Category: Privacy/Governance Feed

The US DoD has finalized the Cybersecurity Maturity Model Certification (CMMC) Program, which defense contractors must pass to bid for government contracts    – Read More  –  

Personal data of over 2600 employees has been exposed and insider information about the Switch 2 and future Pokémon games leaked    – Read More  –  

Japanese electronics firm Casio has reported a ransomware attack and data breach    – Read More  –  

Sophos claims that a lack of cybersecurity talent is considered a major risk by SMBs    – Read More  –  

NHS England has issued an alert regarding a critical Veeam Backup & Replication vulnerability that is being actively exploited, potentially leading to remote code execution    – Read More  –  

Access Now announced that the US Customs and Border Protection agency released records on its app following the NGO’s lawsuit    – Read More  –  

Russian-backed APT29 has been spying on US and European organizations since at least 2021, a US-UK joint advisory said    – Read More  –  

A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket    – Read More  –  

Operation MiddleFloor targets Moldova’s October elections, spreading EU disinformation via email    – Read More  –  

The data breach exposed more than 10m customer conversations from an AI call center platform in the Middle East    – Read More  –  

The EU’s Cyber Resilience Act requires cybersecurity standards for all connected products throughout their entire lifecycle    – Read More  –  

Marriott will pay $52m to 50 US states for a data breach impacting 131.5 million American customers, and has agreed to implement stronger security practices    – Read More  –  

The non-profit digital library was also hit by at least two DDoS attacks in two days    – Read More  –  

Two former RAC employees have been handed suspended prison sentences for trading in personal data    – Read More  –  

Supply chain victim numbers surge as more than 240 million US residents are impacted by data breaches in Q3 2024    – Read More  –  

The privacy flaw in Apple’s iPhone mirroring feature enables personal apps on an iPhone to be listed in a company’s software inventory when the feature is used on work computers    – Read More  –  

New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X    – Read More  –  

The UK government’s Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities    – Read More  –  

Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security    – Read More  –  

The Australian government’s Cyber Security Bill 2024 will mandate cybersecurity standards for smart devices and introduce ransomware reporting requirements    – Read More  –  

Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs    – Read More  –  

The Appeals Centre Europe is supported by Meta’s Oversight Board Trust and certified by Ireland’s media regulator    – Read More  –  

October’s Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities    – Read More  –  

American Water, the largest water utility in the US, discovered a cyber-attack impacting internal systems on October 3    – Read More  –  

Tenable’s latest report reveals 38% of organizations face risks from a “toxic cloud triad” of security gaps    – Read More  –  

Secureworks reports a 30% increase in active ransomware groups despite law enforcement efforts, with 31 new groups emerging in the past year    – Read More  –  

Iran is targeting the US presidential race, China the congressional races, and Russia both    – Read More  –  

Europol claims its EMPACT operation has revealed dozens of human trafficking victims and suspects    – Read More  –  

A UN report found that organized crime groups in the region have rapidly integrated malware, generative AI and deepfakes to enhance their fraud activities    – Read More  –  

MoneyGram has issued a data breach notification to customers following a security incident    – Read More  –  

UMG, a major music corporation, reported a July 2024 data breach affecting 680 US residents    – Read More  –  

The UK NCSC found that there is a lot of confusion between board members and security leaders of who is responsible for cybersecurity within their organizations    – Read More  –  

GoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found    – Read More  –  

The UK’s ICO said the framework is designed to help businesses build trust and encourage a positive data protection culture    – Read More  –  

A new O’Reilly survey showed a shortage of AI security skills, while AI-enabled security tools become tech professionals’ top priority for the coming year    – Read More  –  

Risk managers association FERMA has warned that new EU cyber legislation means there is an inconsistent approach to incident reporting requirements    – Read More  –  

A new scam detection tool from Get Safe Online uses AI to help individuals and small businesses protect themselves    – Read More  –  

The Chartered Trading Standards Institute is concerned a new cap on fraud reimbursement is too low    – Read More  –  

Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations    – Read More  –  

Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ”    – Read More  –  

A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility    – Read More  –  

The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments    – Read More  –  

The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations    – Read More  –  

China-aligned CeranaKeeper discovered targeting Thai govt institutions using cloud services for data exfiltration    – Read More  –  

Microsoft and the US government have collectively seized over 100 websites used by Russian nation-state actor Star Blizzard    – Read More  –  

A new report by Red Canary has found that while cybersecurity budgets have risen, many security leaders still feel overwhelmed by the growing threat landscape    – Read More  –  

The ICO blamed the Police Service of Northern Ireland for procedural failings that exposed the personal data of 9843 personnel, putting police officers at risk    – Read More  –  

Egress found that attackers are becoming more adept at bypassing email security, such as using compromised accounts and the use of commodity campaigns    – Read More  –  

Researchers see an uptick in crypto-doubling investment scams following the first presidential debate    – Read More  –  

Threat group FIN7 is hiding infostealer malware on sites promising AI deepnude downloads    – Read More  –