Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cyberattack Hits Nov ...

 Cyber News

Nova Scotia’s largest electric utility, Nova Scotia Power, has confirmed that customer information was stolen in a recent cyberattack that compromised parts of its IT systems. The company, along with its Halifax-based parent firm Emera, discovered the Nova Scotia Power data breach on April 25, 2025, prompting   show more ...

immediate action to isolate and secure the affected servers. In an official update shared on Wednesday, Nova Scotia Power revealed that the cyber incident had resulted in unauthorized access to sensitive customer information. According to their investigation, the Nova Scotia Power cyberattack occurred on or around March 19, 2025, nearly five weeks before it was detected. Nova Scotia Power Data Breach: Investigation and Response Underway Nova Scotia Power stated it is working closely with external cybersecurity experts to assess the extent of the data breach and to restore and rebuild impacted systems. “We are continuing to investigate the cyber incident that has affected certain IT systems in our network,” the company said in its public communication. “Our priority is to safely and securely restore operations while protecting customer information.” Though the investigation is still ongoing, Nova Scotia Power has confirmed that an unauthorized third party accessed and stole certain customer data from the affected servers. Physical operations—such as power generation, distribution, and transmission—were not impacted, and customers are still receiving uninterrupted electric service. Types of Data Compromised The stolen information varies by individual and is based on what each customer had previously provided to the company. The affected data may include: Full name Phone number Email address Mailing and service addresses Participation in Nova Scotia Power programs Date of birth Customer account history (including power consumption, service requests, payment and billing records, credit history, and past customer support communication) Driver’s license number Social Insurance Number (SIN) Bank account numbers (for those enrolled in pre-authorized payments) While there is currently no evidence that the stolen information has been misused, the company is urging customers to remain alert for potential fraud or scams that may follow. Support for Affected Customers To support impacted individuals, Nova Scotia Power is offering a free two-year subscription to TransUnion’s myTrueIdentity® credit monitoring service. Affected customers will receive notification letters by mail with details about what information was exposed and how to activate the complimentary monitoring service. “If you receive a letter from us, it will contain a dedicated phone number you can call to ask questions and enroll in the credit monitoring service,” the company said in its announcement. This service is intended to help individuals detect any suspicious activity tied to their identity or financial information. Increase in Fraud Attempts Since the incident, Nova Scotia Power has noticed a surge in fraudulent messages and phishing attempts that appear to come from the utility company. These include fake emails, text messages, social media posts, and websites impersonating Nova Scotia Power. On its official website and social media, the company has issued a clear warning: “Due to the recent cyber incident, there has been an increase in fraudulent communications posing as Nova Scotia Power. Please remain cautious of any unsolicited messages asking for your personal information. Do not click on links or download attachments from unverified sources.” The company advises customers to confirm any suspicious communication by contacting their Customer Care Centre directly through verified contact details listed on their official website. [caption id="attachment_102718" align="aligncenter" width="1024"] Source: Nova Scotia Power Official Website[/caption] Social Media Update Nova Scotia Power also used its official X (formerly Twitter) account to share updates. A thread posted on Wednesday reiterated the company's apology and reassured customers that every effort is being made to protect their privacy. “We sincerely apologize that this has occurred. Protecting the privacy and security of the information we hold is of the utmost importance to every member of our team,” the company stated. “Starting today, notifications will be sent to impacted individuals via mail. While we have no evidence of misuse of personal information, we have arranged for a two-year subscription to TransUnion’s myTrueIdentity® credit monitoring service at no cost.” [caption id="attachment_102717" align="aligncenter" width="295"] Source: X[/caption] As part of its ongoing efforts, Nova Scotia Power’s IT team is working around the clock with external cybersecurity specialists to rebuild affected systems, improve security measures, and prevent future incidents. The utility emphasized that safeguarding customer data remains a top priority. It encourages customers to practice good cyber hygiene by: Verifying the source of any unexpected communication Not sharing personal information over phone, text, or email unless certain of the recipient’s identity Monitoring financial accounts for unusual activity Activating the provided credit monitoring service if notified What You Should Do If you are a Nova Scotia Power customer and suspect your information may be involved: Watch for a mailed letter from the company with detailed instructions. Enroll in the free two-year credit monitoring service offered through TransUnion. Report any suspicious communications claiming to be from Nova Scotia Power. Contact Nova Scotia Power’s Customer Care Centre if you are unsure about the authenticity of a message. While physical infrastructure was unaffected in Nova Scotia Power cyberattack, the exposure of personal customer data reveals how critical IT security has become in the utility sector. As investigations continue, this cyberattack on Nova Scotia Power highlights the urgent need for stronger data protection practices, real-time dark web monitoring, and faster breach detection.

image for Japan to Double Cybe ...

 Firewall Daily

The Japanese government has set an ambitious target to increase the number of cybersecurity experts to 50,000 by 2030. This initiative aims to address the pressing shortage of qualified personnel and enhance the nation's resilience against cyber threats.  As of April 2025, approximately 24,000 individuals in   show more ...

Japan hold the Registered Information Security Specialist (RISS) national license, a certification established in 2016 to standardize cybersecurity expertise. These licensed professionals play an important role in developing and implementing cybersecurity measures across various sectors.  To bridge this gap, the Ministry of Economy, Trade and Industry (METI) has outlined a strategic plan to double the number of RISS holders by 2030. This initiative includes enhancing training programs, promoting cybersecurity education, and incentivizing professionals to pursue certifications.   Financial Considerations and Policy Adjustments  Obtaining and maintaining the RISS certification involves a financial commitment. License holders are required to pay over ¥100,000 every three years to renew their credentials through mandated courses. Recognizing the financial burden on professionals actively contributing to cybersecurity efforts, the expert panel has proposed exemptions from certain renewal courses starting from fiscal year 2026.   Japan's cybersecurity market is experiencing growth, with many initiatives taking place within Japan and outside collaborations. In 2024, the market size was estimated at USD 8.65 billion, with projections indicating a compound annual growth rate (CAGR) of 13.5% from 2025 to 2030. This expansion is driven by several factors, including increased government investment, the proliferation of digital technologies, and the rise of cybersecurity incidents.   International Collaboration: EU-Japan Digital Partnership  Japan's approach to cybersecurity extends beyond its borders through international collaborations, notably with the European Union (EU). [caption id="attachment_102726" align="alignnone" width="595"] 3rd Japan-EU Digital Partnership Council Meeting (Source: X)[/caption] The third meeting of the EU-Japan Digital Partnership Council, held in Tokyo on May 12, 2025, highlighted the government's key initiatives.   Key outcomes from the council meeting include:  Cybersecurity Cooperation: Both parties reaffirmed their commitment to enhancing cooperation in cybersecurity, focusing on information sharing, joint training initiatives, and the development of common standards. The sixth EU-Japan Cyber Dialogue, held in November 2024, served as a platform to deepen coordination on cyber-related issues, including the protection of critical infrastructure and improving product security.  Joint Research Initiatives: The council highlighted collaborative research efforts in new technologies such as artificial intelligence (AI), 5G/6G, and quantum computing. These initiatives aim to boost competitiveness, innovation, and resilience in digital technologies, contributing to the development of secure and trustworthy digital infrastructures.  Data Governance and Trust: Both sides emphasized the importance of data governance and the free flow of data with trust. The implementation of the EU-Japan Economic Partnership Agreement, effective from July 1, 2024, facilitates cross-border data flows while ensuring better data protection standards.  Strategic Objectives for 2030  Japan's cybersecurity strategy is centered on several key objectives:  Expansion of Cybersecurity Workforce: Achieving the target of 50,000 cybersecurity experts by 2030 through enhanced education and training programs.  Integration of Advanced Technologies: Leveraging AI and machine learning to improve threat detection and response capabilities, thereby enhancing the overall cybersecurity posture.  Strengthening International Partnerships: Deepening collaborations with international allies, particularly through the EU-Japan Digital Partnership, to address global cybersecurity challenges collectively.  Policy Reforms: Implementing policy adjustments, such as exemptions from certain certification renewal courses, to support professionals actively engaged in cybersecurity efforts.  Conclusion  Japan's proactive approach to addressing the cybersecurity expert shortage and strengthening international partnerships positions the nation to develop and accelerate growth in the nation.   By investing in human capital, developing new technologies, and collaborating with global partners, Japan aims to create a secure and resilient digital environment that supports economic growth and protects critical infrastructure.  

image for Ivanti Fixes RCE and ...

 Firewall Daily

Ivanti has released security patches to address two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which were being actively exploited in limited attacks. These vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, have the potential to allow attackers to execute remote code on vulnerable   show more ...

systems, posing a severe risk to organizations using the software.  The two vulnerabilities in question have been categorized as follows:  CVE-2025-4427 (CVSS score: 5.3) – This vulnerability represents an authentication bypass in Ivanti Endpoint Manager Mobile. It enables attackers to access protected resources without proper credentials, thus bypassing authentication mechanisms.  CVE-2025-4428 (CVSS score: 7.2) – This critical flaw allows attackers to execute arbitrary code on the targeted system remotely, granting them the ability to gain control of the system.  When exploited together, these vulnerabilities enable an attacker to gain remote code execution without needing to authenticate, thereby gaining full control over affected systems. Ivanti’s security advisory issued in May 2025 highlighted the potential severity of the vulnerabilities.  CVE-2025-4427 and CVE-2025-4428: Affected Versions and Resolved Versions  [caption id="attachment_102744" align="alignnone" width="950"] Advisory CVE-2025-4427 and CVE-2025-4428 (Source: Ivanti)[/caption] The vulnerabilities are present in several versions of Ivanti Endpoint Manager Mobile (EPMM). Specifically, the flaws are found in versions 11.12.0.4 and earlier, including all 12.3.0.1, 12.4.0.1, and 12.5.0.0 versions of EPMM. Ivanti has responded with patches to address these security gaps, with the fixed versions being:  11.12.0.5  12.3.0.2  12.4.0.2  12.5.0.1  Organizations using these affected versions are strongly advised to upgrade to the latest patched versions to mitigate the risk of attack. The updates can be accessed via Ivanti’s official download portal. Ivanti’s May 2025 advisory stated that the company is aware of a limited number of cases where these vulnerabilities were actively exploited at the time of disclosure.   Mitigation and Workaround  While Ivanti recommends upgrading to the patched versions of EPMM, customers who are unable to do so immediately can mitigate the risks by using specific security measures. The company suggests filtering access to the API by either utilizing the built-in Portal ACLs functionality or by deploying an external Web Application Firewall (WAF).   However, Ivanti also warned that the use of certain filtering mechanisms, such as the "ACLs" functionality, could have some limitations, especially for configurations involving frequently changing IP addresses or integrations like Windows Device Registrations via Autopilot or Microsoft Device Compliance and Graph API.  For those who prefer an alternative solution, Ivanti offers an RPM file to assist in mitigating vulnerabilities. Here's how to install the RPM file:  Connect to the instance using SSH and log in to the system CLI as the admin user (created during system installation). Enter EXEC PRIVILEGED mode by typing enable and entering the system password set during installation. The prompt will change from > to #. Run the following command to download and install the RPM file: install rpm url https://hostname/pathtorpm After the installation completes, type reload to restart the system and apply the update. Conclusion  The vulnerabilities CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile highlight the serious risks to enterprise software, particularly the high severity of the remote code execution vulnerability (CVE-2025-4428) that could allow attackers to gain full control of affected systems.   To mitigate these risks, organizations using EPMM must stay vigilant by promptly applying security patches and following recommended best practices, such as implementing API access controls. 

image for Coinbase Details Ins ...

 Cyber News

In a model of responsible disclosure, Coinbase today detailed insider data theft that led to a $20 million ransom demand. In a blog post and SEC filing, Coinbase – the third largest crypto exchange by volume – said it will reimburse any customers tricked into sending funds to the attacker. And instead of paying   show more ...

the ransom demand, the company is instead offering a $20 million reward for information leading to the arrest and conviction of the attackers. “Crypto adoption depends on trust,” Coinbase said in the blog post. “To the customers affected, we’re sorry for the worry and inconvenience this incident caused. We’ll keep owning issues when they arise and investing in world‑class defenses—because that’s how we protect our customers and keep the crypto economy safe for everyone.” Coinbase Insider Data Theft Detailed in May 11 Email The SEC filing said Coinbase received an email from an unknown threat actor on May 11 “claiming to have obtained information about certain Coinbase customer accounts, as well as internal Coinbase documentation, including materials relating to customer-service and account-management systems.” Coinbase said the threat actor appears to have obtained the information by bribing “multiple contractors or employees working in support roles outside the United States.” It’s not clear what internal threat detection systems the company had or when Coinbase first became aware of the insider threat, but the SEC filing said the “instances of such personnel accessing data without business need were independently detected by the Company’s security monitoring in the previous months. Upon discovery, the Company had immediately terminated the personnel involved and also implemented heightened fraud-monitoring protections and warned customers whose information was potentially accessed in order to prevent misuse of any compromised information.” The threat actor obtained data on “less than 1% of Coinbase monthly transacting users.” The company has more than 100 million users but only around 10 million active monthly users, suggesting that data was stolen on around 100,000 users. The threat actor’s aim was “to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto,” the Coinbase blog post said. “They then tried to extort Coinbase for $20 million to cover this up. We said no.” The threat actor was able to obtain: Name, addresses, phone numbers, and email addresses Masked Social Security numbers (last 4 digits only) Masked bank account numbers and some bank account identifiers Government ID images such as driver’s licenses and passports Account data, such as balance snapshots and transaction history Limited corporate data (documents, training material, and communications available to support agents) The threat actor didn’t get login credentials or 2FA codes, private keys, any ability to move or access customer funds, access to Coinbase Prime accounts, or access to any Coinbase or Coinbase customer hot or cold wallets. Incident Could Cost Coinbase Up to $400 Million The SEC filing said Coinbase estimates that the breach, remediation and customer reimbursement will cost anywhere from $180 million to $400 million. Flagged accounts will now require additional ID checks on large withdrawals and include “mandatory scam‑awareness prompts.” Coinbase plans to open a new support hub in the U.S. and add “stronger security controls and monitoring across all locations.” “We have increased our investment in insider‑threat detection, automated response, and simulating similar security threats to find failure points in any internal system,” the blog stated. Protecting Against Crypto Scams Coinbase said scammers “may pose as Coinbase employees and try to pressure you into moving your funds. Remember, Coinbase will never ask for your password, 2FA codes, or for you to transfer assets to a specific or new address, account, vault or wallet. We will never call or text you to give you a new seed phrase or wallet address to move your funds to. If you receive this call, hang up the phone. Coinbase will never ask you to contact an unknown number to reach us.” The company said users should turn on withdrawal allow‑listing and “only permit transfers to wallets that you are confident you fully control and where the seed phrase is secure and was not provided to you or shared with anyone.” Enable strong two-factor authentication (2FA); “Hardware keys are best.” Hang up on imposters: “Coinbase will never ask for your password, 2FA codes, or to move funds to a ‘safe’ wallet.” “Lock first, ask later —If something feels off, lock your account in‑app and email security@coinbase.com.” The Coinbase SEC filing and blog post were remarkable examples of responsible cyber incident disclosure – and an equally strong reminder of the peril of insider threats.

image for Co-op CEO to Members ...

 Cyber News

Shoppers across the UK are noticing growing gaps in product displays at Co-op stores, with certain items missing and others running low, especially in smaller and remote locations. The disruptions come after a Co-op cyberattack that hit Co-operative Group’s IT systems two weeks ago, causing operational challenges.   show more ...

The retailer, which employs more than 50,000 people and operates over 3,000 outlets nationwide, confirmed that it took “proactive steps” in April to shut down parts of its internal systems after detecting “unauthorised access attempts.” What was initially described as a minor disruption due to Co-op cyberattack has now grown into a serious issue, affecting store stock levels and potentially compromising customer data. Co-op cyberattack: Systems Shut Down to Contain Threat In a statement last month, Co-op said it had “taken proactive steps” to protect its IT infrastructure from Co-op cyberattack. This included shutting down parts of the network to stop the attackers from spreading further through their systems. Now, with food shortages impacting day-to-day shopping, particularly for perishable goods, the company is facing pressure to restore services while also handling the data privacy concerns that followed. Shirine Khoury-Haq, CEO of Co-op, issued a personal message to member-owners this week, acknowledging the disruption caused by the Co-op cyberattack and the impact on Co-op’s operations. "The criminals that are perpetrating these attacks are highly sophisticated and our colleagues are working tirelessly to do three things: (1) protect and defend our Co-op, (2) fully understand the extent of the impact caused by the attack and (3) provide much needed information to the authorities that may help them with their investigations," Khoury-Haq wrote. "Actively managing the severity of the attack has meant shutting down some of our systems to protect the organisation," she added. Empty Stores and Priority Deliveries The shutdown has disrupted Co-op’s supply chain and impacted stock delivery to stores. Supplies of fresh fruit and vegetables, canned goods, and cigarettes have been inconsistent or missing entirely in some locations. Perishable items, particularly animal products such as meat, eggs, and milk, are being prioritized for delivery. The move aligns with strict UK regulations around handling food beyond its sell-by date. The company has implemented a temporary stock and delivery strategy to keep the store running. A Co-op spokesperson told BBC News that the chain has introduced “a temporary contingency stock ordering and delivery process” for such lifeline locations. Customer Data Compromised Adding to the disruption, Co-op also confirmed that some customer data was accessed by the attackers. We have established that the cyber criminals were able to access a limited amount of member data. This is obviously extremely distressing for our colleagues and members, and I am very sorry this happened," Khoury-Haq wrote in her open letter. The company did not disclose exactly what information was compromised, but emphasized that it takes data protection seriously and is cooperating with regulators. Although further technical details remain limited, Co-op says it has directed customers to online resources for more information and is committed to transparency while managing the incident. "I appreciate you will want to know more, and I hope you will understand that in order to protect our Co-op, we are limited as to the detail we can communicate at this time," Khoury-Haq noted. Scale of the Co-op Operation In a financial update released earlier this year (April 3), the Co-op said it was making strategic investments to deal with rising operational costs and was continuing to support members, employees, and communities dealing with cost-of-living pressures. The company also saw a 22% increase in membership, reaching 6.2 million members—well on its way to its 2030 goal of 8 million. However, the Co-op cyberattack now threatens to undercut some of that progress, both in terms of customer trust and day-to-day operations. Not an Isolated Incident Co-op’s cybersecurity incident is part of a concerning trend hitting UK retailers. Just days before the Co-op disclosed its breach, Harrods confirmed it too had been targeted in a cyberattack. The breach made Harrods the third major UK retailer in less than a week to report such an incident. Earlier, Marks & Spencer also revealed a similar cybersecurity disruption, raising concerns about vulnerabilities in the country’s retail sector. While details about the actors behind the Co-op breach remain unknown, investigations are underway with national authorities. What’s Next? Co-op has promised to keep its members and customers updated as more information becomes available. The company's IT and security teams are working closely with law enforcement and third-party cybersecurity experts to assess the extent of the breach and strengthen their defenses. For now, customers are being encouraged to shop with patience as the company works to stabilize supply chain operations and restock empty shelves. Online resources have also been made available to address any concerns related to the incident, especially around data privacy. "Thank you for your continued support," Khoury-Haq concluded in her letter. "Our front-line colleagues are focused on minimising any disruption that might be experienced by our members and customers." With more retailers joining the list of recent victims, cybersecurity is quickly becoming not just an IT concern but a frontline issue for customer service, supply chain resilience, and brand trust. For Co-op, how it navigates the next few weeks will shape public confidence in one of the UK’s most trusted consumer brands.

image for Microsoft Copilot+ R ...

 Privacy

When Microsoft first announced its photographic memory Recall feature for Copilot+ PCs a year ago, cybersecurity experts were swift in sounding the alarm. Recalls many flaws posed a serious threat to privacy, prompting Microsoft to postpone its release for further refinement. The updated Recall came to Windows Insider   show more ...

Preview builds in April 2025, and was rolled out widely in May on devices equipped with the necessary hardware. The essence remains the same: Recall memorizes all your actions by continuously taking screenshots and using OCR to analyze their content. However, with the latest update, the security of this data has been significantly enhanced. How much difference does this actually make? And is the convenience of Recall really worth the potential loss of control over your personal data? Whats new in Recalls second coming Since the initial announcement, which we covered in detail, Microsoft has addressed several key criticisms raised by cybersecurity professionals. First, Recall now only activates with user permission during the initial system setup. The interface doesnt manipulate users into agreeing with visual tricks like highlighting the Yes button. Second, Recalls database files are now encrypted, with key storage and cryptographic operations handled by the hardware-based TPM (Trusted Platform Module), making their extraction significantly more difficult. Third, a special filter attempts to prevent saving screenshots or text when the screen contains potentially sensitive information — a private browser window, a payment data input form, password manager cards, and so on. Note it only attempts: testers have already reported numerous instances where confidential data slipped through the filter and ended up in the OCR database. Ars Technica highlights several other positive changes: Recall is enabled for each PC user individually, rather than everyone at once. Recall can be uninstalled completely. A Microsoft account isnt required. No internet connection is needed — all data is processed locally. To initially launch Recall, BitLocker disk encryption and Windows Hello biometric authentication (face or fingerprint recognition) must be enabled. Windows Hello authentication is required every time the Recall search is used. Why Recall still poses risks Microsoft has indeed put some effort into responding to the criticism. However, the current version of Recall still has a number of issues. First, biometric authentication is only required during the initial setup of Recall. For subsequent launches, the AI assistant will also ask to confirm your identity, but presenting your face or fingerprint is no longer necessary. A regular Windows PIN will suffice, and its relatively easy for someone to take a peek at, or guess, your PIN, no matter whether youre at home or at work. One reviewer admits to asking his girlfriend to find a screenshot of a specific Signal chat on his computer — she guessed the password and found the screenshot in just five minutes. Second, Recall can also be re-activated without biometrics. If the account owner tried Recall but then disabled it, anyone who knows the PIN can re-enable screenshot capture and smart search. All thats left is to wait a little while, log back in, and browse the results. Third, as mentioned, automatic filtering of sensitive data is unreliable. In theory, Recall doesnt take screenshots in many high-risk scenarios: when a browser window is opened in private mode, when remote access to another desktop is active, when entering payment info or passwords, and also on additional inactive displays and desktops. In practice, these situations arent always recognized — for example, the filter fails to detect the private mode in not-so-common browsers (such as Vivaldi) and remote desktops, including those accessed with the hugely popular AnyDesk. Finally — and this deserves a whole category of its own — Recall meticulously logs the computer owners interactions with other users, potentially violating both their privacy rights and the data retention policies of messaging and collaboration tools. For example, if the computer owner is in a Zoom or Teams call with automatic transcription enabled, Recall will save a full recording of the call with a transcript of who said what. If a self-destructing WhatsApp or Signal chat is open on screen, Recall will save it anyway, despite the chats privacy policies. Photos and videos intended for one-time viewing will also be stored if just one person in the conversation uses Recall. All of this matters in two dangerous scenarios: (i) when someone who knows (or can guess) the PIN gains unauthorized physical access to the computer; and (ii) when an attacker exploiting Windows vulnerabilities gains remote access to it. Year after year, despite the tightening of security measures, hackers keep finding ways to elevate privileges on compromised machines and exfiltrate information — even encrypted data. Impact on performance and battery life Although Recall was originally designed for high-performance PCs equipped with a dedicated chip for AI computing (NPU) — only found in models released over the past 12 months — the capture and processing of screenshots can still sometimes interfere with the user experience in such powerful PCs. This is particularly noticeable when playing games, as Recall diligently takes screenshots and records in-game dialogue, consuming significant memory and computing resources, thus loading the NPU by up to 80%! Even when the device isnt plugged in (but the battery is almost fully charged), Recall continues working, draining the battery much faster than usual. Who should disable or remove Recall? Microsoft is now offering users a fair choice: enable Recall, ignore it, or completely remove it from the computer. This is a much better approach than previous campaigns to push Edge, Cortana, or Windows Media Player. If you see a screen prompting enabling Recall, consider whether you fall into one of these categories: Anyone working with trade secrets, other peoples confidential data, or personal data in general (e.g., lawyers, doctors, and other professionals). Active users of video conferencing, remote tech-support services, or other tech involving the handling of others information. People engaged in particularly private correspondence — especially using secure messengers and disappearing chats/messages. Individuals living with jealous or nosy family members, or working in an office with overly curious colleagues. For all these users, we recommend steering clear of Recall — or, better yet, removing it entirely. How to disable or remove Recall To disable Recall: Open Settings in the Windows Start menu and select Privacy & security. Within Privacy & security, find the Recall & snapshots subsection. In this subsection, toggle off Save snapshots, and click Delete snapshots to erase any data already collected. How to disable Microsoft Copilot+ Recall and delete any stored data. Source To remove Recall completely: In the Windows Start menu search bar, type Turn Windows features on or off. In the retro-looking window that opens, locate the Recall entry. Uncheck the box next to this item and click OK. After this, Recall will be removed from your PC, and its settings will no longer appear under Privacy & security. How to remove Microsoft Copilot+ Recall from your computer completely. Source How to configure Recall if you decide to try it anyway If you dont fall into any of the categories above and really want to Recall something like the photo where Janes cat is lying on the blue sofa, we recommend taking a few precautions and adjusting your settings for better security: Disable less secure sign-in methods in Windows, such as pattern locks and PINs. Use only a strong password and biometric authentication. Manually add to Recalls exclusion list all messengers you use for confidential correspondence, password managers, finance apps and websites, and any other apps or websites that may contain private information. For ethical reasons, its a good idea to exclude all video conferencing apps. For performance reasons, exclude all games. Set a screenshot retention period that suits your needs, keeping it to a minimum. Possible options range from 30 to 180 days. Periodically — ideally a few times a week — check Recall to see which apps and sites were recently captured. This will help you identify and manually delete or filter out any sources of sensitive information you may have missed earlier. Regardless of your Recall settings or whether its installed at all, the two most common data leak scenarios are direct theft from your device by infostealer malware, and entering your credentials on a phishing site. To guard against these risks, be sure to use a comprehensive cybersecurity solution, such as Kaspersky Premium. Under the pretense of user convenience — and sometimes without any pretense at all — various organizations collect information about you that you may not even be aware of. How? Read here: Turning purple: how visited links threaten your privacy How to track anyone via the Find My network How smartphones build a dossier on you Geolocation data brokers: What they do and what happens when they leak How to protect yourself from Bluetooth stalking and more

image for Breachforums Boss to ...

 A Little Sunshine

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a.   show more ...

“Pompompurin,” is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM). A redacted screenshot of the Breachforums sales thread. Image: Ke-la.com. On January 18, 2023, denizens of Breachforums posted for sale tens of thousands of records — including Social Security numbers, dates of birth, addresses, and phone numbers  — stolen from Nonstop Health, an insurance provider based in Concord, Calif. Class-action attorneys sued Nonstop Health, which added Fitzpatrick as a third-party defendant to the civil litigation in November 2023, several months after he was arrested by the FBI and criminally charged with access device fraud and CSAM possession. In January 2025, Nonstop agreed to pay $1.5 million to settle the class action. Jill Fertel is a former prosecutor who runs the cyber litigation practice at Cipriani & Werner, the law firm that represented Nonstop Health. Fertel told KrebsOnSecurity this is the first and only case where a cybercriminal or anyone related to the security incident was actually named in civil litigation. “Civil plaintiffs are not at all likely to see money seized from threat actors involved in the incident to be made available to people impacted by the breach,” Fertel said. “The best we could do was make this money available to the class, but it’s still incumbent on the members of the class who are impacted to make that claim.” Mark Rasch is a former federal prosecutor who now represents Unit 221B, a cybersecurity firm based in New York City. Rasch said he doesn’t doubt that the civil settlement involving Fitzpatrick’s criminal activity is a novel legal development. “It is rare in these civil cases that you know the threat actor involved in the breach, and it’s also rare that you catch them with sufficient resources to be able to pay a claim,” Rasch said. Despite admitting to possessing more than 600 CSAM images and personally operating Breachforums, Fitzpatrick was sentenced in January 2024 to time served and 20 years of supervised release. Federal prosecutors objected, arguing that his punishment failed to adequately reflect the seriousness of his crimes or serve as a deterrent. An excerpt from a pre-sentencing report for Fitzpatrick indicates he had more than 600 CSAM images on his devices. Indeed, the same month he was sentenced Fitzpatrick was rearrested (PDF) for violating the terms of his release, which forbade him from using a computer that didn’t have court-required monitoring software installed. Federal prosecutors said Fitzpatrick went on Discord following his guilty plea and professed innocence to the very crimes to which he’d pleaded guilty, stating that his plea deal was “so BS” and that he had “wanted to fight it.” The feds said Fitzpatrick also joked with his friends about selling data to foreign governments, exhorting one user to “become a foreign asset to china or russia,” and to “sell government secrets.” In January 2025, a federal appeals court agreed with the government’s assessment, vacating Fitzpatrick’s sentence and ordering him to be resentenced on June 3, 2025. Fitzpatrick launched BreachForums in March 2022 to replace RaidForums, a similarly popular crime forum that was infiltrated and shut down by the FBI the previous month. As administrator, his alter ego Pompompurin served as the middleman, personally reviewing all databases for sale on the forum and offering an escrow service to those interested in buying stolen data. A yearbook photo of Fitzpatrick unearthed by the Yonkers Times. The new site quickly attracted more than 300,000 users, and facilitated the sale of databases stolen from hundreds of hacking victims, including some of the largest consumer data breaches in recent history. In May 2024, a reincarnation of Breachforums was seized by the FBI and international partners. Still more relaunches of the forum occurred after that, with the most recent disruption last month. As KrebsOnSecurity reported last year in The Dark Nexus Between Harm Groups and The Com, it is increasingly common for federal investigators to find CSAM material when searching devices seized from cybercriminal suspects. While the mere possession of CSAM is a serious federal crime, not all of those caught with CSAM are necessarily creators or distributors of it. Fertel said some cybercriminal communities have been known to require new entrants to share CSAM material as a way of proving that they are not a federal investigator. “If you’re going to the darkest corners of Internet, that’s how you prove you’re not law enforcement,” Fertel said. “Law enforcement would never share that material. It would be criminal for me as a prosecutor, if I obtained and possessed those types of images.” Further reading: The settlement between Fitzpatrick and Nonstop (PDF).

 Feed

Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google

 Feed

Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn't theoretical: it

 Feed

Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive

 Feed

A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has

 Feed

Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. "This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final

 Feed

Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in. The move comes weeks after the social media behemoth announced its plans to train its AI models

 Feed

Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly

 Phishing

Don't get duped, doxxed, or drained! In this episode of "Smashing Security" we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger's Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases. All this and more is discussed in the   show more ...

latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault. Plus! Don't miss our featured interview with Drata's Matt Hillary.

 Feed

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

 cryptocurrency

Source: grahamcluley.com – Author: Graham Cluley Skip to content Don’t get duped, doxxed, or drained! In this episode of “Smashing Security” we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger’s Discord server was hijacked in an attempt to phish for   show more ...

cryptocurrency recovery phrases. All this and more is […] La entrada Smashing Security podcast #417: Hello, Pervert! – Sextortion scams and Discord disasters – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chrome

Source: thehackernews.com – Author: . Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case   show more ...

of insufficient policy enforcement in a component […] La entrada New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. There is a lot of money in cyberattacks like ransomware, and unfortunately for organizations of all sizes, the cybercrime business is booming.  Ransomware has come a long way since the days of using floppy disks at health conventions to spread malicious files. Now,   show more ...

this previously rare endeavour has become […] La entrada RaaS Explained: How Cybercriminals Are Scaling Attacks Like Startups – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Grip Security Blog Even the most mature enterprises encounter new, subtle, and complex identity security challenges from the rapid growth of SaaS. When a Fortune 100 organization in a tightly regulated industry first partnered with Grip, we found an environment struggling   show more ...

with fragmented governance, unmanaged SaaS expansion, and widespread password sprawl—issues […] La entrada 5 Identity Security Risks We Found in a Regulated Enterprise – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Alison Mack Are You Safe With Your Current Non-Human Identity Security? The migration of services to the cloud promises flexibility, scalability, and reduced operational costs. But how confident are you about the security of your data in the cloud? A pivotal aspect often   show more ...

overlooked is the management of Non-Human Identities (NHIs) […] La entrada Stay Relaxed with Efficient Non-Human Identity Security – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: securityboulevard.com – Author: Alison Mack Can Continuous Improvement in NHIs Management Be the Key to Securing Your Operations? You’re no stranger to the importance of vigilant cybersecurity. But have you considered the role of Non-Human Identities (NHIs) and Secrets Security Management in   show more ...

fortifying your organization’s defense? The strategic employment of NHIs management is evolving […] La entrada Continuous Improvement in NHIs Management – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: securityboulevard.com – Author: Alison Mack How Can We Cultivate Trust with Secure NHIs Practices? When we navigate in increased digital interconnection, establishing trust in cybersecurity practices becomes paramount. But how do we foster such trust? The answer lies in secure Non-Human Identities   show more ...

(NHIs) management practices. NHIs are machine identities employed within cybersecurity frameworks. They […] La entrada Building Trust Through Secure NHIs Practices – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Alison Mack Why is Independent Secrets Management Crucial for Cybersecurity? How crucial do you believe independent secrets management is to your organization’s cybersecurity strategy? I’ve seen firsthand how managing Non-Human Identities (NHIs) and their secrets can   show more ...

immensely impact an organization’s security posture. The management of NHIs aims to bridge the gap […] La entrada Cultivate Independent Secrets Management Protocols – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 authentication

Source: securityboulevard.com – Author: Devesh Patel Introduction: Why Your App Needs SCIM Yesterday Picture this: Your B2B SaaS product has finally landed that enterprise client you’ve been courting for months. The contract is massive, and the champagne is on ice. Then comes the inevitable question from   show more ...

their IT department: “Does your platform support SCIM for […] La entrada Implementing a SCIM API for Your Application: A Comprehensive Guide – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BSides Las Vegas 2024

Source: securityboulevard.com – Author: Marc Handelman Home » Security Bloggers Network » BSidesLV24 – GroundFloor – A Quick Story Of Security Pitfalls With Exec Commands In Software Integrations Author/Presenter: Lenin Alevski Our sincere appreciation to BSidesLV, and the Presenters/Authors for   show more ...

publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany […] La entrada BSidesLV24 – GroundFloor – A Quick Story Of Security Pitfalls With Exec Commands In Software Integrations – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: socprime.com – Author: Daryna Olyniychuk Gartner’s Top Cybersecurity Trends of 2025 report emphasizes the growing influence of generative AI (GenAI), highlighting new opportunities for organizations to enhance their security strategies and implement more adaptive, scalable defense models. While 2024   show more ...

was expected to focus on developing minimum viable products, by 2025, we are seeing the […] La entrada What Is Generative AI (GenAI)? – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Android

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Steve67 • May 14, 2025 7:35 AM They are adopting features that already exist in GrapheneOS, such as USB security, automatic reboot, etc. GOS supports additional security and privacy features. Clive Robinson • May 14, 2025 10:57 AM @ ALL,   show more ...

With regards, “Google has extended its Advanced […] La entrada Google’s Advanced Protection Now on Android – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Austrian privacy non-profit noyb (none of your business) has sent Meta’s Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users’ data for training its artificial intelligence   show more ...

(AI) models without an explicit opt-in. The move comes weeks after […] La entrada Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Coinbase

Source: thehackernews.com – Author: . Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. “Criminals targeted our customer support agents overseas,” the company said in a statement. “They   show more ...

used cash offers to convince a small group of insiders to copy […] La entrada Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that   show more ...

February update, gaining access to customer data weeks before being finally detected. […] La entrada Pen Testing for Compliance Only? It’s Time to Change Your Approach – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example,   show more ...

Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool […] La entrada 5 BCDR Essentials for Effective Ransomware Defense – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET.   show more ...

The activity, which commenced in 2023, has been codenamed Operation RoundPress by […] La entrada Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. “This campaign employs clever   show more ...

Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic […] La entrada Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: news.sophos.com – Author: Doug Aamoth Businesses of all sizes are increasingly reliant on productivity tools like Microsoft 365 — and attackers are using this to their advantage. Business email compromise and account takeover attacks are prevalent, with adversaries accessing M365 environments using   show more ...

techniques that may evade detection by technology alone. Organizations need 24/7 visibility […] La entrada Sophos MDR: New analyst response actions for Microsoft 365 – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 beyond the kill chain

Source: news.sophos.com – Author: Matt Wixey Content warning: Because of the nature of some of the activities we discovered, this series of articles contains content that some readers may find upsetting. This includes profanity and references to drugs, drug addiction, gambling, pornography, violence, arson, and   show more ...

sex work. These references are textual only and do not […] La entrada Beyond the kill chain: What cybercriminals do with their money (Part 5) – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 beyond the kill chain

Source: news.sophos.com – Author: Matt Wixey Content warning: Because of the nature of some of the activities we discovered, this series of articles contains content that some readers may find upsetting. This includes profanity and references to drugs, drug addiction, gambling, pornography, violence, arson, and   show more ...

sex work. These references are textual only and do not […] La entrada Beyond the kill chain: What cybercriminals do with their money (Part 4) – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-05
Aggregator history
Thursday, May 15
THU
FRI
SAT
SUN
MON
TUE
WED
MayJuneJuly