Latest Posts › Risk Management

Share:

June Sees Significant Jump in BECs

According to Cybersecurity Dive, “Americans lost $16.6 billion to cyber fraud and internet crimes last year (2024), up 33% from the previous year. Phishing, spoofing and extortion topped the list of complaints, but investment...more

What to Know About SafePay Ransomware Group

The SafePay ransomware group has been active since fall 2024 and has increased its activity this spring and summer. According to NCC Group, SafePay hit the most victims of any threat actor in May 2025—it is linked to 248...more

FBI Warns Airline and Transportation Sectors About Scattered Spider

On June 27, 2025, the Federal Bureau of Investigation (FBI) issued a warning on X to the airline and transportation sectors that the notorious cyber criminal ring Scattered Spider is attacking those sectors....more

Joint Release Warns of Iranian-Backed Cyber-Attacks

On June 30, 2025, a Joint Advisory was issued by the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Department of Defense Cyber Crime Center issued...more

New Hires More Likely to Fall for Phishing + Social Engineering Attacks

When assessing cybersecurity risk in your organization, it is important to understand your users and their behavior. A new study by Keepnet sheds light on new hire behavior concerning phishing susceptibility. According to its...more

Privacy Tip #447 – Understanding Cybersquatting

We are seeing an increase in cybersquatting incidents. What is cybersquatting and how can it affect you? According to Sentinel One, cybersquatting, or domain squatting, “involves the registration, selling, or use of an...more

CISO’s: Take a Look at CSC’s CISO Outlook 2025 Report

Cybersecurity firm CSC recently issued its CISO Outlook 2025 Report, which predicts cybersecurity challenges CISOs will face in the next year. The report, from a survey of 300 CISOs and cybersecurity professionals globally,...more

Google Releases June Security Bulletin for Android Devices to Fix Vulnerabilities

Google recently issued its June Android Security Bulletin that is designed to patch 34 vulnerabilities, all of which Google designates as high-severity defects. The most serious flaw the patch is designed to fix in the...more

50% of Professional Services Users Have Utilized AI Tools Not Authorized by Company

A new survey from Intapp, titled “2025 Tech Perceptions Survey Report,” summarizes findings from a survey of fee-earners that there has been a “surge in AI usage.” The professions surveyed included accounting, consulting,...more

U.S. Retailers Bracing for Scattered Spider Attacks

Google sent out a warning that the cybercriminal group Scattered Spider is targeting U.S.-based retailers. Scattered Spider is believed to have been responsible for the recent attack on Marks & Spencer in the U.K. A security...more

Privacy Tip #444 – Best Phishing Campaigns are from HR or IT

Everyone thinks they can spot a phish. Whether it is an email, SMS text, or QRish phishing, people have an overinflated view of their capabilities to detect them....more

Employees Hiding Use of AI Tools at Work

A new study by Ivanti illustrates that one out of three workers secretly use artificial intelligence (AI) tools in the workplace. They do so for varying reasons, including “I like a secret advantage,” “My job might be...more

PIH Health Settles HIPAA Violations for $600,000

PIH Health, a health care entity located in California, suffered a data breach in June 2019 when 45 employee email accounts were compromised in a targeted phishing campaign. The accounts contained the protected health...more

SAP NetWeaver Visual Composer Requires Urgent Patch

SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise...more

Privacy Tip #441 – Identity Theft Statistics Increasing in 2025

Unfortunately, identity theft continues to increase, and according to Identitytheft.org, the statistics are going to get worse in 2025. Some of the statistics cited by Identitytheft.org include: 1.4 million complaints of...more

CISA Issues Alert on Potential Legacy Oracle Cloud Compromise

BleepingComputer has confirmed the rumor that Oracle has suffered a compromise affecting its legacy environment, including the compromise of old customer credentials (originally denied by Oracle). Oracle notified some...more

Privacy Tip #439 – Government Officials’ Venmo Accounts Publicly Accessible

Wired has reported that several government officials involved in the Signal chat exposing sensitive national security plans have also exposed their Venmo accounts by not adjusting their account privacy settings to prohibit...more

WhatsApp Patches Vulnerability That Facilitates Remote Code Execution

WhatsApp users should update the application for vulnerability CVE-2025-30401, which Meta recently patched when WhatsApp was released for Windows version 2.2450.6....more

CISA Issues Malware Analysis Report on RESURGE Malware

On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which is associated with the product Ivanti Connect Secure....more

Joint Bulletin Warns Health Sector of Potential Coordinated Multi-City Attack

On March 20, 2025, the American Hospital Association (AHA) and the Health-ISAC issued an alert to the health care sector warning of a social media post that posed a potential threat “related to the active planning of a...more

Personal Information Released in JFK Files

I am not sure what the rush was to make the JFK assassination files available, but the perceived urgency caused Social Security numbers of individuals involved in the investigation to be released to the public. Although The...more

AI Governance: Steps to Adopt an AI Governance Program

There are many factors to consider when assisting clients with assessing the use of artificial intelligence (AI) tools in an organization and developing and implementing an AI Governance Program. Although adopting an AI...more

AI Governance: The Problem of Shadow AI

If you hang out with CISOs like I do, shadow IT has always been a difficult problem. Shadow IT refers to refers to “information technology (IT) systems deployed by departments other than the central IT department, to bypass...more

Joint Alert Warns of Medusa Ransomware

On March 12, 2025, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center to advise...more

Privacy Tip #436 – Microsoft Warns of Crypto Wallet Scanning Malware StilachiRAT

A Microsoft blog post reported that incident response researchers uncovered a remote access trojan in November 2024 (dubbed StilachiRAT) that “demonstrates sophisticated techniques to evade detection, persist in the target...more

382 Results
 / 
View per page
Page: of 16

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide