Category: Privacy/Governance Feed

Trend Micro highlighted a case where an attacker posed as a client on an MS Teams call to distribute DarkGate malware    – Read More  –  

The suspects were apprehended in a surprise operation at their hideout in Lagos following intelligence received by Nigeria’s Economic and Financial Crimes Commission    – Read More  –  

The Irish Data Protection Commission has fined Meta $263m for a 2018 data breach impacting 29 million Facebook accounts    – Read More  –  

The European Commission is investigating whether TikTok allowed foreign actors to influence voters during recent Romanian elections    – Read More  –  

Sophisticated phishing attack targeting Turkey’s defense sector revealed TA397’s advanced tactics    – Read More  –  

The breach has affected 650,000 individuals at TTUHSC’s Lubbock campus and 815,000 at its El Paso branch    – Read More  –  

Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security    – Read More  –  

The EU announced sanctions against individuals and entities involved in cyber-attacks and disinformation campaigns on behalf of the Russian state    – Read More  –  

76% of security leaders favor cybersecurity-focused GenAI tools over domain-agnostic tools    – Read More  –  

Wallarm honeypot research finds potentially exposed APIs are being discovered within half a minute    – Read More  –  

The draft plan is designed to help businesses understand how the government will support them during a cyber incident    – Read More  –  

SecurityScorecard claims 100% of Europe’s top financial services companies have suffered a supply chain breach in the past year    – Read More  –  

CISA and EPA have published guidance for operators of water and wastewater systems to protect against cyber-attacks    – Read More  –  

Rhode Island’s RIBridges system has suffered a major data breach, potentially exposing personal information, with Deloitte confirming the presence of malicious software    – Read More  –  

Large-scale campaign identified by Guardio Lans and Infoblox, exploiting malvertising and fake captchas to distribute Lumma infostealer for massive theft    – Read More  –  

The Serbian authorities have been using advanced mobile forensics products made by Israeli firm Cellebrite to extract data from mobile devices illegally    – Read More  –  

New Ofcom guidance is designed to help tech companies comply with their obligations around tackling illegal online harms under the Online Safety Act    – Read More  –  

Over 200,000 YouTube creators have been targeted by malware-laden phishing emails with the aim of infecting their followers    – Read More  –  

Ukrainian officials say Russian intelligence is using video games to trick children into helping the enemy    – Read More  –  

The US Government is offering a $5 million reward for information leading to the disruption of financial mechanisms supporting North Korea following a six-year conspiracy    – Read More  –  

Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023    – Read More  –  

Claims on ransomware groups’ data leak sites reached an all-time high in November, with 632 reported victims, according to Corvus Insurance    – Read More  –  

IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty    – Read More  –  

ISC2 research has found that cybersecurity leaders have limited skills and training in areas like communication, strategic mindset and business acumen    – Read More  –  

Almost three quarters of UK consumers believe bad bots are ruining Christmas by buying up popular gifts, forcing many to purchase expensive alternatives, according to Imperva research    – Read More  –  

Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites    – Read More  –  

Cyber-attacks involving Remcos RAT surged in Q3 2024, enabling attackers to control victim machines remotely, steal data and carry out espionage    – Read More  –  

Russian-made spyware BoneSpy and PlainGnome target former Soviet states, while public security bureaus in mainland China use Chinese surveillance tool EagleMsgSpy    – Read More  –  

An insurance employee has been handed a suspended sentence after illegally accessing personal information    – Read More  –  

HP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise    – Read More  –  

Microsoft detailed how Russian espionage group Secret Blizzard is leveraging infrastructure of other threat actors to target the Ukrainian military with custom malware    – Read More  –  

Fraudsters in UAE posed as Dubai Police, targeting citizens with fake fines via calls, emails and SMS    – Read More  –  

Krispy Kreme said the incident is likely to materially affect operations and short-term financial performance    – Read More  –  

The Korean Financial Security Institute (K-FSI) disrupted a fraudulent network that made $6.3m by stealing money from fake personal trading platforms    – Read More  –  

Microsoft MFA flaw exposed that allowed attackers to bypass security within an hour, putting 400m Office 365 accounts at risk    – Read More  –  

Operation PowerOFF has dismantled a network of 27 DDoS platforms, leading to the arrests of three administrators and the identification of over 300 users    – Read More  –  

The US government has sanctioned Sichuan Silence and one of its employees for the mass compromise of firewalls which led to the deployment of malware and ransomware    – Read More  –  

Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild    – Read More  –  

A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks    – Read More  –  

The multi-cloud data warehousing platform said it will completely phase out single factor authentication with passwords by November 2025    – Read More  –  

Hackers exploited AWS misconfigurations, leaking 2TB of sensitive data, including customer information, credentials and proprietary source code    – Read More  –  

The utilities sector saw a 42% surge in ransomware incidents over the past year, with groups like Play focusing on targets with IT and OT systems    – Read More  –  

New AppLite Banker malware targets Android devices, employing advanced phishing techniques to steal credentials and data    – Read More  –  

Researchers found that the broad accessibility of streams of Scottish Parliamentary proceedings make them highly susceptible to deepfake attacks    – Read More  –  

The UK’s privacy regulator the Information Commissioner’s Office has welcomed a Court of Appeal ruling    – Read More  –  

Artivion has revealed in an SEC filing that it suffered a double-extortion ransomware attack    – Read More  –  

A Hack The Box Freedom of Information request has shown a significant drop in cyber-attacks reported to the Financial Conduct Authority (FCA) in 2024    – Read More  –  

Appeals court upheld law forcing TikTok divestiture, citing national security risks over China ties    – Read More  –  

The compromised ultralytics AI library delivered XMRig miner via GitHub Actions exploit    – Read More  –  

The UK’s ICO has published its findings following a two-year trial of its Public Sector Approach, which aimed to improve data protection compliance and deter data breaches    – Read More  –