Tag: data
-
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help
Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trustThe Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
-
TikTok tracked user’s Grindr activity in violation of European law, rights group alleges
TikTok and the gay dating app Grindr are violating European data protection laws by tracking user activities across apps, a digital rights organization alleges. First seen on therecord.media Jump to article: therecord.media/tiktok-grindr-data-tracking-noyb
-
Turning Vague Customer Problems into Validated AI Opportunities
The Real Risk in AI Isn’t the Technology When most companies think about AI risk, they focus on the technical side, models, data, and infrastructure….Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/12/turning-vague-customer-problems-into-validated-ai-opportunities/
-
14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data
ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data. First seen on hackread.com Jump to article: hackread.com/nuget-malicious-packages-steal-crypto-ad-data/
-
SoundCloud Breach Potentially Affects Millions of Accounts
SoundCloud confirmed a breach that exposed user data through an internal dashboard, potentially affecting millions of accounts. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/soundcloud-breach-potentially-affects-millions-of-accounts/
-
Google Chrome Extension is Intercepting Millions of Users’ AI Chats
A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-chrome-extension-is-intercepting-millions-of-users-ai-chats/
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
-
Hackers Claim Stealing 94GB of Pornhub Premium User Watch Histories
Cybercriminal group ShinyHunters targets former Pornhub Premium users in a massive 94GB data extortion campaign. Learn about the stolen data details, the involvement of a smishing attack, and the conflicting reports on the breach. First seen on hackread.com Jump to article: hackread.com/hackers-pornhub-premium-user-watch-histories/
-
Askul data breach exposed over 700,000 records after ransomware attack
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables to companies and consumers. It operates large-scale fulfillment and delivery services across Japan and is…
-
Hackers Claim Stealing 94GB of Pornhub Premium User Watch Histories
Cybercriminal group ShinyHunters targets former Pornhub Premium users in a massive 94GB data extortion campaign. Learn about the stolen data details, the involvement of a smishing attack, and the conflicting reports on the breach. First seen on hackread.com Jump to article: hackread.com/hackers-pornhub-premium-user-watch-histories/
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
US Autoparts Maker LKQ Confirms Oracle EBS Breach
LKQ confirmed that over 9000 individuals saw their personal data compromised because of the breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lkq-confirms-oracle-ebs-breach/
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
Homomorphic Encryption for Privacy-Preserving Model Context Sharing
Discover how homomorphic encryption (HE) enhances privacy-preserving model context sharing in AI, ensuring secure data handling and compliance for MCP deployments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/homomorphic-encryption-for-privacy-preserving-model-context-sharing/
-
Homomorphic Encryption for Privacy-Preserving Model Context Sharing
Discover how homomorphic encryption (HE) enhances privacy-preserving model context sharing in AI, ensuring secure data handling and compliance for MCP deployments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/homomorphic-encryption-for-privacy-preserving-model-context-sharing/
-
Ro’s CISO on managing data flows in telehealth
In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/16/scott-bachand-ro-telehealth-security/
-
FortiGate firewall credentials being stolen after vulnerabilities discovered
Tags: access, advisory, ai, attack, authentication, best-practice, breach, ceo, cisa, credentials, cve, cyberattack, cybersecurity, data, data-breach, exploit, firewall, flaw, fortinet, hacker, infrastructure, Internet, kev, least-privilege, login, malicious, network, password, software, theft, threat, update, vulnerabilityCSO. “So far, the pattern of activity has appeared to be opportunistic in nature. While it is difficult to estimate the number of devices directly vulnerable to this vulnerability, there are hundreds of thousands of Fortinet appliances accessible on the public internet through specialized search engines. This allows threat actors to opportunistically attempt exploitation against…
-
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership
Ambiguity isn’t just a challenge. It’s a leadership test – and most fail it. I want to start with something that feels true but gets ignored way too often. Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it… until it shows up for real. Then we…
-
Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership
Ambiguity isn’t just a challenge. It’s a leadership test – and most fail it. I want to start with something that feels true but gets ignored way too often. Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it… until it shows up for real. Then we…
-
Analytics provider: We didn’t expose smut site data to crims
Tags: dataAn employee of the adult site could be responsible. First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/mixpanel_breach_leak_denial/
-
Medical Group Will Pay $1.2M to Settle Data Theft Lawsuit
Cybercrime Gang Rhysida Still Lists the Practice on Its Leak Site Among Its Victims. A Kansas medical group will pay $1.2 million to settle proposed class action litigation involving an attack that compromised the sensitive data of nearly 256,000 individuals. The Rhysida ransomware operation claimed responsibility and said it stole 3 terabytes. First seen on…
-
NDSS 2025 Selective Data Protection against Memory Leakage Attacks for Serverless Platforms
Session 6B: Confidential Computing 1 Authors, Creators & Presenters: Maryam Rostamipoor (Stony Brook University), Seyedhamed Ghavamnia (University of Connecticut), Michalis Polychronakis (Stony Brook University) PAPER LeakLess: Selective Data Protection against Memory Leakage Attacks for Serverless Platforms As the use of language-level sandboxing for running untrusted code grows, the risks associated with memory disclosure vulnerabilities and…
-
NDSS 2025 IsolateGPT: An Execution Isolation Architecture For LLM-Based Agentic Systems
Session 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Yuhao Wu (Washington University in St. Louis), Franziska Roesner (University of Washington), Tadayoshi Kohno (University of Washington), Ning Zhang (Washington University in St. Louis), Umar Iqbal (Washington University in St. Louis) PAPER IsolateGPT: An Execution Isolation Architecture for LLM-Based Agentic Systems Large language models…
-
How test data generators support compliance and data privacy
Whether you’re generating data from scratch or transforming sensitive production data, performant test data generators are critical tools for achieving compliance in development workflows. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/how-test-data-generators-support-compliance-and-data-privacy/