< ciso
brief />
Tag Banner

All news with #insider threat tag

132 articles

CISOs Warn Executives Lack Understanding of Cyber Risk

🔒 A MetaCompliance report (July 9) based on responses from over 200 European CISOs finds 78% believe C-level executives do not fully grasp cybersecurity risks tied to employee behaviour. The survey highlights fading leadership support for security awareness, with 79% saying backing wanes over time and 40% worried employees share sensitive data with generative AI tools. AI-driven social engineering is cited as a key factor eroding confidence in organisational cyber resilience.
read more →

INTERPOL-led Operation First Light nets global arrests

🕵️ Law enforcement agencies coordinated Operation First Light 2026 across 97 countries, arresting 5,811 suspects and seizing $293 million in illicit assets. The operation targeted social engineering fraud — including BEC, sextortion, impersonation, romance, and investment scams — and associated money laundering between January 15 and April 30. Authorities identified over 142,000 victims, blocked 31,014 bank accounts, and analyzed 152,808 cases while additional suspects were identified. INTERPOL coordinated the effort with regional policing bodies and funding support from China's Ministry of Public Security.
read more →

Critical Dialogflow CX 'Rogue Agent' code execution flaw

🛡️ A critical flaw in Google Dialogflow CX's Code Blocks could let an attacker with edit rights on one agent compromise other Code Block-enabled agents in the same Google Cloud project. Varonis named the issue Rogue Agent; it required the dialogflow.playbooks.update permission and thus implied a malicious insider or compromised developer account rather than an unauthenticated internet attacker. Google fixed the vulnerability after Varonis disclosed it via the VRP; there are no signs of exploitation.
read more →

Kubota reports month-long network intrusion affecting employees

🔒 Kubota North America disclosed that a threat actor accessed parts of its network from March 16 to April 20, exposing personal data for employees and dependents. The company says exposed information may include names, Social Security numbers, dates of birth, tax IDs, driver’s license numbers, bank account and corporate card details, and limited benefits claims. Notifications were sent starting June 30 with instructions to enroll in Kroll identity protection and guidance to monitor accounts; Kubota has enacted additional security measures and has not reported business disruptions.
read more →

Cyber Risks and Privacy Threats Around World Cup 2026

🛡️ The 2026 FIFA World Cup presents an unprecedented cyberattack surface across three host countries, with illegal streaming and black-market gambling exposing viewers to significant risks. UpGuard researchers found publicly exposed log systems containing plain-text credentials, IP addresses, and betting details tied to pirate streams and offshore bookmakers. Law enforcement and international operations are disrupting many servers, but resilient criminal networks continue to adapt and monetize audiences via unregulated gambling.
read more →

Meta pauses employee monitoring program after failures

🛑 Meta has frozen its Model Compatibility Initiative (MCI) after employees reportedly bypassed guardrails and accessed sensitive internal data, then did so again after an attempted fix. The program collected inputs like keystrokes, mouse movements, clicks, and screen content to train AI, and employees were initially not allowed to opt out. Meta says it found unauthorized access on June 18 and paused MCI while investigating, asserting no indication yet of improper access beyond what was reported. Analysts criticized inadequate protections and insufficient risk tagging for highly sensitive non-PII telemetry.
read more →

ICO cautions healthcare worker over royal records

🔒 The ICO has issued a formal caution to a former London Clinic healthcare worker who attempted to access and sell the Princess of Wales’ medical records. The regulator opened a criminal investigation in 2024 but concluded a caution under section 170(5) of the Data Protection Act 2018 was an appropriate enforcement response. The ICO found no wider organisational failings meeting the threshold for further action and emphasised its readiness to pursue prosecution when necessary.
read more →

Infinite Campus Salesforce Breach Exposes Staff Data

🔒 Infinite Campus disclosed a Salesforce data theft in March that exposed personal information for school staff across its K‑12 customer base. The attacker, linked to groups known for targeting Salesforce instances, allegedly leaked a 1.2GB archive. Have I Been Pwned found data from 137,100 accounts, including names, emails, job titles and contact details. Infinite Campus said most exposed items appear to be directory information commonly published by schools.
read more →

Former school IT worker jailed for prolonged hacks

🔒 A former senior IT support specialist for the Saydel Community School District in Iowa was sentenced to 21 months in prison for repeatedly accessing and sabotaging his former employer’s systems after his April 2023 departure. Prosecutors say he deleted the district’s Facebook page, stripped employees of access to educational platforms, and erased Apple School Manager and Gmail accounts, disrupting classes and causing tens of thousands in remediation costs. He pleaded guilty in January 2026 and must pay $59,668.81 in restitution and serve three years of supervised release with monitoring conditions.
read more →

Ukraine’s resilience lessons for cybersecurity planning

🛡️ Dmytro Kuleba, Ukraine’s foreign minister from 2020–2024, told Infosecurity Europe that pre-planning and contingency-driven resilience underpinned Ukraine’s survival after the 2022 full-scale invasion. He described a December 2023 attack that knocked KyivStar offline via a single compromised employee account, and praised rapid recovery and hardened defences thereafter. Kuleba advised organisations to rehearse crisis responses, understand systems intimately, and build instinctive survival practices. He warned that even benign third-party CRM tools can be weaponised for targeted intelligence, urging technological sovereignty and strict data security.
read more →

Agencies Warn of LinkedIn Recruitment for Espionage

🛡️ A joint bulletin from the FBI, MI5, ASIO, CSIS and NZSIS warns that Chinese military intelligence is using professional networking sites and job platforms to recruit Western workers into sharing sensitive information. The advisory details fake cover companies, targeted outreach on platforms like LinkedIn, and staged hiring processes that escalate from innocuous reports to requests for privileged material via encrypted messaging. Targets include military personnel, academics, journalists, and think-tank staff, and payments are made through common money-transfer and crypto services. The agencies urge scepticism toward unsolicited, well-targeted approaches and rapid moves to encrypted apps.
read more →

FBI: Physical tech-support scams target law firms

🛡️ The FBI warns of a gang dubbed the Silent Ransom Group (SRG) that has shifted from phishing and remote access scams to in-person impersonation of IT support, gaining physical access to devices to install malware or exfiltrate data. The group, active since at least 2022, typically steals data to extort victims without using ransomware encryption. Indicators include unauthorized installs of remote-access tools, new USB or external drive activity, and unexpected data uploads to services like OneDrive or Google Drive.
read more →

Agent AI Adoption Exposes Identity Gaps and Risks Now

⚠️Orchid Security's Identity Gap: Snapshot 2026 reveals that unseen, unmanaged identity elements now exceed visible ones, with 'identity dark matter' at 57% versus 43%. The report warns that rapid adoption of Agent AI amplifies risk because autonomous agents look for the most efficient access paths, often exploiting hard-coded or orphaned credentials and excessive privileges. Orchid urges strengthening identity and access management controls and using its readiness checklist to mitigate exposures.
read more →

Cyber-enabled Cargo Crime Mirrors Ransomware Tradecraft

🔒 Cybercriminals are applying the ransomware playbook to steal freight, using phishing and compromised email accounts to alter shipments, register fraudulent carriers, and redirect loads to criminal warehouses. These tactics affect high-value and perishable goods and frequently go unreported, amplifying losses for small and midsized fleets. NMFTA highlights controls and resources and invites practitioners to the 2026 cybersecurity conference.
read more →

Ransomware Escalates: Rising Risk of Physical Threats

🔒 Ransomware campaigns are increasingly paired with explicit threats of physical harm, with a Semperis study finding 40% of incidents involved intimidation and 46% in the US. Reported tactics include threatening notes left at homes, phone calls reciting staff addresses and identity details, and extortionists recruiting local actors to carry out violence. The FBI and vendors warn of a growing pattern — described as violence-as-a-service — and advise organisations to treat employee data as critically sensitive and update incident response plans to manage physical-threat scenarios.
read more →

Fired Employee Used AI to Hide Deletion of Federal Data

🔒 Two former hosting-company employees allegedly deleted dozens of customer and federal databases after being fired; one brother was convicted on computer-fraud and related charges. Investigators say one used a public AI chatbot to ask how to clear SQL and Windows logs, aiding evidence destruction. Experts warn this underscores failures in off-boarding and privileged access controls and call for stronger AI guardrails and real-time revocation.
read more →

Insider Betting on Polymarket Skews Military Markets

⚠️Analysis by the Anti-Corruption Data Collective found significant insider activity on Polymarket. Long-shot wagers—bets of $2,500 or more at implied odds of 35% or less—had an average win rate of about 52% in markets on military and defense actions. By contrast, those long-shot bets won roughly 25% in politics-focused markets and only 14% platform-wide. Author Bruce Schneier warns that permitting such activity risks warping political and military outcomes far more severely than insider sports betting.
read more →

Former Contractor Convicted for Deleting Federal Databases

🔒 A jury found former federal contractor Sohaib Akhter guilty of conspiring to destroy dozens of government databases after being fired during a remote meeting in February 2025. Prosecutors say Akhter and his twin brother Muneeb ran write-protect commands and deleted roughly 96 databases hosting sensitive investigative and FOIA records for more than 45 agencies. They allegedly sought to hide their activity — even consulting an AI assistant about clearing system logs — and destroyed evidence; sentencing is set for September 9, 2026.
read more →

Crypto gang member gets 78 months for $230M heist probe

🔒 A 20-year-old California man, Marlon Ferro (aka GothFerrari), was sentenced to 78 months in prison after pleading guilty to serving as a home invader and money launderer for a criminal ring that stole over $250 million in cryptocurrency. Arrested on May 13, 2025, Ferro was found carrying two firearms and a fraudulent ID and was ordered to pay $2.5 million in restitution and serve three years of supervised release. Authorities say the conspiracy combined social engineering, hacking attempts, and physical burglaries to seize hardware wallets and launder funds through exchanges and mixers.
read more →

One in Eight UK Employees Admit Selling Corporate Logins

🔒 A Cifas survey of 2,000 UK employees at firms with 1,000+ staff found 13% admitted to selling corporate logins in the past year or knew someone who had. The report highlights even higher tolerance among senior managers and executives, with justification rates rising to 32-43% and 81% for business owners. Cifas urges organisations to build fraud-aware cultures and deliver counter-fraud training to curb insider risk.
read more →