Northern Ireland Police Data Breach Leads to £750,000 Fine

PSNI Fined for Data Breach The Ireland Police has been fined £750,000 after a serious data breach exposed personal details of its entire workforce. This breach occurred in August 2023 when a spreadsheet containing information about 9,483 officers and staff members was accidentally released following a freedom of information (FOI) request. The Information Commissioner’s Office […]
T-Mobile’s $15.75M Settlement with the FCC

Introduction T-Mobile has finalized a $15.75 million settlement with the US Federal Communications Commission (FCC) following multiple cybersecurity incidents between 2021 and 2023. The series of data breaches compromised sensitive customer data, prompting the FCC investigation and subsequent penalty. This agreement includes an additional $15.75 million investment in cybersecurity measures to enhance the company’s defence […]
Ivanti CSA Vulnerabilities: Exploitation and Patch Guidance

Introduction Ivanti has recently warned about the exploitation of multiple vulnerabilities in its Cloud Services Appliance (CSA). These flaws, particularly CVE-2024-8190 and CVE-2024-8963, pose serious risks, allowing unauthorized access and command execution. This article covers the details of the vulnerabilities, the actions being taken, and how to safeguard against potential attacks. Ivanti CVE-2024-8963 and CVE-2024-8190 […]
Mastercard Acquires Recorded Future to Enhance Cybersecurity

Introduction Mastercard is acquiring Recorded Future from Insight Partners for $2.65 billion to help strengthen its cybersecurity and threat intelligence services. This need led to a strategic decision by Mastercard to initiate the acquisition of RiskRecon, a deal that should improve Mastercard’s overall digital security to reinforce resilience across the financial services industry and beyond. […]
AVIS Car Rental Breach Exposes Sensitive Customer Data

Avis Car Rental Data Breach Details Avis Car Rental, A business application belonging to the company was accessed by an unauthorized organization & breached data in August 2024. Between August 3-6, 2024 The breach affected the personal information of 299,006 customers. Avis detected this breach on 5th August and responded promptly by bringing in cyber […]
CISA Response to FlyCASS Vulnerability in Airport Security

Introduction Researchers Ian Carroll and Sam Curry announced, in late August 2024, that a security vulnerability exists within an application used by airport security systems. Discovered in FlyCASS, a third-party web-based service used for airlines that participate in the Cockpit Access Security System (CASS) and Known Crewmember (KCM), the vulnerability is an SQL injection. Discovery […]
YubiKey Vulnerability: Risk of Side-Channel Attacks

YubiKey Vulnerability: Risk of Side-Channel Attacks Introduction One of the highest security hardware tools widely used for two-factor authentication (2FA), YubiKeys has a cryptographic vulnerability. Now, security expert Thomas Roche the head of research for NinjaLab who warned about these threats at SAS earlier this year and briefly alluded to them here last month (PDF) […]
Improving Internet Routing Security in the US

Improving Internet Routing Security in the US Introduction The Office of the National Cyber Director (ONCD) on Tuesday published a set of recommendations to enhance internet routing security. This work is aimed at a vulnerability in the Border Gateway Protocol (BGP), which is an essential piece of infrastructure for determining how data flows across networks. […]
Intel SGX Security Vulnerability Raises Concerns

Intel SGX Security Vulnerability Raises Concerns Overview of the Intel SGX Vulnerability Intel has spoken up following a cybersecurity researcher’s report of major inroads in hacking its Intel SGX (Software Guard Extensions). This technology works by allowing for the storage of sensitive data and code within a trusted execution environment, (in this case an enclave) […]
Microsoft Applications on macOS: Vulnerabilities and Risks

Microsoft Applications on macOS: Vulnerabilities and Risks Vulnerabilities of Microsoft applications in macOS Multiple Microsoft Applications for macOS are plagued with several security holes that allow attackers to obtain access to sensitive data and gain elevated privileges. These are vulnerabilities that evade Apple’s Transparency, Consent and Control (TCC) framework to control user data permissions. Affected […]