Tag: third
122 articles

EV charging infrastructure Critical Risk: Must-Fix Leak
An EV charging provider warned some customers that a third‑party security incident may have exposed names and email addresses — a reminder that the clean‑tech convenience we love can still leave personal data vulnerable. Stay alert for phishing, enable MFA where you can, and expect the industry to tighten vendor security as it responds.

Scattered Spider: Must-Have Defenses Against Risky Attacks
Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.

ransomware attack: Stunning Risk to European Airports
ENISA says ransomware knocked out check‑in systems at major European airports, forcing staff to go manual and stranding travellers in long queues. The disruption highlights how legacy IT and weak vendor security can turn a cyberattack into a real‑world travel crisis.

Stellantis customers Risky Vendor Leak Must-Have Fix
Stellantis says a third-party vendor hack exposed some customer names and email addresses—no financial or vehicle data—but the breach still leaves customers and regulators wondering whether outsourcing kept their information safe. Even seemingly low-risk leaks can fuel phishing and fraud, underscoring the need for stronger vendor security and clearer accountability.

New York Blood Center Must-Read: Critical Data Risk
About 194,000 people were affected when the New York Blood Center disclosed a breach exposing Social Security numbers, IDs, bank details and in some cases health information — a stark reminder that even trusted health organizations can become targets. If you were notified, enroll in offered monitoring, watch your accounts closely, and tighten passwords and fraud protections now.

hardcoded secrets: Stunning Risky Mobile Crisis
One in three Android apps — and over half of iOS apps — are leaking sensitive data through insecure APIs and hardcoded secrets, putting your personal info and company systems at risk. Luckily, with smarter developer practices, better tooling and a few simple precautions, we can close those easy doors before attackers walk through.

ransomware campaign: Risky Breach Exposes 12,000+ Stunning
Insight Partners says a ransomware attack exposed personal data for more than 12,000 people — employees, former staff and limited partners — sparking urgent questions about investor privacy and the safeguards venture firms must have in place. This breach is a wake-up call: clearer disclosure, stronger cyber defenses and tougher due diligence are now essential for investors, founders and funds alike.

ransomware breach: Devastating Insight Partners Alert
Insight Partners has disclosed a 2024 ransomware breach that exposed personal data for thousands, and the firm is now notifying affected people while hiring forensic experts and tightening defenses. If you were contacted, act quickly — monitor accounts, enable multi-factor authentication, and be wary of suspicious messages to reduce your risk.

Coinbase data breach: Shocking Exclusive Risky Fallout
A newly unsealed court filing alleges a TaskUs employee sold Coinbase customer records for about $200 each, potentially linking a vendor insider to the 2023–24 breach and raising urgent questions about third‑party trust. If true, it’s a stark reminder that outsourcing can turn a single insider into a major security risk.

Colt Technology Services Exclusive: Risky Recovery Timeline
Colt’s recovery from the August cyberattack is now spilling into late November, leaving many enterprise customers with limited services even as independent testers confirm a key system is secure. The slow, careful restoration highlights the trade-off between getting networks back online fast and making sure they’re truly safe for the businesses that depend on them.

data poisoning: Stunning Dangerous Surge in Firms
New research shows about one in four UK and US firms have faced data poisoning attempts that corrupt AI training data — a stealthy threat that can make models misbehave, leak sensitive information, or embed persistent backdoors. It’s a wake-up call: protecting AI means treating data integrity as a first-line defense.

browser-based attacks: Critical Must-Have Defenses
We’ve hardened email — it’s time to treat browsers as the frontline: discover the six browser-based attacks every security team must prioritize now and the practical defenses to keep users, credentials, and networks safe.

data destruction: Must-Have Guide to Avoid Risky Fines
Upgrading hardware? Improperly decommissioned SSDs and laptops can leave recoverable data that leads to fines, lawsuits and reputational damage—follow media-specific sanitization, certified destruction and auditable disposal practices to avoid costly penalties.

smart laundry machines: Shocking Risky Failure Exposes
A jailbreak of smart laundry machines left 1,200 students hauling their laundry off campus after payments and cycles failed while management refused to cover alternate costs. The fiasco mixes everyday inconvenience with cybersecurity and contract headaches — and shows why campuses must demand better security and backup plans.

supply chain attack: Stunning, Risky Threat to Passengers
LNER has confirmed a supply-chain attack on a third-party supplier exposed some customers’ contact and journey details, and the company is notifying those affected and offering support. If trusted partners can become breach points, passengers are rightly asking who’s protecting their privacy.

ransomware attack Devastating Threat to Brazilian Health
A ransomware attack by KillSec on Brazilian health‑care vendor MedicSolution has disrupted appointments, billing and medical records across multiple clinics, creating delays that could harm patients and strain clinicians. It’s a wake‑up call that hospitals and small clinics need stronger vendor security, backups and coordinated incident response to prevent repeat outages.

Cybersecurity Maturity Model Certification: Must-Have Risk
The DoD has turned CMMC into a must‑have for many defense contracts, forcing vendors to upgrade cybersecurity or risk being shut out — a big shift that strengthens supply‑chain defenses but could strain small and mid‑size suppliers. Success now hinges on solid enforcement, enough qualified assessors, and real support to help firms get up to speed.

third-party vendors Risky Exposure: Must-Have Safeguards
A breach of school software isn’t just an IT problem — the Intradev attack that hit Affinity Learning Partnership shows how one supplier failure can expose staff and pupil data, disrupt operations and threaten safeguarding across many schools. Trusts need stronger vendor security and incident plans, and staff should update reused passwords and enable MFA to reduce the impact.

Salesloft–Drift incident: Exclusive Risky Wake-Up Call
When a vendor like Salesloft or Drift is breached, even giants like Cloudflare can have customer data exposed — a stark reminder that trusted integrations can become attack paths. Now’s the time to audit third‑party access, rotate tokens, and tighten least‑privilege controls before the next ripple causes real harm.

OAuth tokens: Must-Have Fixes to Stop Risky Leaks
Palo Alto Networks says some commercially sensitive customer data may have been exposed after attackers used OAuth tokens stolen from the Salesloft Drift breach to access its Salesforce—proof that handy integrations can let a single vendor compromise cascade across your business. Now’s the time to audit connected apps, tighten token lifecycles, and treat integrations as continuously verified trust relationships, not set‑and‑forget conveniences.

Zscaler customer information: Exclusive Risky Breach
Last week’s Salesloft–Salesforce supply‑chain breach that exposed Zscaler customer data is a wake‑up call: attackers are increasingly moving laterally through trusted cloud integrations to harvest high‑value corporate data. Now is the time to map dependencies, tighten access, and embrace zero‑trust before the next incident.

data breach: Stunning Risky Leak Hits 4.5M
TransUnion says a vendor’s hacked app exposed data for about 4.5 million U.S. consumers — a stark reminder that third-party flaws can put your most sensitive financial information at risk. If you’re affected, check your credit, consider freezes or alerts, and watch for notifications about monitoring and identity restoration.

unprepared for a cyberattack: Must-Have Risky Wake-Up Call
58% of organizations say they’re not ready for a cyberattack—putting customer data, operations, and reputations at risk. Boards and security teams must act now with better detection, practiced response plans, and investments in people.

OAuth tokens Risky: Stunning CRM Data Breach Alert
Google says attackers stole OAuth tokens from Salesloft’s Drift app to siphon Salesforce CRM records, leaving customers scrambling as missing or altered data disrupts sales operations. It’s a sharp reminder that convenient third‑party integrations can become powerful attack vectors unless tokens, permissions and vendor vetting are tightly managed.