Category: Privacy/Governance Feed

A sophisticated phishing campaign targeting Microsoft ADFS has been observed, affecting more than 150 organizations – Read More  –  

Check Point Research has found over 10 million stolen credentials associated with EMEA organizations exposed on cybercrime markets – Read More  –  

Jscambler claims at least 17 sites have been infected with web skimmers, including Casio’s – Read More  –  

CISA has identified a backdoor in Contec CMS8000 devices that could allow unauthorized access to patient data and disrupt monitoring functions – Read More  –  

Hackers hijack high-profile X accounts with phishing scams to steal credentials and promote fraudulent cryptocurrency schemes – Read More  –  

VulnCheck observed 768 public reports of CVEs exploited in the wild for the first time in 2024, a 20% rise compared to 2023 – Read More  –  

A new Europol report warns of major challenges accessing and analyzing data for cybercrime investigations – Read More  –  

The UK government has launched a new AI security code of practice it believes will become an ETSI standard – Read More  –  

Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques – Read More  –  

The Indian tech giant temporarily suspended some of its IT services, which have now been restored – Read More  –  

Cyber reports exposed major security flaws in DeepSeek’s R1 LLM – Read More  –  

A global law enforcement operation has taken down infrastructure used by Cracked.io and Nulled.io, which provide cybercriminal tools and services – Read More  –  

Google Play blocked 2.36 million policy-violating apps and banned 158,000 harmful developer accounts in 2024 – Read More  –  

HTTP client tools used to compromise Microsoft 365 environments with 78% of tenants targeted in 2024 – Read More  –  

SquareX researchers warn that browser syncjacking could lead to full browser and device hijacking – Read More  –  

Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history – Read More  –  

New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country – Read More  –  

UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year – Read More  –  

The UK’s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable” – Read More  –  

AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm – Read More  –  

Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development – Read More  –  

Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims – Read More  –  

Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections – Read More  –  

Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns – Read More  –  

ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024 – Read More  –  

The National Audit Office warns of major gaps in cyber resilience across UK government departments – Read More  –  

Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks – Read More  –  

Group-IB researchers have exposed the highly organized affiliate platform and sophisticated operations of the Lynx Ransomware-as-a-Service group – Read More  –  

A Ponemon Institute survey highlighted the growing impact of ransomware attacks on victims’ revenue and reputation – Read More  –  

An API supply-chain attack affecting a popular online travel booking service put millions of airline users at risk – Read More  –  

The number of data breach victims increased 312% annually to exceed 1.7 billion in 2024, according to the ITRC 2024 Annual Data Breach Report – Read More  –  

The three Russian hackers are believed to be part of Unit 29155 of the GRU, also known as Cadet Blizzard, Ember Bear and Ruinous Ursa – Read More  –  

Three men have been sentenced after pleading guilty to running an account hijacking service for fraudsters – Read More  –  

In an increasingly data-driven world, ensuring the protection of personal information has never been more crucial. With rising concerns… The post Why You Should Hire a Virtual Data Protection Officer (vDPO) Now? appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

A new phishing tactic has been identified by Cisco Talos, using hidden text salting to evade email security measures – Read More  –  

Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations’ security measures not set up to deal with these attacks – Read More  –  

A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials – Read More  –  

74% of CISOs plan to increase their cyber crisis simulation budgets in 2025 – Read More  –  

A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars – Read More  –  

Change Healthcare has claimed 190 million customers were affected by a mega-breach last year – Read More  –  

Amazon Web Services has launched its Cyber Education Grant Program in the UK – Read More  –  

Crazy Evil, a group of crypto scammers, exploit NFTs and cryptocurrencies with malware targeting influencers and tech professionals – Read More  –  

A new FBI advisory warned that North Korean IT worker schemes have escalated their activities in recent months to include data extortion – Read More  –  

SentinelOne researchers highlighted similarities in the approaches used by the HellCat and Morpheus ransomware groups, suggesting shared infrastructure – Read More  –  

Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment – Read More  –  

Arbitrage betting fraud rises, forcing bookmakers to adopt stricter measures against automated scams – Read More  –  

Splunk reveals that 82% of CISOs now report directly to the CEO, but many lack EQ – Read More  –  

The network equipment giant urged customers to patch immediately – Read More  –  

Cybercriminals are selling access to the malicious GenAI chatbot via Telegram, providing rapid assistance for a range of nefarious activities, according to Abnormal Security – Read More  –