Tag: security-incident
-
Unterschätztes Risiko: Insider-Bedrohungen endlich ernst nehmen
Tags: access, ai, compliance, cyberattack, cybersecurity, data, fraud, governance, identity, infrastructure, mail, nis-2, phishing, resilience, risk, risk-analysis, risk-management, security-incident, threat, tool, vulnerability48 Prozent der Fälle von Datendiebstahl, Industriespionage oder Sabotage in Unternehmen gehen laut einer Studie auf Mitarbeiter zurück.Was wäre, wenn das größte Sicherheitsrisiko Ihrer Organisation bereits einen Mitarbeitendenausweis besitzt, legitim angemeldet ist und genau weiß, wie interne Prozesse funktionieren? Diese Frage ist unbequem, aber sie markiert den Ausgangspunkt für eine längst überfällige Auseinandersetzung mit Insider-Bedrohungen.…
-
13 cyber questions to better vet IT vendors and reduce third-party risk
Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerabilityVital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
-
13 cyber questions to better vet IT vendors and reduce third-party risk
Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerabilityVital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
-
When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
<div cla First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/when-security-incidents-break-the-questions-every-ciso-asks-and-how-we-securely-built-a-solution-in-record-time/
-
Neue EU-Schwachstellen-Datenbank gestartet
Die neue GCVE-Datenbank soll das Schwachstellenmanagement effizienter und einfacher machen.Mit db.gcve.eu stellt die GCVE-Initiative (Global Cybersecurity Vulnerability Enumeration) ab sofort eine kostenfreie, öffentlich zugängliche Datenbank für IT-Sicherheitslücken bereit. Ziel ist es, die Abhängigkeit von US-Datenbanken zu beenden und die digitale Souveränität in Europa zu stärken. Die Plattform führt Informationen aus verschiedenen öffentlichen Ressourcen zusammen. Dazu…
-
Hackers Remotely Took Control of an Apex Legends Player’s Inputs
A critical security vulnerability has emerged in Respawn Entertainment’s popular battle royale title, allowing threat actors to remotely manipulate player inputs without requiring code execution capabilities. Respawn Entertainment, the developer of Apex Legends, has confirmed an active security incident affecting its player base. Malicious actors have discovered a vulnerability that enables them to remotely control…
-
Zero-Trust Isn’t Optional Anymore”, It’s Your AI Agent Fire Drill
Here is the ugly truth about security incidents today. The bad guys don’t storm the castle breaking down the walls. Most attacks start with a login that was obtained. Once inside they see where they can go and what they can do. They enter the front door with working keys. And now, because the universe..…
-
Cybersecurity hat kein Budget-Problem
Tags: breach, business, ciso, compliance, cyberattack, cybersecurity, cyersecurity, governance, jobs, risk, security-incident, strategyEin Tag im Leben eines Sicherheitsentscheiders”¦Wenn es um Security-Budgets geht, dreht sich ein Großteil der (Online-)Diskussionen darum, wie man das “Board” für sich gewinnt und Investitionen rechtfertigt. Einige Ansätze basieren auf spezifischen Finanzmodellen und zielen darauf ab, den Return on Investment (ROI) zu rechtfertigen. Andere konzentrieren sich eher darauf, Risiken zu quantifizieren und deren Minderung…
-
UK Launches New Cyber Unit to Bolster Defences Against Cyber Threats
UK government’s new Cyber Action plan looks to provide more ‘hands-on’ support for protecting against and responding to security incidents First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-launches-new-cyber-unit/
-
UK Launches New Cyber Unit to Bolster Defences Against Cyber Threats
UK government’s new Cyber Action plan looks to provide more ‘hands-on’ support for protecting against and responding to security incidents First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-launches-new-cyber-unit/
-
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation
Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, updateCloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
-
So geht Post-Incident Review
Post-Incident Reviews können dazu beitragen, die richtigen Lehren aus Sicherheitsvorfällen zu ziehen wenn sie richtig aufgesetzt sind.Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die…
-
The 3% Rule: How To Silence 97% of Your Cloud Alerts and Be More Secure
Tags: access, ai, attack, breach, business, cloud, cve, cvss, data, data-breach, flaw, iam, identity, infrastructure, least-privilege, malicious, metric, network, ransomware, risk, security-incident, service, software, strategy, threat, tool, update, vulnerability, vulnerability-managementPrioritizing what to fix first and why that really matters Key takeaways The 97% distraction: Discover why the vast majority of your “Critical” alerts are just theoretical noise, and how focusing strictly on the 3% of findings that represent real, exploitable risk can drastically improve your security posture. Identity is the accelerant: Breaches rarely happen…
-
2025 Year in Review at Cloud Security Podcast by Google
Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
PornHub Confirms Premium User Data Exposure Linked to Mixpanel Breach
PornHub is facing renewed scrutiny after confirming that some Premium users’ activity data was exposed following a security incident at a third-party analytics provider. The PornHub data breach disclosure comes as the platform faces increasing regulatory scrutiny in the United States and reported extortion attempts linked to the stolen data. First seen on thecyberexpress.com Jump…
-
96 Prozent der Unternehmen haben im KI-Zeitalter Schwierigkeiten bei der Absicherung des menschlichen Faktors
Der Bericht ‘State of Human Risk 2025″ von KnowBe4 zeigt einen Anstieg sowohl bei sicherheitsrelevanten Vorfällen durch Menschen als auch bei Verstößen im Zusammenhang mit KI-Anwendungen. Für die internationale Studie, die auch Daten aus dem DACH-Raum enthält, wurden 700 Cybersicherheits-Vverantwortliche und 3.500 Mitarbeiter von Unternehmen befragt, die im vergangenen Jahr einen Sicherheitsvorfall mit Mitarbeitern erlebt…
-
GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments
Tags: access, api, authentication, awareness, cloud, credentials, data-breach, detection, exploit, github, infrastructure, malicious, mfa, monitoring, security-incident, strategy, threat, trainingEasily evading detection: Wiz found that a threat actor with basic read permissions via a PAT can use GitHub’s API code search to discover secret names embedded directly in a workflow’s yaml code, accessed via “${{ secrets.SECRET_NAME }}.”The danger is that this secret discovery method is difficult to monitor because search API calls are not…
-
GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments
Tags: access, api, authentication, awareness, cloud, credentials, data-breach, detection, exploit, github, infrastructure, malicious, mfa, monitoring, security-incident, strategy, threat, trainingEasily evading detection: Wiz found that a threat actor with basic read permissions via a PAT can use GitHub’s API code search to discover secret names embedded directly in a workflow’s yaml code, accessed via “${{ secrets.SECRET_NAME }}.”The danger is that this secret discovery method is difficult to monitor because search API calls are not…
-
GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments
Tags: access, api, authentication, awareness, cloud, credentials, data-breach, detection, exploit, github, infrastructure, malicious, mfa, monitoring, security-incident, strategy, threat, trainingEasily evading detection: Wiz found that a threat actor with basic read permissions via a PAT can use GitHub’s API code search to discover secret names embedded directly in a workflow’s yaml code, accessed via “${{ secrets.SECRET_NAME }}.”The danger is that this secret discovery method is difficult to monitor because search API calls are not…
-
Gainsight Verifies Token Breach Linked to Salesforce Advisory, Issues New IOCs
Gainsight, the leading customer success platform, has confirmed that a security incident involving its Salesforce integration compromised customer tokens for a small subset of its client base. The announcement follows a security advisory issued by Salesforce last week, which prompted the temporary disabling of Gainsight’s connected application. In a statement released ahead of the Thanksgiving…
-
OpenAI Reveals Mixpanel Data Breach Exposing User Details
OpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email addresses, operating system details, and browser metadata. According to OpenAI, the incident originated within Mixpanel’s…
-
OpenAI Reveals Mixpanel Data Breach Exposing User Details
OpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email addresses, operating system details, and browser metadata. According to OpenAI, the incident originated within Mixpanel’s…