British Airways, Boots, And BBC Staff Details Targeted In Russia-Linked Cyber Attack

The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do you manage it?  Data security posture management (DSPM) became mainstream following the publication

S3 Ep137: 16th century crypto skullduggery

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

Amazon To Pay $30.8M For Alexa And Ring Privacy Violations

War Crimes Evidence Erased By Social Media Firms

Serious Security: That KeePass “master password crack”, and what we can learn from it

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

Critical Barracuda 0-Day Was Used To Backdoor Networks For 8 Months

Software Liability And Hard Truths Of Manufacturer Responsibility

Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities

Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.” “When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis

Serious Security: Verification is vital – examining an OAUTH login bug

What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?

ABB Confirms Data Stolen In Black Basta Ransomware Attack

OneMain Pays $4.5M After Ignored Security Flaws Caused Data Breaches

Is Cybersecurity An Unsolvable Problem?

Google Cloud Patches Vulnerability In CloudSQL Service

Dutch Watchdog Looking Into Alleged Tesla Data Breach

Reflections On Ten Years Past The Snowden Revelations

Why Are 1.8M Apria Patients Just Now Being Notified Of A 2021 Breach?

KeePass Bug Lets Attackers Extract The Master Password From Memory

Amazon's PillPack Reports Data Breach Affecting More Than 19,000

E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board (EDPB), the social media giant has been ordered to bring its data transfers into compliance with the GDPR and delete unlawfully stored and processed

Phone scamming kingpin gets 13 years for running “iSpoof” service

Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.

Google Settles Location Tracking Lawsuit For Only $39.9M

More UK Councils Caught By Capita's Open AWS Bucket Blunder

Meta Fined $1.3 Billion, Ordered To Stop Sending EU Data To US

FTC To Crack Down On Biometric, Health Privacy Violations

Six Million Patients' Data Feared Stolen From PharMerica

DOJ Links Iran, China, And Russia To Five IP-Theft Related Cases

US Charges, Sanctions Russian Ransomware Operator Who Leaked Stolen DC Police Data

Ex-Apple Engineer Accused Of Stealing Self-Driving Car Secrets

Ruling Makes Exchanges Liable For Customer Losses In EU

Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

We asked you once, we told you twice, now we're ordering you for the third time...

Toyota Bungling Customer Privacy Is Becoming A Pattern

Whodunnit? Cybercrook gets 6 years for ransoming his own employer

Not just an active adversary, but a two-faced one, too.

More Than 2 Million Toyota Users Face Risk Of Vehicle Data Leak In Japan

Fujitsu Triggers Privacy Breach At Japanese Convenience Stores

Why Honeytokens Are the Future of Intrusion Detection

A few weeks ago, the 32nd edition of RSA, one of the world's largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on the state of cybersecurity. During his keynote, Mandia stated: "There are clear steps organizations can take beyond common safeguards and security tools to strengthen their

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend. "It appears that Intel Boot Guard may not be

Western Digital Confirms Customer Data Stolen by Hackers in March Breach

Digital storage giant Western Digital confirmed that an "unauthorized third party" gained access to its systems and stole personal information belonging to the company's online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephone numbers," the San Jose-based company said in a disclosure last week. "In addition, the database

Ex-Uber CSO Gets Probation For Covering Up Theft Of Data On Millions Of People

Capita Admits Some Pension Data Likely Accessed In March Breach

Tennessee Health System Stops All Operations Amid Cyberattack Recovery

China Labels USA Empire Of Hacking Based On Old Wikileaks Dump

FTC Says Facebook Broke Terms Of $5B Data Privacy Settlement

T-Mobile Promises Better Security After Year's Second Breach

Cyber-Attack Sparks Fears That Criminals Could Target UK Gun Owners

Sensitive Data Is Being Leaked From Servers Running Salesforce Software

ChatGPT is Back in Italy After Addressing Data Privacy Concerns

OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the data protection authority's demands ahead of April 30, 2023, deadline. The development was first reported by the Associated Press. OpenAI's CEO, Sam Altman, tweeted, "we're excited ChatGPT is available in [Italy] again!" The reinstatement comes following Garante's decision to temporarily block 

ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented by Fortinet in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that leveraged the malware to distribute a malicious Google Chrome

Hackers Leaked Minneapolis Students' Psychological Reports

Capita Admits Data Stolen During Cyberattack

GhostToken Vuln Could Permanently Expose Data Of Google Users

S3 Ep131: Can you really have fun with FORTRAN?

Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.

Criminal Records Service Still Disrupted 4 Weeks After Hack

Another Supply Chain Attack Discovered During 3CX Investigation

ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them

In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ChatGPT,

Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security

Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)

FBI and FCC warn about “Juicejacking” – but just how useful is their advice?

USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by

Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages. What's more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace. "MyBB admin logs show the account of a trusted but currently

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.