Can you effectively monitor employee activity to prevent and root out insider threats, or are you turning your workplace into a hostile surveillance environment? The Register reports that a report by Cracked Labs examines how workplace surveillance turns workers into suspects: Software designed to address legitimate business concerns about cyber security and compliance treats employees […]
If you feel like you need an explanation of the headline, you are not alone. But BCLP explains the concept and court decisions: It has now become commonplace for Plaintiffs’ attorneys to bring claims alleging that routine marketing techniques, including the deployment of behavioral advertising cookies and pixels, constitute wiretaps in violation of state and […]
Researchers at Palo Alto Network have reported a serious risk to organizations using cloud services that may result in an organization’s files being deleted and held for ransom. The risk is not due to any vulnerability with the cloud services themselves. The risk is due to the victim organizations misconfiguring their settings and inadvertently exposing […]
In April 2024, AT&T learned that its customer data had been exfiltrated from its Snowflake workspace. The breach affected 90 million or more customers’ call and text histories recorded during a six-month period in 2022. The following is a press release from Senator Chuck Grassley:
IBM’s new cost of a data breach report is out, and the numbers are not encouraging. By the numbers: $4.88 million — The global average cost of a data breach in 2024—a 10% increase over last year and the highest total ever. The highest average cost was $9.77 million for the healthcare sector. The industrial sector […]
“What will it take for victims of ransomware, extortion and other types of cybercrime to stop directly funding their attackers?” That’s the great question posed by BankInfoSecurity after WIRED reported AT&T paid hackers $370,000 to delete the data they had stolen. BankinfoSecurity reports: How many of the approximately 165 victims of the campaign targeting Snowflake […]
Despite some calls to ban ransomware payments in hopes that criminals will abandon financially motivated ransomware attacks, finding a way to get everyone to comply with any such ban has seemed challenging, to say the least, and there has been a lot of pushback. Now, one more expert with clout has suggested that the idea […]
The Supreme Court issued a decision today that could limit federal agencies attempting to impose fines for data security violations or breaches. Although the decision in Securities and Exchange Commission v. Jarkesy did not involve data security or a data breach, the issue before the court involved the agency’s authority to charge someone with a violation […]
Researchers at Sentinel Labs and Recorded Future report that Chinese-linked cyberespionage campaigns are increasingly deploying ransomware. CyberScoop reports that their research suggests that ransomware is reportedly used in the final stage of cyberespionage operations to either make money, distract adversaries, or make it more difficult to attribute their work: The report that Chinese hackers are […]
Microsoft says North Korean hackers stole crypto through Chromium
A vulnerability on multiple web browsers was exploited by the Citrine Sleet threat actor to steal crypto from its victims, according to Microsoft. A Microsoft report claims a North Korean threat actor has been exploiting a flaw on Chromium to steal cryptocurrency. The company’s security blog attributed the exploitation of this bug “with medium confidence” […]