Fraud Management & Cybercrime, Fraud Risk Management Treasury Yet to Release Sector-Specific Controls and Reimbursement Mechanisms Suparna Goswami (gsuparna) • October 29, 2025 Image: Evanto Elements In a significant move earlier this year, Australia implemented a pioneering scam prevention law designed to position the nation as an unwelcoming environment for…
Recently, a headline regarding a cyber breach emerged, emphasizing that the exposure of personal information represents the “worst-case scenario” in such incidents. While breaches do raise significant public concern, the situation is more complex than this characterization suggests. This analysis does not zero in on any single incident; rather, it…
A critical vulnerability affecting Microsoft SharePoint, identified as CVE-2024-38094, has been recently incorporated into the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog. This adds urgency as CISA has flagged the issue, citing active exploitation in the wild. This high-severity vulnerability, which carries a CVSS score…
A sophisticated cyberespionage operation has emerged, directly attributed to a Chinese group utilizing vulnerabilities in Microsoft Exchange Servers unveiled earlier this March. This group, identified as PKPLUG (also known as Mustang Panda and HoneyMyte), has executed a new attack sequence deploying an undocumented variant of a remote access trojan, dubbed…
Uber Technologies Inc. has recently acknowledged a security breach affecting its internal computer systems, first reported late Thursday. The company stated that there is currently “no evidence” suggesting that sensitive user data, such as trip history, has been accessed during the incident. In a public statement, Uber clarified, “We have…
Professional Certifications & Continuous Training, Recruitment & Reskilling Strategy, Training & Security Leadership Midsize Businesses Require Skilled Cybersecurity Professionals as Threat Dynamics Evolve Brandy Harris • October 29, 2025 Image: Shutterstock As larger corporations fortify their cybersecurity defenses and minimize ransom payouts, ransomware attackers are increasingly targeting midsize organizations. These…
This week’s cybersecurity highlights draw attention to rising threats stemming from misconfigurations, software vulnerabilities, and sophisticated malware. The incidents outlined below require the immediate focus of IT teams and business executives. ISC has addressed CVE-2025-5470 in BIND 9, a denial-of-service vulnerability impacting versions 9.16.0 to 9.18.26. The vulnerability enables server…
Fortinet Confirms Critical Vulnerability in FortiManager Under Active Exploitation Fortinet has identified a significant security vulnerability affecting its FortiManager product, designated as CVE-2024-47575, with a high CVSS score of 9.8. This vulnerability, also referred to as FortiJump, relates to the FGFM protocol utilized for communication between FortiGate devices and FortiManager.…
In a recent joint advisory, intelligence agencies from Australia, the U.K., and the U.S. have highlighted critical vulnerabilities that were actively exploited during 2020 and 2021. This report underscores how swiftly threat actors can capitalize on publicly disclosed weaknesses in software, posing a significant risk to various organizations worldwide. The…
