< ciso
brief />
Tag Banner

All news with #insider risk tag

46 articles · page 3 of 3

CrowdStrike Enhances GenAI Data Protection Across Platforms

🔒 CrowdStrike announces four new innovations in Falcon Data Protection to help organizations prevent GenAI-driven data leaks across endpoints, cloud, SaaS and AI tools. The updates include real-time GenAI protections that span browsers, local apps and shadow AI services, unified out-of-the-box detections, AI-powered classifications, and a consolidated Insider Risk dashboard. Beta and general availability windows span late 2025 through mid-2026, with cloud features prioritized earlier.
read more →

ICO Warns Schools: Students Fuel Insider Data Breaches

🔒 The UK's Information Commissioner's Office (ICO) warns that pupils represent a significant insider threat in schools, reporting that 57% of education-sector data breach reports originate from students. In an analysis of 215 breach reports between January 2022 and August 2024, nearly a third of insider incidents involved stolen or guessed passwords, 97% of which were committed by students. The ICO highlights additional causes — weak data protection (23%), staff sending data to personal devices (20%), misconfigured access rights (17%), and deliberate bypassing of controls (5%) — and cites incidents where students accessed systems holding thousands of records. Practical recommendations include strong password hygiene, MFA, tightened access controls, prohibiting pupil use of staff devices, secure shared-device management, and better parental engagement.
read more →

Microsoft Purview Updates for Fabric: Securing Data for AI

🔒 Microsoft announced Purview innovations for Fabric at FabCon to unify discovery, protection, and governance across Azure, Microsoft 365, and Microsoft Fabric. New generally available controls include Information Protection policies for Fabric items, DLP for structured data in OneLake, and Insider Risk Management for Fabric. Preview features add DSPM data risk assessments and enhanced Copilot controls, while the Unified Catalog gains finer metadata, tagging, and data‑quality workflows to improve discoverability and trust.
read more →

Major Corporation Uses '123456' for Critical Access

🔒 McDonald's reportedly configured a major corporate system with the password 123456, illustrating a glaring failure in basic security hygiene. That weak credential makes systems trivially susceptible to brute-force and credential-stuffing attacks and indicates lax oversight of password policies, privileged accounts, and access controls. Immediate remediation should include forcing password rotation, deploying multi-factor authentication, implementing centralized secrets management, and auditing privileged access.
read more →

Yemen Cyber Army Hacker Jailed for Massive Data Theft

🔒 A 26-year-old man, Al-Tahery Al-Mashriky, has been jailed after UK National Crime Agency investigators linked him to the Yemen Cyber Army and uncovered evidence of widespread website breaches. Arrested in August 2022 in Rotherham, he defaced and compromised sites across North America, Yemen and Israel, including government and faith organisations. Forensically seized devices contained personal data, account credentials and other files that could facilitate fraud; he pleaded guilty and was sentenced to 20 months in prison.
read more →

Rsync Misconfiguration Exposes Over One Million Leads

🔓 A publicly accessible rsync repository tied to Blue Chair LLC subsidiaries, including Target Direct Marketing and Gragg Advertising, exposed backups and web configuration files containing personally identifiable information for over one million people. The leak included MySQL backups (≈5 GB) with a peg_historical table listing names, addresses, emails, phone numbers and education details. Gragg Advertising moved quickly after notification and secured the service within an hour, but the incident underscores risks from misconfigured rsync services and weak data retention practices.
read more →