-
British Council Students’ Data Exposed in Major Breach
British Council Students’ Data Exposed in Major Breach Hundreds of thousands of British Council students had their personal and login details exposed in a worrying data breach, according to an investigation by Clario researchers. The team discovered an open Microsoft Azure blob repository indexed by a public search engine that held 144K+ of xmal, json and xls/xlsx…
-
What Is IaC and Why Does It Matter to the CISO?
Many vendors and security companies are buying or building Infrastructure as Code (IaC) security into their portfolios, and this trend is only expected to continue. Here’s what you need to know. Infrastructure as code (IaC) is a relatively new phenomenon that is revolutionizing the way organizations manage their infrastructure. IaC offers many benefits to security…
-
UK/US data protection claim highlights ambiguity of GDPR’s geographic scope
A decision by the UK Court of Appeal to allow a claim for contravention of the European Union’s General Data Protection Regulation (GDPR) to be served against US defendants has raised questions over the territorial limits of the regulations. The case emphasizes the broad geographic applicability of both the EU GDPR and the UK GDPR…
-
Quantum computing brings new security risks: How to protect yourself
This blog was written by an independent guest blogger. Although commercial quantum computing may still be decades away, government agencies and industry experts agree that now is the time to prepare your cybersecurity landscape for the future. The power of quantum computing brings security complexities that we are only beginning to understand. Even now, our…
-
Alpha-Omega Project takes a human-centered approach to open-source software security
The Log4j vulnerability crisis that erupted in late-2021 heightened the security world’s awareness of supply chain risks in free and universally deployed open-source software. Following an intense holiday season push by admins and cybersecurity professionals to track and remediate the Log4j flaw, the White House held a meeting of industry leaders to discuss improving open…
-
Data Leak Exposes IDs of Airport Security Workers
Data Leak Exposes IDs of Airport Security Workers A cloud misconfiguration at a leading security services multinational has exposed the details of countless airport staff across South America, according to a new report. A team at AV comparison site Safety Detectives found an Amazon Web Services S3 bucket wide open without any authentication required to…
-
FBI: Olympic Athletes Should Leave Devices at Home
FBI: Olympic Athletes Should Leave Devices at Home US law enforcers are urging participants at the Beijing Winter Olympics to leave their devices at home after warning of potential state-backed and cybercrime activity at the event. An FBI alert issued yesterday claimed it was aware of no specific threat to the games but urged “partners”…
-
CISA Tells Organizations to Patch CVEs Dating Back to 2014
CISA Tells Organizations to Patch CVEs Dating Back to 2014 The US government has added eight more vulnerabilities to its growing list of CVEs that must be patched by federal agencies, including some that first appeared eight years ago. The Cybersecurity and Infrastructure Security Agency (CISA) first launched its Known Exploited Vulnerabilities Catalog in November 2021 as part…
-
Cengage to Buy Cybersecurity Training platform, Infosec
Cengage to Buy Cybersecurity Training platform, Infosec A global education technology company based in Boston has signed a $191M deal to buy the cybersecurity training platform, Infosec. Cengage Group announced the planned addition to its ed2Go business on Monday. The deal is expected to close in the first quarter of 2022. “The online, employer-paid cybersecurity training segment is…
-
Aussie Tech Entrepreneur Extradited Over SMS Fraud
Aussie Tech Entrepreneur Extradited Over SMS Fraud A Russian-born tech entrepreneur has been extradited to the United States from Australia to face charges relating to a multi-million-dollar text messaging consumer fraud scheme. The arrival in America of 41-year-old dual Russian and Australian citizen Eugeni Tsvetnenko was announced by the Federal Bureau of Investigation (FBI) on Friday. Tsvetnenko –…