Category: Privacy/Governance Feed

Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security    – Read More  –  

The Australian government’s Cyber Security Bill 2024 will mandate cybersecurity standards for smart devices and introduce ransomware reporting requirements    – Read More  –  

Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs    – Read More  –  

The Appeals Centre Europe is supported by Meta’s Oversight Board Trust and certified by Ireland’s media regulator    – Read More  –  

October’s Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities    – Read More  –  

American Water, the largest water utility in the US, discovered a cyber-attack impacting internal systems on October 3    – Read More  –  

Tenable’s latest report reveals 38% of organizations face risks from a “toxic cloud triad” of security gaps    – Read More  –  

Secureworks reports a 30% increase in active ransomware groups despite law enforcement efforts, with 31 new groups emerging in the past year    – Read More  –  

Iran is targeting the US presidential race, China the congressional races, and Russia both    – Read More  –  

Europol claims its EMPACT operation has revealed dozens of human trafficking victims and suspects    – Read More  –  

A UN report found that organized crime groups in the region have rapidly integrated malware, generative AI and deepfakes to enhance their fraud activities    – Read More  –  

MoneyGram has issued a data breach notification to customers following a security incident    – Read More  –  

UMG, a major music corporation, reported a July 2024 data breach affecting 680 US residents    – Read More  –  

The UK NCSC found that there is a lot of confusion between board members and security leaders of who is responsible for cybersecurity within their organizations    – Read More  –  

GoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found    – Read More  –  

The UK’s ICO said the framework is designed to help businesses build trust and encourage a positive data protection culture    – Read More  –  

A new O’Reilly survey showed a shortage of AI security skills, while AI-enabled security tools become tech professionals’ top priority for the coming year    – Read More  –  

Risk managers association FERMA has warned that new EU cyber legislation means there is an inconsistent approach to incident reporting requirements    – Read More  –  

A new scam detection tool from Get Safe Online uses AI to help individuals and small businesses protect themselves    – Read More  –  

The Chartered Trading Standards Institute is concerned a new cap on fraud reimbursement is too low    – Read More  –  

Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations    – Read More  –  

Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ”    – Read More  –  

A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility    – Read More  –  

The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments    – Read More  –  

The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations    – Read More  –  

China-aligned CeranaKeeper discovered targeting Thai govt institutions using cloud services for data exfiltration    – Read More  –  

Microsoft and the US government have collectively seized over 100 websites used by Russian nation-state actor Star Blizzard    – Read More  –  

A new report by Red Canary has found that while cybersecurity budgets have risen, many security leaders still feel overwhelmed by the growing threat landscape    – Read More  –  

The ICO blamed the Police Service of Northern Ireland for procedural failings that exposed the personal data of 9843 personnel, putting police officers at risk    – Read More  –  

Egress found that attackers are becoming more adept at bypassing email security, such as using compromised accounts and the use of commodity campaigns    – Read More  –  

Researchers see an uptick in crypto-doubling investment scams following the first presidential debate    – Read More  –  

Threat group FIN7 is hiding infostealer malware on sites promising AI deepnude downloads    – Read More  –  

North Korean APT Stonefly continues to launch cyber-attacks on US firms despite July indictment    – Read More  –  

The ACSC, in collaboration with CISA and international partners, has released a guide for securing operational technology in critical sectors    – Read More  –  

A Black Kite report found that 67% of manufacturing firms have at least one vulnerability from CISA’s Known Exploited Vulnerabilities (KEV) catalog    – Read More  –  

Socura finds the percentage of women in cybersecurity positions has fallen seven percentage points since 2021 to 17%    – Read More  –  

Meta has announced a new information-sharing partnership with UK financial institutions to target social media fraud    – Read More  –  

The UK has sanctioned 16 members of the notorious Russian hacking group Evil Corp, exposing their links to the prolific LockBit ransomware group    – Read More  –  

UMC in Lubbock, Texas, confirmed a ransomware attack last week, disrupting patient care and IT systems    – Read More  –  

UK hacker Robert Westbrook allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information    – Read More  –  

T-Mobile will pay $15.75m to the US Treasury for multiple data breaches in 2021, 2022 and 2023 and has agreed to invest in improved cybersecurity defenses    – Read More  –  

New ISACA research reveals most cybersecurity teams are suffering from staffing and funding shortages    – Read More  –  

New Santander research claims 10 million UK consumers have suffered fraud since 2021, costing the economy £16bn    – Read More  –  

The newly identified vulnerabilities exploit improper input validation when managing printer requests over the network    – Read More  –  

The vulnerability, discovered by Wiz researchers, affects both cloud-based and on-premises AI applications using the toolkit    – Read More  –  

A Deloitte and NASCIO survey found that a third of state CISOs do not have a dedicated cybersecurity budget    – Read More  –  

A survey by Ofqual found that 20% of English schools and colleges were unable to immediately recover after being hit by a cyber incident    – Read More  –  

PwC claims fewer than 50% of businesses involve their CISOs in strategic planning on cyber    – Read More  –  

Security agencies from the UK and US are urging individuals with Middle East links to beware of Iranian spear phishing attacks    – Read More  –  

Ireland’s Data Protection Commission fines Meta Platforms €91 million for mishandling user passwords and GDPR violations    – Read More  –