Category: Privacy/Governance Feed

New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI    – Read More  –  

Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution    – Read More  –  

Netskope observed a 190% growth in enterprise users clicking phishing links as attackers become more creative in delivering effective lures    – Read More  –  

The UK government is cracking down on the generation of sexually explicit deepfakes in a bid to protect women and girls    – Read More  –  

The US Cybersecurity and Infrastructure Security Agency claims a recent China-linked breach was confined to the Treasury    – Read More  –  

A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data    – Read More  –  

The PhishWP plugin enables scammers to create fake payment pages, stealing sensitive data via Telegram    – Read More  –  

Taiwan’s security service said government networks faced 2.4 million attacks in 2024, most of which are attributed to Chinese state actors    – Read More  –  

Threat actors are tricking victims into downloading malware with the promise of testing a new videogame    – Read More  –  

Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024    – Read More  –  

The US government said that China based firm Integrity Technology Group provided infrastructure for Flax Typhoon to attack multiple US targets    – Read More  –  

Atos Group has denied the ransomware group Space Bears’ claims of compromising its database, calling the allegations unfounded    – Read More  –  

Former Terraform CEO Do Hyeong Kwon is now in the US facing federal fraud charges    – Read More  –  

The amount of crypto stolen in the Web3 ecosystem rose by 31.6% compared to 2023, with phishing the most costly attack vector    – Read More  –  

Docomo has revealed a DDoS attack on Thursday took down key services    – Read More  –  

Apple has agreed to a $95m settlement in a class action lawsuit alleging Siri privacy violations, with eligible users receiving up to $20 per Siri-enabled device    – Read More  –  

The US government has sanctioned Russian state-affiliated entity CGE, which used a vast GenAI infrastructure to spread disinformation during the US Presidential election    – Read More  –  

Sekoia’s innovative PlugX malware disinfection campaign removed active threats across ten countries    – Read More  –  

DoubleClickjacking bypasses X-Frame-Options and SameSite cookies in double-click sequences, exposing UI authentication flaws    – Read More  –  

The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector    – Read More  –  

The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system    – Read More  –  

Over 2.5 million end users are at risk as researchers discover 36 compromised Chrome extensions    – Read More  –  

Chinese hackers appear to have compromised Treasury machines via a trusted third party    – Read More  –  

Insurance firm Markel Direct found that 69% of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms    – Read More  –  

The US Cybersecurity and Infrastructure Security Agency’s 2024 Year in Review marks Jen Easterly’s final report before resignation    – Read More  –  

The vacuum left by RedLine’s takedown will likely lead to a bump in the activity of other a infostealers    – Read More  –  

A joint US-Japan alert attributed North Korean hackers with a May 2024 crypto heist worth $308m from Japan-based company DMM    – Read More  –  

A US judge has ruled in favor of WhatsApp in a long-running case against commercial spyware-maker NSO Group    – Read More  –  

Researchers at iProov have discovered a dark web group compiling identity documents and biometric data to bypass KYC checks    – Read More  –  

The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks    – Read More  –  

US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a ransomware attack    – Read More  –  

Cryptomining malware hits popular npm packages rspack and vant, posing risks to open source tools    – Read More  –  

A new digital operation has enabled Interpol to identify scores of human traffickers operating between South America and Europe    – Read More  –  

The Information Commissioner’s Office has warned that millions of Brits don’t know how to erase personal data from their old devices    – Read More  –  

OpenAI must also initiate a six-month public awareness campaign across Italian media, explaining how it processes personal data for AI training    – Read More  –  

The Security Service of Ukraine has accused Russian-linked actors of perpetrating a cyber-attack against the state registers of Ukraine    – Read More  –  

The LockBitSupp persona said LockBit 4.0 will be launched in February 2025    – Read More  –  

The FBI has issued a warning about the Hiatus RAT malware targeting Xiongmai and Hikvision web cameras and DVRs, urging users isolate these devices from networks    – Read More  –  

The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging    – Read More  –  

A Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024    – Read More  –  

Bitsight found that 40% of US organizations who used Kaspersky products before the government ban came into effect still appear to be using them    – Read More  –  

The EU Data Protection Board (EDPB) published a long-awaited opinion on how GDPR should apply to AI models    – Read More  –  

Forescout identified a new type of malware capable of terminating engineering processes, used to target Siemens engineering workstations    – Read More  –  

Mainly North Korean hackers stole over $2bn from crypto platforms in 2024, says Chainalysis    – Read More  –  

Cybersecurity firm Recorded Future has been listed as an “undesirable” organization by the Prosecutor General’s Office of the Russian Federation    – Read More  –  

A Morphisec researcher showed how an attacker could manipulate FIRST’s Exploit Prediction Scoring System (EPSS) using AI    – Read More  –  

Interpol wants to change the term “pig butchering” to “romance baiting”    – Read More  –  

A CISA Directive sets out actions all US federal agencies must take to identify and secure cloud tenants in their environments    – Read More  –  

SlashNext reports a 202% increase in overall phishing messages and a 703% surge in credential-based phishing attacks in 2024    – Read More  –  

Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains    – Read More  –