March 15, 2024 at 12:33PM All companies, not just federal agencies, should strive to implement the “network and environment” aspect of the National Security Agency’s zero-trust guidelines. Based on the meeting notes, the key takeaway is that it is recommended for all companies, not just federal agencies, to strive to implement the “network and environment” … Read more
March 15, 2024 at 07:43AM MOPAC’s untidy tech practices led to a webform error, exposing personal data of 394 complainants against the Metropolitan Police Service. An employee mistake made the forms public, but no evidence suggests data access. The ICO reprimanded MOPAC for the avoidable breach, urging improved training and governance. Remedial actions and enhanced … Read more
March 15, 2024 at 06:57AM France’s government unemployment agency, France Travail, experienced a cyberattack resulting in the theft of personal information, potentially impacting as many as 43 million people. The compromised data includes job seekers’ personal details, and affected individuals are being alerted to potential cybercriminal activity. Past breaches and recent cyberattacks on other government … Read more
March 14, 2024 at 10:09AM Change Healthcare is under investigation for an alleged 6 TB data theft by the ALPHV ransomware group. The US Department of Health and Human Services is initiating a formal inquiry into the cyberattack’s impact on healthcare facilities. Change Healthcare is slowly restoring services after the attack, facing lawsuits and forensic … Read more
March 14, 2024 at 09:37AM France Travail, formerly known as Pôle Emploi, disclosed a cyberattack that compromised personal details of 43 million individuals, including job seekers and individuals with a job candidate profile. The breach exposed sensitive information like full names, dates of birth, and social security numbers. The agency warns of identity theft and … Read more
March 14, 2024 at 07:57AM Since November 2022, the use of Generative AI has surged, with around 12,000 AI tools available for over 16,000 job tasks. Many employees are using these tools without employer approval, raising concerns about data protection and compliance. Security issues include privacy policies, prompt injection, and account takeover risks. Educating users … Read more
March 13, 2024 at 12:21PM OPSWAT CEO Benny Czarny analyzes the challenges of securing file upload cybersecurity, emphasizing the limitations of three common tools used alone: anti-malware scanning, web application firewalls, and sandboxing. OPSWAT’s MetaDefender Platform offers a comprehensive defense-in-depth strategy combining multiple antivirus engines, deep content disarm and reconstruction, proactive data loss prevention, and … Read more
March 12, 2024 at 07:53AM Leicester City Council’s IT systems and critical service phone lines remain down following a “cyber incident.” The nature of the attack has not been confirmed, although ransomware is suspected. The council aims to restore services by the middle of the week and has set up emergency phone numbers for essential … Read more
March 11, 2024 at 05:40PM CISA officials reported a breach by threat actors who exploited Ivanti product vulnerabilities in February. Suspicious activity was discovered in two systems, the Infrastructure Protection Gateway and Chemical Security Assessment Tool, prompting CISA to recommend reviewing its advisory on three Ivanti vulnerabilities. The incident also exposed the failure of Ivanti … Read more
March 11, 2024 at 10:03AM “Cyber Insights 2024” series by SecurityWeek engages with numerous industry experts and companies to discuss seven primary topics related to cybersecurity. This initiative aims to provide comprehensive insights into the future of cybersecurity. It seems like these meeting notes are discussing the Cyber Insights 2024 series that involves conversations with … Read more