Latest Posts › Cybersecurity

Share:

SAP NetWeaver Visual Composer Requires Urgent Patch

SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise...more

Privacy Tip #441 – Identity Theft Statistics Increasing in 2025

Unfortunately, identity theft continues to increase, and according to Identitytheft.org, the statistics are going to get worse in 2025. Some of the statistics cited by Identitytheft.org include: 1.4 million complaints of...more

Privacy Tip #440 – Text Scam Proceeds Surpass $470M in 2024

I have been getting a lot of texts that are clearly scams, and those around me have confirmed an increase in spammy texts. According to an FTC Consumer Protection Data Spotlight, individuals lost over $470 million...more

AI Powered Bot Targeted 400,000 Websites

SentinelOne researchers have discovered AkiraBot, which is used to target small- to medium-sized company websites with generative AI, and drafted outreach messages for website chats, comments, and contact forms. SentinelOne...more

CISA Issues Alert on Potential Legacy Oracle Cloud Compromise

BleepingComputer has confirmed the rumor that Oracle has suffered a compromise affecting its legacy environment, including the compromise of old customer credentials (originally denied by Oracle). Oracle notified some...more

Privacy Tip #439 – Government Officials’ Venmo Accounts Publicly Accessible

Wired has reported that several government officials involved in the Signal chat exposing sensitive national security plans have also exposed their Venmo accounts by not adjusting their account privacy settings to prohibit...more

WhatsApp Patches Vulnerability That Facilitates Remote Code Execution

WhatsApp users should update the application for vulnerability CVE-2025-30401, which Meta recently patched when WhatsApp was released for Windows version 2.2450.6....more

CISA Issues Malware Analysis Report on RESURGE Malware

On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which is associated with the product Ivanti Connect Secure....more

Joint Bulletin Warns Health Sector of Potential Coordinated Multi-City Attack

On March 20, 2025, the American Hospital Association (AHA) and the Health-ISAC issued an alert to the health care sector warning of a social media post that posed a potential threat “related to the active planning of a...more

AI Governance: The Problem of Shadow AI

If you hang out with CISOs like I do, shadow IT has always been a difficult problem. Shadow IT refers to refers to “information technology (IT) systems deployed by departments other than the central IT department, to bypass...more

Joint Alert Warns of Medusa Ransomware

On March 12, 2025, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center to advise...more

Privacy Tip #436 – Microsoft Warns of Crypto Wallet Scanning Malware StilachiRAT

A Microsoft blog post reported that incident response researchers uncovered a remote access trojan in November 2024 (dubbed StilachiRAT) that “demonstrates sophisticated techniques to evade detection, persist in the target...more

X Hit with DDoS Attack

According to Security Week, X (formerly Twitter) was hit with a distributed denial-of-service (DDoS) attack that disrupted tens of thousands of X users’ ability to access the platform on March 10, 2025....more

Privacy Tip #435 – Threat Actors Go Retro: Using Snail Mail for Scams

We have educated our readers about phishing, smishing, QRishing, and vishing scams, and now we’re warning you about what we have dubbed “snailing.” Yes, believe it or not, threat actors have gone retro and are using snail...more

MS-ISAC Loses Funding and Cooperative Agreement with CIS

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Tuesday, March 11, 2025, that the Multi-State Information Sharing and Analysis Center (MS-ISAC) will lose its federal funding and cooperative agreement...more

Warby Parker Settles Data Breach Case with OCR for $1.5M

Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that...more

Social Engineering + Stolen Credential Threats Continue to Dominate Cyber-Attacks

CrowdStrike recently published its 2025 Global Threat Report, which among other conclusions, emphasized that social engineering tactics aimed to steal credentials grew an astounding 442% in the second half of 2024....more

Privacy Tip #434 – Use of GenAI Tools Escaping Corporate Policies

According to a new LayerX report, most users are logging into GenAI tools through personal accounts that are not supported or tracked by an organization’s single sign on policy. These logins to AI SaaS applications are...more

DOGE Blocked from Access to Department of Treasury Payment Systems

On February 21, 2025, a federal district court judge from the Southern District of New York issued a preliminary injunction against the Department of Government Efficiency’s (DOGE), access to Treasury Department payment...more

Privacy Tip #433 – Privacy and Security Personnel Throughout Federal Government Fired

The Trump administration has systematically fired federal privacy- and security-focused employees since taking office. Three members of the bipartisan, independent agency, the Privacy and Civil Liberties Oversight Board...more

Joint Cybersecurity Advisory Released on Ghost (Cring) Ransomware

The Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center released an advisory on February 19, 2025, providing information on Ghost...more

Texas AG Investigates DeepSeek + List of Banned Countries Expands

Texas Attorney General Ken Paxton announced on February 14, 2024, that his office has opened an investigation into DeepSeek’s privacy practices. DeepSeek, an artificial intelligence company with ties to the People’s Republic...more

Privacy Tip #431 – DOGE Has Access to Our Personal Information: What You Need to Know

According to a highly critical article recently published by TechCrunch,  the Department of Government Efficiency (DOGE), President Trump’s advisory board headed by Elon Musk, has “taken control of top federal departments and...more

Three States Ban DeepSeek Use on State Devices and Networks

New York, Texas, and Virginia are the first states to ban DeepSeek, the Chinese-owned generative artificial intelligence (AI) application, on state-owned devices and networks....more

Criminal Charges Lodged Against Alleged Phobos Ransomware Affiliates

Unfortunately, I’ve had unpleasant dealings with the Phobos ransomware group. My interactions with Phobos have been fodder for a good story when I educate client employees on recent cyber-attacks to prevent them from becoming...more

1,125 Results
 / 
View per page
Page: of 45

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide