Accountability, Cybersecurity and Information Security

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. ” concludes the report.

Passwords

Passwords Accountability Authentication Malware

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

The chief information security officer for a large academic healthcare system affected by the breach told KrebsOnSecurity they participated in a call with the FBI and were told a third party partner managed to recover at least four terabytes of data that was exfiltrated from Change by the cybercriminal group. .”

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. The next day, half of those profiles no longer existed.

Accountability

Accountability Cryptocurrency Scams CISO

10 Benefits of Leading a Cybersecurity Management Review

SecureWorld News

NOVEMBER 25, 2024

I just wrapped up a management review for our cybersecurity program (which is called an Information Security Management System (ISMS) in ISO 27001), and it got me thinking about how valuable these reviews are—not just for meeting compliance requirements like ISO 27001, but for driving real improvements in how we approach cybersecurity.

Cybersecurity

Cybersecurity Risk Information Security Accountability

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

Wojtasiak Mark Wojtasiak , VP of Research and Strategy, Vectra AI In the coming year, well see the initial excitement that surrounded AIs potential in cybersecurity start to give way due to a growing sense of disillusionment among security leaders. The SEC Cybersecurity Disclosure Rule highlights transparency in governance.

Cybersecurity

Cybersecurity CISO Risk Government

New SEC Rules around Cybersecurity Incident Disclosures

Schneier on Security

AUGUST 2, 2023

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk.

Cybersecurity

Cybersecurity Risk Government Accountability

The US Treasury’s OCC disclosed an undetected major email breach for over a year

Security Affairs

APRIL 9, 2025

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised admin account. Affected accounts were disabled. The breach was confirmed on Feb. OCC on Feb.

Accountability

Accountability Banking Information Security Hacking

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

MARCH 13, 2025

The rapid advancement of generative AI has brought both innovation and concern to the cybersecurity landscape. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware

Malware Cybersecurity Cyber threats Threat Detection

BlackLock Ransomware Targeted by Cybersecurity Firm

Security Affairs

MARCH 26, 2025

Cybersecurity experts were able to exploit misconfiguration in vulnerable web-app used by ransomware operators to publish victims data – leading to clearnet IP addresses disclosure related to their network infrastructure behind TOR hidden services (hosting them) and additional service information acquired from server-side.

Ransomware

Ransomware Cybersecurity Healthcare Accountability

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

NOVEMBER 17, 2022

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. This is not a good sign.

Authentication

Authentication Passwords Accountability Media

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime

Cybercrime Social Engineering Accountability Government

whoAMI attack could allow remote code execution within AWS account

Security Affairs

FEBRUARY 17, 2025

Researchers warn that the whoAMI attack lets attackers publish an AMI with a specific name to execute code in an AWS account. The researchers warn that, at scale, this attack could impact thousands of AWS accounts, with around 1% of organizations estimated to be vulnerable. ” reads the advisory published by the company.

Accountability

Accountability Hacking Cybersecurity Information Security

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. ” the company said on X.

Accountability

Accountability Hacking Cryptocurrency Cybersecurity

Cybersecurity Certifications: The Key to Advancing Your Career in 2025

SecureWorld News

FEBRUARY 27, 2025

As global cybersecurity threats continue to rise, information security professionals must enroll in continuous education and training programs to acquire current knowledge and skills that help organizations thwart these costly risks. Which certification is best for cybersecurity? Let's begin.

Cybersecurity

Cybersecurity Information Security Penetration Testing Backups

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) reads the advisory.

Backups

Backups VPN Ransomware Authentication

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

SecureWorld News

MARCH 20, 2025

Phishing plays straight out of the cybercrime playbook "March Madness brings heightened cybersecurity risks this year, especially with the expansion of sports gambling beyond traditional office pools creating new attack vectors for credential harvesting and financial fraud," warns J. Awareness and vigilance.

Scams

Scams Social Engineering Mobile Phishing

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The cybersecurity firm’s recommendations for malware victims are: Consult an expert : For thorough malware removal and system security, seek professional help if needed. Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication.

Identity Theft

Identity Theft Passwords Malware Banking

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

Yet, the recent cybersecurity breach at the beloved doughnut chain highlights critical lessons for organizations of all sizes and industries. Trey Ford, Chief Information Security Officer at Bugcrowd, observed, "This incident may not have been made public if it wasn't for the Form 8-K requirement."

Password Management

Password Management Passwords CISO Cybersecurity

Crooks hacked Mandiant X account to push cryptocurrency scam

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam.

Cryptocurrency

Cryptocurrency Scams Accountability Hacking

Email accounts of the International Monetary Fund compromised

Security Affairs

MARCH 18, 2024

Threat actors compromised at least 11 International Monetary Fund (IMF) email accounts earlier this year, the organization revealed. The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The impacted email accounts were re-secured.

Accountability

Accountability Hacking Cybersecurity Data breaches

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S. Segment or isolate portions of your network that are critical to your business, process, or store sensitive information. Accounting for humans. businesses called #ShieldsUp. The efficacy of hygiene.

Cybersecurity

Cybersecurity Cybercrime Education Government

8-K cybersecurity-incident disclosures to the SEC: A 2024 timeline

Security Boulevard

JANUARY 2, 2025

Securities and Exchange Commission adopted new rules to enhance the annual reporting of cybersecurity measures practiced by SEC registrants. These requirements are in addition to those about the timely disclosure of material cybersecurity incidents that these companies experience.

Cybersecurity

Cybersecurity Media Marketing Accountability

An XSS flaw in GitLab allows attackers to take over accounts

Security Affairs

MAY 24, 2024

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. The flaw can be exploited to hijack an account without any interaction.

Accountability

Accountability Passwords Hacking Cybersecurity

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

Security Affairs

OCTOBER 17, 2024

” The vulnerability was discovered by the cybersecurity researcher Nicolai Rybnikar Rybnikar Enterprises GmbH. The fixed version sets a randomly-generated password for the duration of the image build and it disables the builder account at the conclusion of the image build. The flaw has been fixed in version 0.1.38.

Accountability

Accountability Passwords Hacking Cybersecurity

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. Only share the personal information you absolutely have to provide with the genetic testing company. Lie if you must and create a separate free email account so the information can’t be tied to your main account.

Insurance

Insurance Accountability Risk Data breaches

Zero Trust Network Architecture vs Zero Trust: What Is the Difference?

Joseph Steinberg

JANUARY 4, 2023

Zero Trust is a term that is often misunderstood and misused, which is why I wrote an article not long ago entitled Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean. appeared first on Joseph Steinberg: CyberSecurity Expert Witness, Privacy, Artificial Intelligence (AI) Advisor.

Architecture

Architecture Artificial Intelligence Encryption Cybersecurity

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog.

Encryption

Encryption Hacking Accountability Cybersecurity

Subaru Starlink flaw allowed experts to remotely hack cars

Security Affairs

JANUARY 25, 2025

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. The experts explained that they exploited the flaw to gain unrestricted targeted access to all vehicles and customer accounts in the above countries. ” wrote Curry. ” added Curry. I sent the unlock command.

Hacking

Hacking Accountability Passwords Authentication

5 Ways to Strengthen the Weak Link in Cybersecurity

IT Security Guru

JUNE 7, 2024

In the current era, proactive cybersecurity steps are essential to upholding a strong cybersecurity stance. A vital investment worth considering is a vulnerability management platform, also known as an exposure management platform, which can enhance preventive cybersecurity measures for businesses of various scales.

Cybersecurity

Cybersecurity CISO Passwords Backups

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

-based cyber intelligence firm Hold Security , KrebsOnSecurity in March told Gunnebo about a financial transaction between a malicious hacker and a cybercriminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking

Hacking Ransomware Banking Accountability

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. Additionally, Expedition provides automation and best practice adoption to improve security posture and operational efficiency. reads the advisory.

Firewall

Firewall Authentication Accountability Risk

CISA warns of RESURGE malware exploiting Ivanti flaw

Security Affairs

MARCH 30, 2025

Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. In January, the U.S.

Malware

Malware Authentication Cybersecurity Encryption

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. If you were confused at this point, you might ask Google who it thinks is the current Chief Information Security Officer of Chevron. of spam and scam.”

CISO

CISO Cybercrime Accountability Information Security

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

Security Affairs

SEPTEMBER 18, 2023

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack.

Accountability

Accountability Social Engineering Authentication VPN

2024 Cybersecurity Laws & Regulations

eSecurity Planet

SEPTEMBER 21, 2024

Understanding and adhering to cybersecurity regulations is crucial for any organization as cyber threats evolve and become more sophisticated. The landscape of cybersecurity laws and regulations today is set to undergo significant changes, impacting businesses, government entities, and individuals alike.

Cybersecurity

Cybersecurity Computers and Electronics Cyber threats Healthcare

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

The cybersecurity company has no further details on the vulnerability and said has yet to detect active exploitation. The cybersecurity firm states that it does not have sufficient information about any indicators of compromise.

Firewall

Firewall Authentication Internet Internet

Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw

Security Affairs

APRIL 12, 2025

. “The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the ‘secret_key’ value in the ‘autheticate_user’ function in all versions up to, and including, 1.0.78.”

Accountability

Accountability Authentication Passwords Hacking

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

In addition, educating employees about cybersecurity issues can help to reinforce the security-minded culture of the organization and change employee behaviour. One of the best ways to increase employee security awareness is to provide frequent training and communication about the risks of phishing and other cyberattacks.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

Laboratory Services Cooperative data breach impacts 1.6 Million People

Security Affairs

APRIL 11, 2025

On October 27, 2024, the Laboratory Services Cooperative detected suspicious network activity and launched an investigation with the help of cybersecurity experts. “The specific information involved is not the same for everyone.” “The specific information involved is not the same for everyone.”

Data breaches

Data breaches Insurance Banking Accountability

NYDFS Cybersecurity Regulation: Dates, Facts and Requirements

Centraleyes

MARCH 13, 2025

New York, the city that never sleeps, is also the city that takes cybersecurity very seriously. If you’re part of the financial services ecosystem hereor interact with businesses regulated by the New York State Department of Financial Servicesyouve likely come across the NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Risk Encryption

Empowering Women in Cybersecurity: Insights from ISC2's Latest Study

SecureWorld News

APRIL 9, 2025

The cybersecurity landscape is witnessing a transformative shift, with an increasing number of women entering the field through non-traditional pathways. A recent study by ISC2 highlights this trend, revealing how diverse educational backgrounds and experiences are enriching the cybersecurity workforce.

Cybersecurity

Cybersecurity Education InfoSec Government

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

A large botnet targets M365 accounts with password spraying attacks

Change Healthcare Breach Hits 100M Americans

Trending Sources

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

10 Benefits of Leading a Cybersecurity Management Review

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

New SEC Rules around Cybersecurity Incident Disclosures

The US Treasury’s OCC disclosed an undetected major email breach for over a year

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

BlackLock Ransomware Targeted by Cybersecurity Firm

Failures in Twitter’s Two-Factor Authentication System

EDR-as-a-Service makes the headlines in the cybercrime landscape

whoAMI attack could allow remote code execution within AWS account

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Cybersecurity Certifications: The Key to Advancing Your Career in 2025

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

International law enforcement operation dismantled RedLine and Meta infostealers

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

Crooks hacked Mandiant X account to push cryptocurrency scam

Email accounts of the International Monetary Fund compromised

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

8-K cybersecurity-incident disclosures to the SEC: A 2024 timeline

An XSS flaw in GitLab allows attackers to take over accounts

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

DNA testing company vanishes along with its customers’ genetic data

Zero Trust Network Architecture vs Zero Trust: What Is the Difference?

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Subaru Starlink flaw allowed experts to remotely hack cars

5 Ways to Strengthen the Weak Link in Cybersecurity

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

CISA warns of RESURGE malware exploiting Ivanti flaw

LinkedIn Adds Verified Emails, Profile Creation Dates

Fake CISO Profiles on LinkedIn Target Fortune 500s

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

2024 Cybersecurity Laws & Regulations

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Laboratory Services Cooperative data breach impacts 1.6 Million People

NYDFS Cybersecurity Regulation: Dates, Facts and Requirements

Empowering Women in Cybersecurity: Insights from ISC2's Latest Study

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Top 2023 Security Affairs cybersecurity stories

Stay Connected