Tag: party risk
15 articles

Askul ransomware attack: Stunning, Risky supply-chain hit
When Muji paused online orders after logistics partner Askul was hit by ransomware, it exposed a stark truth: a single third-party breach can freeze entire retail operations. This outage is a wake-up call for brands to map dependencies, tighten vendor security, and treat supply-chain risk as an ongoing priority.

cloud backup service Risky Breach: Must-Have Fixes
SonicWall says attackers accessed cloud backup files holding encrypted firewall credentials and configs — turning the safety net meant to speed recovery into a potential roadmap for targeted attacks. If you used their Cloud Backup, assume exposure: rotate keys and credentials, review firewall and VPN access, and verify your backups and key management now.

Discord vendor leak: Stunning Risky Data Exposure
Discord says its servers weren’t hacked — but customer IDs and payment details were stolen from a compromised support vendor, showing how outsourcing can turn into a privacy disaster. If you use Discord, now’s the time to check your payment methods, monitor statements, and enable extra protections like MFA.

Renault UK cyberattack: Urgent Exclusive Risky Data Breach
Renault UK is investigating after a supplier breach exposed customers’ names, phone numbers and registration plates and says it will contact anyone affected while urging extra caution against phishing. It’s a reminder that third‑party systems can put your identity at risk — watch for suspicious messages and keep an eye on accounts and vehicle paperwork.

employee data Risky: Exclusive Volvo Breach Exposed
Volvo North America says some employee records were accessed after a ransomware strike on HR supplier Miljödata, a reminder of how risky outsourcing payroll and benefits can be. Affected staff are being notified as investigators work the case — and the incident spotlights the urgent need for tougher vendor security and clearer breach rules.

Indian suppliers Risky: Stunning Global Breach Threat
A new report shows 53% of Indian vendors suffered third‑party breaches last year, spotlighting how one compromised supplier can cascade into global cyber crises and why supply‑chain security must be a shared priority.

Scattered Spider: Must-Have Defenses Against Risky Attacks
Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.

Zscaler customer information: Exclusive Risky Breach
Last week’s Salesloft–Salesforce supply‑chain breach that exposed Zscaler customer data is a wake‑up call: attackers are increasingly moving laterally through trusted cloud integrations to harvest high‑value corporate data. Now is the time to map dependencies, tighten access, and embrace zero‑trust before the next incident.

unprepared for a cyberattack: Must-Have Risky Wake-Up Call
58% of organizations say they’re not ready for a cyberattack—putting customer data, operations, and reputations at risk. Boards and security teams must act now with better detection, practiced response plans, and investments in people.

credential-theft campaign: Exclusive Salesforce Risk
Google warns of a credential-theft campaign that abused a Salesloft integration to phish Salesforce logins — a wake-up call that third-party apps can be your weakest link. Audit connected apps, enforce MFA, and tighten permissions now before attackers pivot from integrations into your CRM.

MOVEit Transfer Stunning $8.5M Risky Settlement
Nuance agreed to pay $8.5 million to settle a class-action tied to the massive MOVEit supply‑chain breach — even while not admitting fault — a stark reminder that one vendor’s vulnerability can saddle many downstream companies with legal and financial fallout. Think of it as a wake-up call: tighten third‑party security, patch fast, and treat vendor risk as a boardroom priority before a breach becomes someone else’s bill.

CRM platform Risky Breach: Stunning Contact Exposure
Workday says its core systems were untouched, but a third-party CRM was breached — exposing business contacts that could fuel phishing, BEC and credential-stuffing attacks. Treat contact data as compromised: tighten MFA, audit integrations, and warn teams to watch for targeted social engineering.

Workday CRM breach: Stunning Critical Risk Revealed
Workday says attackers accessed vendor-run CRM tools that support its customers, potentially exposing contact and support data — a stark reminder that even trusted platforms can be vulnerable through third-party integrations. If you use Workday, assume elevated risk, tighten vendor controls, and watch for suspicious communications while the investigation continues.

hotel booking system Risky Breach: Stunning 100k Leak
Imagine strangers knowing where you slept last summer — and maybe even what you paid — because Italy’s digital agency confirmed a massive breach of hotel bookings affecting nearly 100,000 records since June. If you stayed in Italy recently, check your accounts, beware phishing, and know hotels are scrambling to secure systems and notify guests.

FortiSIEM vulnerability: Critical, Risky Exploit Emerges
A critical FortiSIEM flaw with exploit code now circulating turns your SIEM into a prime target. Patch, tighten access, and hunt for signs of compromise immediately to protect visibility and contain risk.