Category: Privacy/Governance Feed

Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise    – Read More  –  

The phishing campaign targeted users via texts impersonating Amazon, linked to the threat actor Chenlun    – Read More  –  

ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality    – Read More  –  

Operation Magnus took down infrastructure used to run the Redline and Meta infostealers, widely used tools in cybercriminal activities    – Read More  –  

A Veeam report found that businesses are prioritizing NIS2 compliance, with 95% of applicable firms diverting funds from other areas of the business    – Read More  –  

Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government    – Read More  –  

The UK’s information commissioner claims most adults in the country have had their personal data exposed or compromised    – Read More  –  

The UK has joined forces with its Five Eyes peers to offer cybersecurity guidance to startups    – Read More  –  

The surge in job scams targets vulnerable individuals, mirroring pig butchering fraud tactics    – Read More  –  

Evasive Panda’s CloudScout uses MgBot to steal session cookies, infiltrating cloud data in Taiwan    – Read More  –  

Google researchers have observed Russian threat actor UNC5812 using a malware campaign via Telegram to access the devices of Ukrainian military recruits    – Read More  –  

Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts    – Read More  –  

Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws    – Read More  –  

Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack    – Read More  –  

CERT-UA said the phishing campaign lures victims into downloading malware used to exfiltrate files containing sensitive personal data    – Read More  –  

LinkedIn violated the EU’s GDPR in how it processes its users personal data for behavioral purposes    – Read More  –  

A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector    – Read More  –  

An unidentified threat actor has attempted to develop ransomware targeting macOS devices, posing as LockBit    – Read More  –  

Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware    – Read More  –  

Penn State will pay $1.25m for failing federal cybersecurity standards in DoD and NASA contracts    – Read More  –  

The National Security Memorandum on AI sets out actions for the federal government to ensure the safe, secure and trustworthy development of AI    – Read More  –  

This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA’s KEV catalog    – Read More  –  

A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies    – Read More  –  

The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioner’s Office    – Read More  –  

On the 10th anniversary since Cyber Essentials was introduced, the UK government has highlighted the impact the scheme has had in preventing attacks    – Read More  –  

WarmCookie malware, aka BadSpace, spreads via malspam, malvertising and enables persistent access    – Read More  –  

Former UK PM David Cameron called for stronger defenses against Chinese cyber espionage while advocating collaboration with Beijing, coinciding with the BRICS Summit    – Read More  –  

The recently discovered Embargo ransomware group is using Rust-based custom tools to overcome victims’ security defenses, ESET researchers have observed    – Read More  –  

70% of leaders see cyber knowledge gap; AI attacks are harder to detect, 60% expect more victims    – Read More  –  

While Internet Archive’s services slowly resume, the data breach reveals the non-profit’s security failures    – Read More  –  

The US government has issued guidance for federal agencies on the use of Traffic Light Protocol, designed to boost intelligence sharing with the cybersecurity community    – Read More  –  

The British Minister for Security Dan Jarvis said at Recorded Future’s Predict 2024 that the new government was considering reforming the 1990 legislation    – Read More  –  

45% of security breaches in the energy sector in the past year were third-party related, according to a report by Security Scorecard and KPMG    – Read More  –  

Cloud attacks surged in 2024 as attackers exploited cloud resources at unprecedented levels    – Read More  –  

Four current and former publicly trading tech companies have agreed to pay civil penalties in relation to the SEC charges    – Read More  –  

75% of US Senate campaign sites lack DMARC, risking cybersecurity and email safety    – Read More  –  

Meta is testing facial recognition technology to tackle celeb-bait ad scams and enable the recovery of compromised accounts    – Read More  –  

A phishing attack targeting Transak employees led to a data breach, compromising the information of 92,554 users    – Read More  –  

RUSI and Chatham House recommended global standards to combat commercial cyber tool abuse    – Read More  –  

AI tools are being used to launch over half a million cyber-attacks daily on retailers, according to a new report    – Read More  –  

The cryptographic vulnerabilities were found in Sync, pCloud, Icedrive and Seafile by ETH Zurich    – Read More  –  

A threat actor claimed to get hold of an exposed GitLab configuration file containing Zendesk API access tokens    – Read More  –  

The malware loader taken down by Europol in May 2024 could be back with a vengeance    – Read More  –  

The August ransomware attack stole 50,000+ documents from Nidec, leaked after ransom refusal    – Read More  –  

Businesses in Australia must update their privacy policies with clear and transparent information about their use of AI, said the regulator    – Read More  –  

Long-lived credentials in the cloud put organizations at high risk of breaches, a report from Datadog has found    – Read More  –  

Internet Archive founder confirmed the allegedly exposed data was “safe”    – Read More  –  

Microsoft urges macOS users to apply a fix for the vulnerability, which it believes may be under active exploitation by the Adload malware family    – Read More  –  

The Redmond-based firm was the most impersonated brand in the third quarter of 2024, while Alibaba entered the Top 10 for the first time    – Read More  –  

Instagram has announced new security features to protect users from sextortion scams, including hiding follower lists, preventing screenshots, and launching an awareness campaign    – Read More  –