Skip to main content

Tag: third

122 articles

EV charging infrastructure Critical Risk: Must-Fix Leak

EV charging infrastructure Critical Risk: Must-Fix Leak

An EV charging provider warned some customers that a third‑party security incident may have exposed names and email addresses — a reminder that the clean‑tech convenience we love can still leave personal data vulnerable. Stay alert for phishing, enable MFA where you can, and expect the industry to tighten vendor security as it responds.

Analyst 207
Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.

Analyst 207
ransomware attack: Stunning Risk to European Airports

ransomware attack: Stunning Risk to European Airports

ENISA says ransomware knocked out check‑in systems at major European airports, forcing staff to go manual and stranding travellers in long queues. The disruption highlights how legacy IT and weak vendor security can turn a cyberattack into a real‑world travel crisis.

Analyst 207
Stellantis customers Risky Vendor Leak Must-Have Fix

Stellantis customers Risky Vendor Leak Must-Have Fix

Stellantis says a third-party vendor hack exposed some customer names and email addresses—no financial or vehicle data—but the breach still leaves customers and regulators wondering whether outsourcing kept their information safe. Even seemingly low-risk leaks can fuel phishing and fraud, underscoring the need for stronger vendor security and clearer accountability.

Analyst 207
New York Blood Center Must-Read: Critical Data Risk

New York Blood Center Must-Read: Critical Data Risk

About 194,000 people were affected when the New York Blood Center disclosed a breach exposing Social Security numbers, IDs, bank details and in some cases health information — a stark reminder that even trusted health organizations can become targets. If you were notified, enroll in offered monitoring, watch your accounts closely, and tighten passwords and fraud protections now.

Analyst 207
hardcoded secrets: Stunning Risky Mobile Crisis

hardcoded secrets: Stunning Risky Mobile Crisis

One in three Android apps — and over half of iOS apps — are leaking sensitive data through insecure APIs and hardcoded secrets, putting your personal info and company systems at risk. Luckily, with smarter developer practices, better tooling and a few simple precautions, we can close those easy doors before attackers walk through.

Analyst 207
ransomware campaign: Risky Breach Exposes 12,000+ Stunning

ransomware campaign: Risky Breach Exposes 12,000+ Stunning

Insight Partners says a ransomware attack exposed personal data for more than 12,000 people — employees, former staff and limited partners — sparking urgent questions about investor privacy and the safeguards venture firms must have in place. This breach is a wake-up call: clearer disclosure, stronger cyber defenses and tougher due diligence are now essential for investors, founders and funds alike.

Analyst 207
ransomware breach: Devastating Insight Partners Alert

ransomware breach: Devastating Insight Partners Alert

Insight Partners has disclosed a 2024 ransomware breach that exposed personal data for thousands, and the firm is now notifying affected people while hiring forensic experts and tightening defenses. If you were contacted, act quickly — monitor accounts, enable multi-factor authentication, and be wary of suspicious messages to reduce your risk.

Analyst 207
Coinbase data breach: Shocking Exclusive Risky Fallout

Coinbase data breach: Shocking Exclusive Risky Fallout

A newly unsealed court filing alleges a TaskUs employee sold Coinbase customer records for about $200 each, potentially linking a vendor insider to the 2023–24 breach and raising urgent questions about third‑party trust. If true, it’s a stark reminder that outsourcing can turn a single insider into a major security risk.

Analyst 207
Colt Technology Services Exclusive: Risky Recovery Timeline

Colt Technology Services Exclusive: Risky Recovery Timeline

Colt’s recovery from the August cyberattack is now spilling into late November, leaving many enterprise customers with limited services even as independent testers confirm a key system is secure. The slow, careful restoration highlights the trade-off between getting networks back online fast and making sure they’re truly safe for the businesses that depend on them.

Analyst 207
data poisoning: Stunning Dangerous Surge in Firms

data poisoning: Stunning Dangerous Surge in Firms

New research shows about one in four UK and US firms have faced data poisoning attempts that corrupt AI training data — a stealthy threat that can make models misbehave, leak sensitive information, or embed persistent backdoors. It’s a wake-up call: protecting AI means treating data integrity as a first-line defense.

Analyst 207
browser-based attacks: Critical Must-Have Defenses

browser-based attacks: Critical Must-Have Defenses

We’ve hardened email — it’s time to treat browsers as the frontline: discover the six browser-based attacks every security team must prioritize now and the practical defenses to keep users, credentials, and networks safe.

Analyst 207
data destruction: Must-Have Guide to Avoid Risky Fines

data destruction: Must-Have Guide to Avoid Risky Fines

Upgrading hardware? Improperly decommissioned SSDs and laptops can leave recoverable data that leads to fines, lawsuits and reputational damage—follow media-specific sanitization, certified destruction and auditable disposal practices to avoid costly penalties.

Analyst 207
smart laundry machines: Shocking Risky Failure Exposes

smart laundry machines: Shocking Risky Failure Exposes

A jailbreak of smart laundry machines left 1,200 students hauling their laundry off campus after payments and cycles failed while management refused to cover alternate costs. The fiasco mixes everyday inconvenience with cybersecurity and contract headaches — and shows why campuses must demand better security and backup plans.

Analyst 207
supply chain attack: Stunning, Risky Threat to Passengers

supply chain attack: Stunning, Risky Threat to Passengers

LNER has confirmed a supply-chain attack on a third-party supplier exposed some customers’ contact and journey details, and the company is notifying those affected and offering support. If trusted partners can become breach points, passengers are rightly asking who’s protecting their privacy.

Analyst 207
ransomware attack Devastating Threat to Brazilian Health

ransomware attack Devastating Threat to Brazilian Health

A ransomware attack by KillSec on Brazilian health‑care vendor MedicSolution has disrupted appointments, billing and medical records across multiple clinics, creating delays that could harm patients and strain clinicians. It’s a wake‑up call that hospitals and small clinics need stronger vendor security, backups and coordinated incident response to prevent repeat outages.

Analyst 207
Cybersecurity Maturity Model Certification: Must-Have Risk

Cybersecurity Maturity Model Certification: Must-Have Risk

The DoD has turned CMMC into a must‑have for many defense contracts, forcing vendors to upgrade cybersecurity or risk being shut out — a big shift that strengthens supply‑chain defenses but could strain small and mid‑size suppliers. Success now hinges on solid enforcement, enough qualified assessors, and real support to help firms get up to speed.

Analyst 207
third-party vendors Risky Exposure: Must-Have Safeguards

third-party vendors Risky Exposure: Must-Have Safeguards

A breach of school software isn’t just an IT problem — the Intradev attack that hit Affinity Learning Partnership shows how one supplier failure can expose staff and pupil data, disrupt operations and threaten safeguarding across many schools. Trusts need stronger vendor security and incident plans, and staff should update reused passwords and enable MFA to reduce the impact.

Analyst 207
Salesloft–Drift incident: Exclusive Risky Wake-Up Call

Salesloft–Drift incident: Exclusive Risky Wake-Up Call

When a vendor like Salesloft or Drift is breached, even giants like Cloudflare can have customer data exposed — a stark reminder that trusted integrations can become attack paths. Now’s the time to audit third‑party access, rotate tokens, and tighten least‑privilege controls before the next ripple causes real harm.

Analyst 207
OAuth tokens: Must-Have Fixes to Stop Risky Leaks

OAuth tokens: Must-Have Fixes to Stop Risky Leaks

Palo Alto Networks says some commercially sensitive customer data may have been exposed after attackers used OAuth tokens stolen from the Salesloft Drift breach to access its Salesforce—proof that handy integrations can let a single vendor compromise cascade across your business. Now’s the time to audit connected apps, tighten token lifecycles, and treat integrations as continuously verified trust relationships, not set‑and‑forget conveniences.

Analyst 207
Zscaler customer information: Exclusive Risky Breach

Zscaler customer information: Exclusive Risky Breach

Last week’s Salesloft–Salesforce supply‑chain breach that exposed Zscaler customer data is a wake‑up call: attackers are increasingly moving laterally through trusted cloud integrations to harvest high‑value corporate data. Now is the time to map dependencies, tighten access, and embrace zero‑trust before the next incident.

Analyst 207
data breach: Stunning Risky Leak Hits 4.5M

data breach: Stunning Risky Leak Hits 4.5M

TransUnion says a vendor’s hacked app exposed data for about 4.5 million U.S. consumers — a stark reminder that third-party flaws can put your most sensitive financial information at risk. If you’re affected, check your credit, consider freezes or alerts, and watch for notifications about monitoring and identity restoration.

Analyst 207
unprepared for a cyberattack: Must-Have Risky Wake-Up Call

unprepared for a cyberattack: Must-Have Risky Wake-Up Call

58% of organizations say they’re not ready for a cyberattack—putting customer data, operations, and reputations at risk. Boards and security teams must act now with better detection, practiced response plans, and investments in people.

Analyst 207
OAuth tokens Risky: Stunning CRM Data Breach Alert

OAuth tokens Risky: Stunning CRM Data Breach Alert

Google says attackers stole OAuth tokens from Salesloft’s Drift app to siphon Salesforce CRM records, leaving customers scrambling as missing or altered data disrupts sales operations. It’s a sharp reminder that convenient third‑party integrations can become powerful attack vectors unless tokens, permissions and vendor vetting are tightly managed.

Analyst 207