< ciso
brief />
Tag Banner

All news with #insider threat tag

132 articles · page 7 of 7

FinWise Insider Data Breach Affects 689K AFF Customers

🔒 FinWise Bank says a former employee accessed sensitive files after their employment ended, in a data security incident identified on May 31, 2024. The bank notified corporate partner American First Finance (AFF), which reported that data for 689,000 customers was affected. FinWise launched an external investigation, strengthened internal controls, and is offering 12 months of credit monitoring and identity theft protection to impacted individuals.
read more →

ICO: Students Cause Majority of UK School Data Breaches

🔒 The ICO analyzed 215 insider personal data breach reports from the UK education sector between January 2022 and August 2024 and found students were responsible for 57% of incidents. Around 30% of breaches involved stolen login credentials, with students accounting for 97% of those attacks by guessing weak passwords or using credentials found on paper. The report highlights cases where pupils used freely available tools to break into school systems and access or alter thousands of records. The ICO urges parents, schools and the wider industry to channel curiosity into legitimate cyber careers and strengthen basic protections.
read more →

Smashing Security #434: Whopper Hackers and AI Failures

🍔 In episode 434 of the award‑winning Smashing Security podcast, Graham Cluley and guest Lianne Potter examine two striking security stories: an ethical hack of Burger King that revealed drive‑thru audio recordings, hard‑coded passwords and an authentication bypass, and an alleged insider theft at xAI where a former engineer, after receiving $7 million, is accused of taking trade secrets. The hosts blend sharp analysis with irreverent commentary on operational security and human risk.
read more →

Social-Engineered Help Desk Breach Costs Clorox $380M

🔐 Attackers affiliated with the Scattered Spider group exploited weak vendor phone procedures to obtain repeated password and MFA resets from Cognizant’s service desk, then used the access to escalate to domain-admin footholds at Clorox. Clorox says the intrusion caused roughly $380 million in damages, including remediation and extended business-interruption losses. The case highlights failure to follow agreed verification processes and the amplified risk of outsourced help desks. Organizations should enforce out-of-band caller verification, immutable reset logs, and automated containment to reduce the attacker window.
read more →

Onboarding Attacks: When Fake Hires Become Insider Threats

🔐 Attackers are increasingly bypassing email defenses by infiltrating organizations through the hiring process, as in the 'Jordan' example where a bogus hire gained broad access on day one. Remote recruiting, AI-generated profiles and deepfakes have turned identity into the new perimeter, undermining traditional vetting. Adopting zero standing privileges—with JIT/JEP, strict baselines and comprehensive auditing—and tools such as BeyondTrust Entitle can remove persistent access and automate time‑bound, auditable privilege grants.
read more →

61% of US Companies Hit by Insider Data Breaches in Two Years

📊 Nearly two-thirds (61%) of US firms experienced insider data breaches in the past two years, according to a new OPSWAT report conducted by the Ponemon Institute. Affected organizations reported an average of eight unauthorized file-access incidents and an average financial impact of $2.7m per organization. Respondents identified file storage and web file transfers as the riskiest environments for data loss. The study also found mixed approaches to generative AI—29% have banned it, 25% have formal policies, and 33% already include AI in file security strategies.
read more →

How Bribery at a Vendor Led to Coinbase Extortion Incident

🔒 In early May 2025 Coinbase disclosed that attackers had extorted the company after bribing employees at an outsourced support provider in India to acquire customer and internal data. The theft affected roughly 1% of monthly active users — about 70,000 people — and exposed information useful for social engineering, though no private keys or wallet credentials were taken. Coinbase refused a $20 million ransom, posted a matching bounty, pledged customer reimbursement, flagged suspect blockchain addresses, dismissed implicated vendor staff, and ended the vendor relationship.
read more →

Suspected Hacker Arrested for Tampering School Grades

🔒 Spanish police arrested a 21-year-old suspect in Seville accused of accessing the Andalusian Education Ministry's systems to alter high school and university entrance exam grades for himself and several classmates. Authorities say at least 13 university professors' work accounts across Almería, Cádiz, Córdoba, Seville and Jaén were compromised and emails accessed. Seized computer equipment and a notebook listing manipulated grades were recovered during the search, and regional security for the Séneca platform has been tightened.
read more →

Cybercrime Motivations: Beyond Financial Gain, Impact

🔐 Cybercrime extends well beyond financial motives, encompassing political, ideological, and personal drivers that can inflict reputational and strategic damage. Experts from Incibe-CERT, Panda Security and UNIE warn that state-sponsored espionage, cyberwarfare, hacktivism, revenge and reputation-seeking activity complicate threat profiling. Understanding these varied motivations reshapes defense priorities—risk analysis, threat intelligence, information-leak prevention and proactive incident response become essential.
read more →

Chinese Developer Jailed for Deploying Malicious Code

⚖️ A software developer was sentenced to four years in prison after deploying malicious code inside his US employer's network, the Department of Justice said. The defendant, identified as Davis Lu, introduced infinite-loop logic, deleted coworker profile files and implemented a credential-dependent kill-switch that locked out thousands of users in September 2019. The sabotage followed a corporate realignment that reduced his access; investigators found deleted encrypted data and internet searches showing intent to escalate privileges and rapidly delete files while obstructing remediation.
read more →

Ex-Developer Jailed for Deploying Kill-Switch Malware

🛑 A former software developer was sentenced to four years in prison after intentionally sabotaging his employer's servers with custom malware that included a kill switch. Davis Lu, 55, abused his access in 2019 to introduce infinite-loop Java code, delete coworker profiles, and deploy a kill switch named 'IsDLEnabledinAD' that locked out users when his Active Directory account was disabled. The DOJ said the incident, reportedly at Eaton Corporation, disrupted thousands of users and caused hundreds of thousands of dollars in losses.
read more →

North Korea’s IT worker scheme infiltrating US firms

🔍 Thousands of North Korean IT workers have used stolen and fabricated US identities to secure roles at Western companies, funneling hundreds of millions of dollars annually to Pyongyang’s military programs. They leverage AI for resumes and cultural coaching, faceswap and VPN tools for video calls, and remote-access setups tied to US-based "laptop farms" run by facilitators who launder paychecks and ship company-issued machines abroad. Recent DOJ raids and the 102-month sentence for Christina Marie Chapman highlight legal, financial and national security risks, including potential sanctions violations.
read more →