Tag: corporate

European Commission moves to loosen GDPR for AI and cookie tracking

Nov 10, 2025 2:19 PM

Tags: ai, corporate, data, GDPR, governance, law, network, privacy, risk, training, update

AI training gets green light: The proposal directly addressed one of the most contentious issues in EU privacy law: whether companies can train AI systems using personal data.The draft stated that AI training, testing, and validation may be conducted under the GDPR’s “legitimate interest” basis, as long as companies implement safeguards such as data minimization,…
European Commission moves to loosen GDPR for AI and cookie tracking

Nov 10, 2025 2:19 PM

Tags: ai, corporate, data, GDPR, governance, law, network, privacy, risk, training, update

AI training gets green light: The proposal directly addressed one of the most contentious issues in EU privacy law: whether companies can train AI systems using personal data.The draft stated that AI training, testing, and validation may be conducted under the GDPR’s “legitimate interest” basis, as long as companies implement safeguards such as data minimization,…
CISOs must prove the business value of cyber, the right metrics can help

Nov 10, 2025 9:19 AM

Tags: attack, business, ceo, cio, ciso, control, corporate, cve, cyber, cybersecurity, data, finance, framework, guide, identity, intelligence, metric, mfa, mitre, nist, office, okta, risk, service, strategy, supply-chain, technology, threat, update, usa, vulnerability

Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
CISOs must prove the business value of cyber, the right metrics can help

Nov 10, 2025 9:19 AM

Tags: attack, business, ceo, cio, ciso, control, corporate, cve, cyber, cybersecurity, data, finance, framework, guide, identity, intelligence, metric, mfa, mitre, nist, office, okta, risk, service, strategy, supply-chain, technology, threat, update, usa, vulnerability

Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
CISOs must prove the business value of cyber, the right metrics can help

Nov 10, 2025 9:19 AM

Tags: attack, business, ceo, cio, ciso, control, corporate, cve, cyber, cybersecurity, data, finance, framework, guide, identity, intelligence, metric, mfa, mitre, nist, office, okta, risk, service, strategy, supply-chain, technology, threat, update, usa, vulnerability

Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
Online Job Scams Creating News Risks for Corporate Networks

Nov 8, 2025 1:19 AM

Tags: access, corporate, fraud, google, jobs, network, risk, scam, software, threat

It’s Time for Enterprises to Manage Risks Posed by Compromised Personal Devices Online job scams have evolved beyond consumer fraud and now pose a direct threat to corporate networks. Google warns that scammers are embedding remote access Trojans and info-stealers disguised as interview software or application materials to hack personal devices and ultimately corporate systems.…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
Business continuity and cybersecurity: Two sides of the same coin

Nov 7, 2025 2:20 PM

Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trust

Why traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
Business continuity and cybersecurity: Two sides of the same coin

Nov 7, 2025 2:20 PM

Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trust

Why traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Cavalry Werewolf Launches Cyberattack on Government Agencies to Deploy Network Backdoor

Nov 7, 2025 8:19 AM

Tags: attack, backdoor, corporate, cyber, cyberattack, email, government, network, russia, spam, virus

In July 2025, Doctor Web’s anti-virus laboratory received a critical alert from a government-owned organization within the Russian Federation. The institution suspected a network compromise after discovering spam emails originating from one of their corporate email addresses. What began as a routine investigation quickly escalated into the discovery of a sophisticated targeted attack orchestrated by…
Apache OpenOffice disputes data breach claims by ransomware gang

Nov 4, 2025 11:19 PM

Tags: apache, attack, breach, corporate, data, data-breach, ransomware, software, threat

The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apache-openoffice-disputes-data-breach-claims-by-ransomware-gang/
Bridging the Trust Gap with 1Password

Nov 3, 2025 7:20 PM

Tags: access, corporate, data, service, software

We have spent what seems like an eternity of our careers trying to wrangle access issues. We set up our shiny SSO portals, federate the big apps, and feel pretty good. We have a >>bubble
Bridging the Trust Gap with 1Password

Nov 3, 2025 7:20 PM

Tags: access, corporate, data, service, software

We have spent what seems like an eternity of our careers trying to wrangle access issues. We set up our shiny SSO portals, federate the big apps, and feel pretty good. We have a >>bubble
What does aligning security to the business really mean?

Nov 3, 2025 8:19 AM

Tags: ai, business, ciso, corporate, cyber, cybersecurity, metric, risk, risk-management, sans, service, software, strategy, threat, training, usa

Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
What does aligning security to the business really mean?

Nov 3, 2025 8:19 AM

Tags: ai, business, ciso, corporate, cyber, cybersecurity, metric, risk, risk-management, sans, service, software, strategy, threat, training, usa

Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
What does aligning security to the business really mean?

Nov 3, 2025 8:19 AM

Tags: ai, business, ciso, corporate, cyber, cybersecurity, metric, risk, risk-management, sans, service, software, strategy, threat, training, usa

Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
Knee-jerk corporate responses to data leaks protect brands like Qantas, but consumers are getting screwed

Nov 1, 2025 8:20 PM

Tags: attack, breach, corporate, cyber, cybersecurity, data, data-breach, email, hacker, leak, ransom, scam

When courts ban people from accessing leaked data as happened after the recent Qantas data breach only hackers and scammers win<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>It’s become the playbook for big Australian companies that have customer data stolen in a cyber-attack: call in the lawyers and get…
Akira Ransomware Strikes Apache OpenOffice, Allegedly Exfiltrates 23GB of Data

Nov 1, 2025 12:19 PM

Tags: apache, breach, corporate, cyber, dark-web, data, group, leak, ransom, ransomware

The notorious Akira ransomware gang announced on October 29, 2025, that it successfully penetrated the systems of Apache OpenOffice, claiming to have exfiltrated a staggering 23 gigabytes of sensitive corporate data. The group posted details on its dark web leak site, threatening to release the stolen information unless a ransom demand is met. This incident…
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness

Oct 31, 2025 7:19 PM

Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-management

Many organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness

Oct 31, 2025 7:19 PM

Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-management

Many organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

Oct 31, 2025 3:19 PM

Tags: china, corporate, cve, cyber, endpoint, espionage, exploit, flaw, group, vulnerability, zero-day

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick.The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month,…
Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data

Oct 31, 2025 12:19 PM

Tags: access, china, corporate, cyber, data, endpoint, exploit, group, network, threat, unauthorized, vulnerability, zero-day

In mid-2025, Secureworks Counter Threat Unit (CTU) researchers uncovered a sophisticated cyber campaign where Chinese state-sponsored threat actors from the BRONZE BUTLER group exploited a critical zero-day vulnerability in Motex LANSCOPE Endpoint Manager to gain unauthorized access to corporate networks and extract sensitive data. The discovery marks another chapter in a long-running pattern of exploitation…
Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data

Oct 31, 2025 12:19 PM

Tags: access, china, corporate, cyber, data, endpoint, exploit, group, network, threat, unauthorized, vulnerability, zero-day

In mid-2025, Secureworks Counter Threat Unit (CTU) researchers uncovered a sophisticated cyber campaign where Chinese state-sponsored threat actors from the BRONZE BUTLER group exploited a critical zero-day vulnerability in Motex LANSCOPE Endpoint Manager to gain unauthorized access to corporate networks and extract sensitive data. The discovery marks another chapter in a long-running pattern of exploitation…