provider published mitigation measures to prevent exploitation – Read More  –  

Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests – Read More  –  

Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited – Read More  –  

A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI technology – Read More  –  

Browser-based cyber-threats surged in 2024, with credential abuse and infostealers on the rise – Read More  –  

Barings Law is planning to sue the two tech giants over numerous alleged violations of data misuse, including for AI training – Read More  –  

A UK government consultation has proposed banning public sector and critical infrastructure organizations from making ransomware payments to disincentivize attackers from targeting these services – Read More  –  

CISA claims US critical infrastructure providers are improving cyber hygiene and remediation activities – Read More  –  

The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products – Read More  –  

A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design – Read More  –  

Diplomatic entities in Kazakhstan and Central Asia have been targeted by UAC-0063 using weaponized Word docs deploying HATVIBE malware – Read More  –  

Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption – Read More  –  

Researchers at Check Point said FunkSec operators appear to use AI for malware development – Read More  –  

Three Russian men have been indicted on money laundering charges connected to cryptocurrency mixers – Read More  –  

Telefonica has confirmed a breach of its internal ticketing system exposing more than 236,000 lines of customer data – Read More  –  

In today’s fast-paced digital world, online transactions are the norm, and with that comes a huge responsibility—keeping sensitive payment… The post The Hidden Hero of Payment Security: Why You Need a Payment HSM  appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed – Read More  –  

Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers – Read More  –  

Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites – Read More  –  

Cyber-attacks by China-linked MirrorFace targeted Japan’s national security information in major campaigns operating since 2019 – Read More  –  

A school district said that PowerSchool paid a ransom to prevent the attackers releasing data it accessed of students and teachers in North America    – Read More  –  

A court has ruled the EU Commission infringed an individual’s right to the protection of their personal data by transferring their details to the US    – Read More  –  

The UK government has pledged nearly £2m to 30 new Cyber Local projects designed to enhance cyber resilience    – Read More  –  

Ivanti customers are urged to patch two new bugs in the security vendor’s products, one of which is being actively exploited    – Read More  –  

The Green Bay Packers disclosed on Monday that their official online store was breached and customer information stolen    – Read More  –  

The voluntary Cyber Trust Mark labeling program will allow consumers to assess the cybersecurity of IoT devices when making purchasing decisions    – Read More  –