Government, Risk and Security - Information Management Today

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. These penalties apply to all aspects of GDPR compliance, including inadequate data security, improper consent, and data breach failures. government surveillance.

GDPR

GDPR Security Compliance Data Privacy

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security.

Government

Government Communications Access Risk

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks. What is Data Security Posture Management?

Data Privacy

Data Privacy Privacy GDPR Compliance

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

MI5 seized Boris Johnson’s phone over security risk fears

Security Affairs

JUNE 21, 2021

The British Security Service, also known as MI5, has seized the mobile devices used by PM Boris Johnson over concerns that were raised after the discovery of the availability of its number online for the last 15 years. ” The case raises the importance of a good cyber security posture for politicians and government officials.

Risk

Risk Security Government Access

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations.

Data Privacy

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. And therein lies the problem: Your enterprise could be at risk if their credentials are unsafe. So, what’s a bit of increased risk where usernames and passwords are concerned?

B2B

B2B Cybersecurity Risk Access

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Government

Government Privacy Risk Data collection

Experts Say Chinese Safes Pose Risks to US National Security

Data Breach Today

MARCH 14, 2024

Senator Urges Government to Tell Public About Little-Known Manufacturer Reset Codes Experts told ISMG that Chinese-made locks and commercial safes could pose national security risks when used by major U.S.

Risk

Risk Manufacturing Security Government

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. Enhancing secure logging, isolating device management, and enforcing strict access control lists (ACLs) are key strategies.

Government

Government Communications Access Passwords

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds. The federal securities laws prohibit half-truths, and there is no exception for statements in risk-factor disclosures.”

Cybersecurity

Cybersecurity Risk Access Government

Experts warn of ransomware attacks against government organizations of small states

Security Affairs

MAY 31, 2022

Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe impact on the victims, such as the attack that hit the Costa Rican government that caused a nationwide crisis. The experts warn of ransomware attacks against government organizations. ” continues Cyble. .

Ransomware

Ransomware Government Cybersecurity Sales

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The agencies warn of risk to elections information housed on government networks. ” reads the report. ” continues the alert.

Government

Government Authentication Access Risk

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches

Data breaches Communications Artificial Intelligence Government

UK Home Office is ignoring the risk of ‘catastrophic ransomware attacks,’ report warns

Security Affairs

DECEMBER 13, 2023

A Joint Committee on the National Security Strategy (JCNSS) warns of the high risk of a catastrophic ransomware attack on the UK government. The British government is accused of failing to mitigate the risk of ransomware attacks. said Dame Margaret Beckett, the chair of the JCNSS. Beckett added.

Ransomware

Ransomware Risk Government Security

How Mega Attacks Are Spotlighting Critical 3rd-Party Risks

Data Breach Today

SEPTEMBER 18, 2024

Recent mega data breaches involving third-party vendors - such as the Change Healthcare cyberattack - are intensifying the spotlight on critical security risk management and governance issues for business associates and other suppliers, said regulatory attorney Rachel Rose.

Risk

Risk Data breaches Government Security

Hackers stole OpenAI secrets in a 2023 security breach

Security Affairs

JULY 5, 2024

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. ” The executives believed the threat actor was a lone hacker with no link to a foreign government. .”

Security

Security Artificial Intelligence Risk Access

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

TopSec was founded in 1995, it offers cybersecurity services such as Endpoint Detection and Response (EDR) and vulnerability scanning, along with “boutique” solutions to align with government initiatives and intelligence requirements. The company provided monitoring services to a state-owned enterprise facing a corruption scandal.

Cybersecurity

Cybersecurity Government Cloud Security

How to Protect Privacy and Build Secure AI Products

Security Affairs

JULY 18, 2024

How to protect privacy and build secure AI products? How to Protect Privacy and Build Secure AI Products AI systems are transforming technology and driving innovation across industries. However, their unpredictability raises significant concerns about data security and privacy.

Privacy

Privacy Security Data Privacy Risk

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. A security incident is often an indication of poor investment in security programs, rather than personal characeteriziation of the security leader.

Cybersecurity

Cybersecurity Risk Government Compliance

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Security Affairs

NOVEMBER 6, 2024

Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue a full ban on the platform. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc.

Security

Security Government Risk Data collection

Concentric AI Secures $45M Series B to Expand Data Security

Data Breach Today

OCTOBER 25, 2024

Top Tier Capital, HarbourVest Support Concentric's Path to Autonomous Data Security Supported by Top Tier Capital Partners and HarbourVest Partners, Concentric AI’s $45 million Series B funding round will drive product innovation in identity governance, risk monitoring and data breach investigation - critical areas for enterprises seeking resilient (..)

Security

Security Data breaches Risk Government

ICE Employees Downloaded Banned Apps on Government Devices

Data Breach Today

NOVEMBER 3, 2023

New Report Identifies ‘Risky’ Unauthorized Apps That Pose National Security Risks The Department of Homeland Security inspector general found U.S.

Government

Government Risk Security

ISMG Editors: Identity Security Special

Data Breach Today

SEPTEMBER 1, 2023

Identity Security Expert Jeremy Grant on AI and Digital Identity Risks In the latest weekly update, Jeremy Grant of Venable joins three ISMG editors to discuss why the U.S. government is taking a back seat on digital identity issues, the risks of artificial intelligence, and takeaways from the U.S.

Artificial Intelligence

Artificial Intelligence Security Risk Government

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. The compromise of email servers poses a substantial risk, especially during a conflict such as Russia-Ukraine.

Military

Military Government Access Risk

Strategies for Securing Your Supply Chain

IT Governance

OCTOBER 23, 2024

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. How can you secure a ‘supply loop’?

Security

Security Information Security Risk Access

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. The vulnerability is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 A vulnerability was discovered under Pulse Connect Secure (PCS).

Security

Security Cybersecurity Authentication Government

US NTIA Probes Data Center Security Risks

Data Breach Today

SEPTEMBER 3, 2024

Agency Publishes Notice Soliciting Comments on Potential Federal Response An artificial intelligence-fueled growth in data center construction has the federal government asking what it should do to help manage data security risks.

Risk

Risk Artificial Intelligence Security Marketing

Canada is going to ban TikTok on government mobile devices

Security Affairs

MARCH 1, 2023

The Canadian government announced it will ban the video app TikTok from all government-issued devices over security concerns. Canada is going to ban the popular Chinese video-sharing app TikTok from the mobile devices of its employees over security concerns. The app will be removed from government devices this week.

Government

Government Privacy Risk Data collection

Biden Administration Seeks National Security Edge in AI

Data Breach Today

OCTOBER 24, 2024

Capabilities The Biden administration declared artificial intelligence suitable for national security purposes in a Thursday directive providing guidance for AI governance and risk management for use in classified missions. White House Officials Worry That China Can Leap From U.S.

Artificial Intelligence

Artificial Intelligence Security Risk Government

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

At any point the external environment can throw a curve ball – new government regulations, changes in political and social dynamics, or trends in sustainability to name a few. Cyber security keeps the C-suite up at night and perhaps that’s no surprise. Context of risk. Risk, including cyber risk, cannot be viewed in isolation.

Risk

Risk Military Marketing Data Privacy

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities. The list also includes criminals, suspected terrorists, intelligence operatives and a European spyware firm.

Risk

Risk Archiving Access Privacy

Breaking Data Silos With Risk-Based Data Governance

Data Breach Today

MARCH 28, 2025

OpenText's Jay Mukherjee on a Smart Approach to Protect Data Across Its Life Cycle A risk-based framework helps organizations classify and protect sensitive data while simplifying access. Jay Mukherjee, CTO, channels and alliances, APAC at OpenText, recommends embedding security and compliance into data strategies from the start.

Risk

Risk Government Compliance Access

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices to penetrate target networks and deliver malicious web shells to steal sensitive information.

Security

Security Passwords Cybersecurity Government

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.

e-Discovery

e-Discovery Communications Ransomware Government

Look Beyond TikTok: Massive Data Collection Is the Real Risk

Data Breach Today

MARCH 29, 2023

All Social Media Apps Collect Information on a Scale That Facilitates Surveillance There's much national security ado about how much user data gets collected by the Chinese-owned, wildly popular video-sharing app TikTok.

Data collection

Data collection Risk Government Security

NSA releases guidance for securing Unified Communications and VVoIP

Security Affairs

JUNE 21, 2021

The US National Security Agency (NSA) released guidance for securing Unified Communications/Voice and Video over IP Systems (VVoIP). NSA last week released guidance for securing their communication systems, specifically Unified Communications (UC) and Voice and Video over IP (VVoIP). ” concludes the guide.

Communications

Communications Security Authentication Encryption

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure. ” reads the court filing.

Risk

Risk Government Manufacturing IT

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

GSA Sparks Security Fears After Buying Risky Chinese Cameras

Data Breach Today

JANUARY 24, 2024

Experts Warn Against Increasing Federal Reliance on Chinese Technology Experts are raising fresh concerns about the "significant risk" for Chinese espionage against U.S. federal networks after a government watchdog caught the government's main acquisition arm purchasing unauthorized, Chinese-manufactured video conference cameras.

Manufacturing

Manufacturing Security Government Risk

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. million unfilled cyber security jobs, showing a big need for skilled professionals. Market Growth: AI cyber security technology is projected to grow by 23.6% The US topped the list at $5.09

Security

Security Phishing IoT Ransomware

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

Security Affairs

MAY 24, 2024

Recall is currently in preview status; during this phase, we will collect customer feedback, develop more controls for enterprise customers to manage and govern Recall data, and improve the overall experience for users.” . “You can use Recall on Copilot+ PCs to find the content you have viewed on your device.

Privacy

Privacy Security Encryption Passwords

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience? Is it a Russia’s weapon?

Security

Security Passwords Military Marketing

UK gov bans new Huawei equipment installs after Sept 2021

Security Affairs

DECEMBER 1, 2020

The British government will ban the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021. The British government will not allow the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021. ” th e UK Government announced. allegations. .

Government

Government Marketing Risk Big data

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Patch your TeamCity instance to avoid server hack Is Gelsemium APT behind a targeted attack in Southeast Asian Government? A new round of the weekly SecurityAffairs newsletter arrived!

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

Increased GDPR Enforcement Highlights the Need for Data Security

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Webinars

Trending Sources

Why DSPM is Essential for Achieving Data Privacy in 2024

Webinars

MI5 seized Boris Johnson’s phone over security risk fears

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Experts Say Chinese Safes Pose Risks to US National Security

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Experts warn of ransomware attacks against government organizations of small states

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

UK Home Office is ignoring the risk of ‘catastrophic ransomware attacks,’ report warns

How Mega Attacks Are Spotlighting Critical 3rd-Party Risks

Hackers stole OpenAI secrets in a 2023 security breach

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

How to Protect Privacy and Build Secure AI Products

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Concentric AI Secures $45M Series B to Expand Data Security

ICE Employees Downloaded Banned Apps on Government Devices

ISMG Editors: Identity Security Special

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Strategies for Securing Your Supply Chain

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

US NTIA Probes Data Center Security Risks

Canada is going to ban TikTok on government mobile devices

Biden Administration Seeks National Security Edge in AI

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Breaking Data Silos With Risk-Based Data Governance

China-linked APT groups targets orgs via Pulse Secure VPN devices

China’s Volt Typhoon botnet has re-emerged

Look Beyond TikTok: Massive Data Collection Is the Real Risk

NSA releases guidance for securing Unified Communications and VVoIP

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Unmasking 2024’s Email Security Landscape

GSA Sparks Security Fears After Buying Risky Chinese Cameras

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

UK gov bans new Huawei equipment installs after Sept 2021

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Stay Connected