A significant data breach has come to light, exposing the records of approximately 1.5 billion users across various prominent platforms, including Weibo, DiDi, and the Shanghai Communist Party. This incident highlights critical vulnerabilities in data security practices, raising alarms for technology providers and business owners regarding the protection of sensitive…
Tech Startups Face Security Risks from Unmanaged Google Accounts Recent findings by Dylan Ayrey of Truffle Security Co. highlight a critical security vulnerability affecting failed startups that utilize Google’s productivity suite, known as Workspace. Many of these companies leverage Google’s OAuth for authentication, allowing users easy sign-ins with their Google…
The Lazarus Group, an infamous hacking unit allegedly sponsored by the North Korean regime, has intensified its malware campaigns, now specifically targeting software developers and freelancers. The group employs deceptive tactics to gain access to victims’ corporate networks. For freelancers, the risk is heightened; according to reports, Lazarus hackers utilize…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Hackers Exploit Malicious Macros in Diplomatic Documents to Target Asian Nations Prajeet Nair (@prajeetspeaks) • January 15, 2025 The Nur-Sultan Astana Government Building of the Republic of Kazakhstan (Image: Shutterstock) Recent developments indicate that hackers, potentially affiliated with the…
Cybersecurity Alert: Data Breach at PowerSchool Affects Students and Educators Recently, several school districts have reported a significant data breach involving PowerSchool, an educational technology provider that serves over 50 million students. In this cyberattack, hackers may potentially have gained access to the personal information of students and teachers, raising…
Cyberattack Mimics Black Basta Tactics, Compromises Client Email Security In a recent cybersecurity incident, a wave of malicious emails, closely resembling the strategies employed by the infamous Black Basta ransomware group, targeted a client of SlashNext. Spanning a rapid 90-minute period, over 1,165 nefarious emails inundated the inboxes of 22…
Fortinet, a notable player in the American cybersecurity landscape, is currently in the spotlight due to alarming reports suggesting that it may have inadvertently exposed its customers to a serious cyber risk. This situation escalated when Arctic Wolf, a competing firm, publicly disclosed the details of the threat, igniting a…
Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime US Cyber Defense Agency Was Not Initially Aware of Hackers Involved in Salt Typhoon Chris Riotta (@chrisriotta) • January 15, 2025 Director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, remarked that the Chinese “Salt Typhoon” breach of…
On December 24, 2024, Governor Kathy Hochul of New York enacted significant amendments to both the state’s private-sector and government agency data breach notification laws. These revisions to the General Business Law § 899-aa and New York State Technology Law § 208 introduce strict new timelines and a broadened scope…
