Tag: security-incident
-
How CISOs can rebuild trust after a security incident
Tags: attack, breach, business, cisco, ciso, cloud, communications, cybersecurity, data, firewall, group, incident response, jobs, linux, mobile, monitoring, risk, security-incident, service, software, strategy, vulnerabilityMaintaining sensitivity in accountability: Cisco’s Lidz emphasizes that transparency does not end at incident resolution.”Being transparent, internally in particular, by making sure stakeholders understand you and your team have learned from the incident, that there are things you would do better not just in terms of protections, but how you respond and react to incidents”…
-
CISOs: Stop trying to do the lawyer’s job
Tags: breach, business, ciso, compliance, cybersecurity, data, email, finance, group, guide, incident response, international, jobs, law, privacy, RedTeam, risk, risk-management, security-incident, service, skills, strategy, technology, training, updateThere’s a joke that’s been floating around boardrooms for years: “What’s the difference between lawyers and engineers? Lawyers don’t think they’re engineers.”This light-hearted jab highlights a fundamental difference between the two professions. Engineers, and by extension CISOs, focus on building and fixing things, learning a wide array of skills, sometimes sticking their hands into technologies…
-
Flicken oder untergehen: Wie Unternehmen das Schwachstellenmanagement meistern
Warten Sie nicht, bis ein teurer Sicherheitsvorfall die Bedeutung von zeitnahen Software-Updates schmerzhaft verdeutlicht. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/business-security/flicken-oder-untergehen-wie-unternehmen-das-schwachstellenmanagement-meistern/
-
Datenschutzvorfall im Online-Forum Rezeptwelt.de (Feb. 2025)
Unschöne Geschichte, auf die mich gleich zwei Leser aufmerksam gemacht haben (danke dafür). Das zu Vorwerk gehörende Online-Forum rezeptwelt.de informiert seine Nutzer über einen Sicherheitsvorfall, den es bei einem externen Dienstleister gab, und bei dem wohl die Nutzerdaten betroffen sind. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/02/07/datenschutzvorfall-im-online-forum-rezeptwelt-de/
-
Security Teams Pay the Price: The Unfair Reality of Cyber Incidents
The blame of security incidents may be shared”, but the burden of response always falls on the security team. Here’s how to prepare for the inevitable. The post Security Teams Pay the Price: The Unfair Reality of Cyber Incidents appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/security-teams-pay-the-price-the-unfair-reality-of-cyber-incidents/
-
21% of CISOs pressured to not report compliance issues
Tags: awareness, breach, business, ceo, ciso, compliance, control, corporate, cybersecurity, data, dora, finance, framework, governance, incident response, infrastructure, insurance, law, nis-2, regulation, resilience, risk, security-incident, trainingCISOs are increasingly getting caught between business pressures and regulatory obligations, leaving them struggling to balance corporate loyalty and legal accountability.To wit: One in five (21%) security leaders have been pressured by other executives or board members not to report compliance issues at their companies, according to a recent study by security vendor Splunk.The same…
-
Grubhub says hack on third-party exposed information on campus customers
In a statement published on Monday evening, the company said it recently identified a security incident that “originated with an account belonging to a third-party service provider that provided support services to Grubhub.” First seen on therecord.media Jump to article: therecord.media/grubhub-says-third-party-hack-exposed-campus-customers
-
Grubhub serves up security incident with a side of needing to change your password
Contact info and partial payment details may be compromised First seen on theregister.com Jump to article: www.theregister.com/2025/02/04/grubhub_data_incident/
-
Cyber-Zwischenfall bei einem Maschinenbauunternehmen in Großbritannien
Cyber Security Incident First seen on smiths.com Jump to article: www.smiths.com/news-and-insights/news/2025/cyber-security-incident
-
US takes aim at healthcare cybersecurity with proposed HIPAA changes
Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-managementThe US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
-
Data Privacy Day 2025: Verschlüsselung als Treiber der Datensouveränität
Von den Firmen, die in den letzten zwölf Monaten bei einer Auditierung der Compliance durchgefallen sind, hatten 31 Prozent im selben Jahr einen Sicherheitsvorfall mit Datenverlust erlitten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/data-privacy-day-2025-verschluesselung-als-treiber-der-datensouveraenitaet/a39569/
-
Automating endpoint management doesn’t mean ceding control
Tags: ai, automation, business, compliance, control, cybersecurity, data, endpoint, governance, intelligence, ml, risk, security-incident, skills, threat, tool, vulnerabilityBeset with cybersecurity risks, compliance regimes, and digital experience challenges, enterprises need to move toward autonomous endpoint management (AEM), the next evolution in endpoint management and security solutions. CSO’s Security Priorities Study 2024 reveals that 75% of security decision-makers say that understanding which security tools and solutions fit best within their company is becoming more complex. Many are…
-
SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks
Tags: advisory, attack, cve, cvss, cyber, exploit, incident response, security-incident, threat, update, vulnerabilityA critical vulnerability in SonicWall’s SMA1000 series tracked as CVE-2025-23006, has come under active exploitation by threat actors. SonicWall’s PSIRT (Product Security Incident Response Team) has issued an urgent advisory urging users to update their systems immediately to mitigate risks. Details of CVE-2025-23006 The vulnerability, which scores an alarming9.8/10on the CVSS v3 severity scale, stems from…
-
How to Eliminate Identity-Based Threats
Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of First seen on thehackernews.com Jump…
-
10 top XDR tools and how to evaluate them
Tags: ai, attack, automation, business, cloud, computing, container, corporate, credentials, data, defense, detection, edr, email, encryption, endpoint, finance, firewall, google, guide, Hardware, iam, ibm, identity, incident response, infrastructure, intelligence, malicious, malware, marketplace, microsoft, mitigation, network, office, okta, open-source, organized, risk, security-incident, service, siem, skills, soar, software, spam, technology, threat, tool, training, vulnerability, zero-dayLittle in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat…
-
Conduent Confirms Security ‘Incident’ Behind Major Service Outage
Solution provider giant Conduent says its recent ‘operational disruption’ was caused by a cyberattack. First seen on crn.com Jump to article: www.crn.com/news/security/2025/conduent-confirms-security-incident-behind-major-service-outage
-
Account Compromise and Phishing Top Healthcare Security Incidents
Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/account-compromise-phishing/
-
Three Keys to Modernizing Data Security: DSPM, AI, and Encryption
Tags: access, ai, automation, best-practice, business, cloud, compliance, container, control, cyber, cybercrime, data, data-breach, detection, encryption, GDPR, incident response, infrastructure, privacy, regulation, risk, saas, security-incident, skills, software, strategy, threat, tool, vulnerabilityThree Keys to Modernizing Data Security: DSPM, AI, and Encryption andrew.gertz@t“¦ Tue, 01/21/2025 – 14:56 Organizations worldwide face a “perfect storm” of increasing and ever-evolving cyber threats. Internal and external factors are at play, elevating cyber risks and their consequences and mandating new approaches to safeguard data. A recent study based on responses from over…
-
Cyberangriff auf eine Stadtverwaltung in Connecticut, USA
West Haven issues response to IT system security incident First seen on cityofwesthaven.com Jump to article: www.cityofwesthaven.com/CivicAlerts.aspx
-
CISOs embrace rise in prominence, with broader business authority
Tags: ai, attack, business, ceo, cio, ciso, compliance, control, corporate, cyber, cyberattack, cybersecurity, data, governance, healthcare, infrastructure, intelligence, network, privacy, regulation, risk, risk-management, security-incident, strategy, technology, threat, updateIt’s a familiar refrain: As cybersecurity has become a core business priority, it is no longer a siloed operation, and the responsibilities of CISOs have grown, giving them greater prominence within the organization.According to CSO’s 2024 Security Priorities Study, 72% of security decision-makers say their role has grown to include additional responsibilities over the past…
-
Payback-CISO: ‘Vorbereitung ist das A und O”
Tags: automation, awareness, ciso, cyberattack, cyersecurity, firewall, germany, hacking, infrastructure, mail, nis-2, phishing, ransomware, risk, security-incident, strategy, tool, trainingsrcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?quality=50&strip=all 6016w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/Nawid-Sayed.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Nawid Sayed, CISO bei Payback: “Um sich vor Cyberattacken zu schützen, gibt es nicht das eine Tool, sondern der Prozess ist hier entscheidend.” PaybackWelches Thema ist aus Ihrer…
-
SEC rule confusion continues to put CISOs in a bind a year after a major revision
Tags: attack, breach, business, ciso, citrix, compliance, control, cyber, cyberattack, cybersecurity, data, government, incident, incident response, law, network, privacy, regulation, risk, security-incident, software, strategy, supply-chainConfusion around when and how to report cybersecurity breaches continues to plague companies a year after revised US Securities and Exchange Commission (SEC) cybersecurity breach reporting rules came into effect, experts say.As the agency that regulates and enforces federal US securities laws continues to flex its enforcement muscles against organizations that violate the strict rules,…
-
Unbefugter Zugriff bei einer internationalen Luftfahrtorganisation
Update: ICAO statement on reported security incident First seen on icao.int Jump to article: www.icao.int/Newsroom/Pages/ICAO-statement-on-reported-security-incident.aspx
-
United Nations Aviation Agency Hacked Recruitment Data Exposed
The International Civil Aviation Organization (ICAO), a United Nations agency responsible for coordinating global aviation standards, has reported a significant information security incident that has exposed the personal data of approximately 42,000 applicants. The agency is actively investigating the breach, which was attributed to a malicious threat actor known for targeting international organizations. United Nations…
-
SOAR buyer’s guide: 11 security orchestration, automation, and response products, and how to choose
Tags: access, ai, api, attack, automation, business, chatgpt, cisco, cloud, compliance, container, cybersecurity, data, detection, edr, endpoint, firewall, fortinet, gartner, google, group, guide, Hardware, ibm, incident response, infrastructure, intelligence, jobs, LLM, malware, mandiant, marketplace, microsoft, mitigation, monitoring, network, okta, risk, saas, security-incident, service, siem, soar, soc, software, technology, threat, tool, training, vulnerability, vulnerability-management, zero-daySecurity orchestration, automation, and response (SOAR) has undergone a major transformation in the past few years. Features in each of the words in its description that were once exclusive to SOAR have bled into other tools. For example, responses can be found now in endpoint detection and response (EDR) tools. Orchestration is now a joint…
-
UN agency’s job application database breached, 42,000 records stolen
Tags: access, attack, breach, communications, cybersecurity, data, data-breach, email, finance, international, jobs, password, sans, security-incident, tactics, threatThe International Civil Aviation Organization (ICAO) on Tuesday said that it is “actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations,” and has initially concluded that “approximately 42,000 recruitment application data records from April 2016 to July 2024” were stolen.In its initial statement, the…