Definitions

NIST SP 800-145: [A] model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
ISO/IEC 22123-1: [A] paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand.

Essential Characteristics (NIST)

On-Demand Self-Service
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
ISO addition: Multi-tenancy

Service Models

– IaaS → CSC manages OS, apps, data; CSP infra.

– PaaS → CSC manages apps; CSP manages platform.

– SaaS → CSC manages config only; CSP manages everything else.

Deployment Models

Private Cloud – For one org, on/off-prem.
Community Cloud – Shared by orgs with common needs.
Hybrid Cloud – Mix of public and private cloud with portability.
Public Cloud – For general public, owned by CSP.

Core Concepts

Abstraction – Virtualization (Creation of virtual machines from physical servers).
Orchestration – Automation of provisioning/config of VMs.
Multi-tenancy – Clouds are multi-tenant , with multiple CSCs sharing resource pools while being segregated and isolated for confidentiality and integrity. Segregation and isolation ensure that CSCs cannot see or modify each other’s assets.

CSA Enterprise Architecture

BOSS (SABSA) – Business Security
ITOS (ITIL) – IT Services
TSS (TOGAF) – Infra, Info, App, Presentation
SRM (OpenGroup) – Security & Risk

Shared Responsibility Model

SaaS – CSP secures all, CSC manages users/config.
PaaS – CSP secures platform, CSC secures apps/data.
IaaS – CSP secures infra, CSC secures OS, apps, network.

Key Tools

CAIQ – Questionnaire for CSP security controls.
CCM – Cloud Controls Matrix (maps controls to standards).

✅ Exam Tip: Always link responsibility level to the amount of control the CSC has (highest in IaaS, lowest in SaaS).

Flashcards: https://quizlet.com/in/1070003177/ccsk-domain-1-flash-cards/?i=4jehw4&x=1jqt

Understanding Pretty Good Privacy (PGP) and Its Importance in the Digital Age

In our increasingly digital world, the security and privacy of communication have become paramount. With the constant threat of cyberattacks, surveillance, and data breaches, individuals and organizations are looking for reliable ways to protect their sensitive information. One of the most well-regarded tools for securing digital communication is Pretty Good Privacy, commonly known as PGP.

What is Pretty Good Privacy (PGP)?

Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for communication. It was developed in 1991 by Phil Zimmermann as a way for people to securely exchange messages and files over insecure networks like the internet. At its core, PGP uses a combination of:

Symmetric-key cryptography (one password/key for encrypting and decrypting)
Public-key (asymmetric) cryptography (a pair of keys: one public, one private)
Hash functions for message integrity

This layered approach allows users not only to encrypt data but also to digitally sign messages, ensuring that the information hasn’t been tampered with and that the sender’s identity is verified.

How PGP Works – A Simple Overview

Imagine Alice wants to send a private message to Bob. Here’s how PGP helps:

Key Generation: Bob creates a pair of cryptographic keys – a public key and a private key. He shares his public key freely but keeps the private key secret.
Encryption: Alice uses Bob’s public key to encrypt the message. Only Bob’s private key can decrypt this message.
Digital Signature: To ensure authenticity, Alice signs the message with her private key. Bob can then use Alice’s public key to verify that it was indeed her who sent the message and that it hasn’t been altered.

This ensures

Privacy (only the intended recipient can read it)
Authenticity (verifying who sent the message)
Integrity (ensuring the message wasn’t altered)

Why is PGP Important?

Data Security
PGP encrypts messages, ensuring that sensitive data (like financial info, personal records, or corporate secrets) remains unreadable to unauthorized parties.
End-to-End Encryption
Unlike some services that may store your data in plaintext, PGP enables true end-to-end encryption, meaning the data is encrypted on your device and only decrypted on the recipient’s.
Authentication and Trust
Through digital signatures, PGP helps verify the identity of the sender—crucial in an age of phishing and spoofing attacks.
Open Standards and Widespread Use
PGP is not dependent on any one company or platform. OpenPGP, its open-source variant, enjoys broad adoption in email applications, file encryption tools, and even some messaging apps.
Privacy in a Surveillance Era
With increasing concerns over government and corporate surveillance, PGP provides civilians and journalists a robust means to protect their communications.

Common Use Cases for PGP

Secure email communication (e.g., using tools like GnuPG, ProtonMail, or Thunderbird with Enigmail)
Encrypted file storage and backups
Digital signing of software and documents
Identity verification in secure messaging apps

Challenges and Misconceptions

While powerful, PGP isn’t without challenges:

Usability: Setting up and managing PGP keys can be technical, especially for non-experts.
Key Management: Losing your private key or forgetting your passphrase usually means you lose access to your own encrypted data.
Misleading Name: Despite being called “Pretty Good” Privacy, PGP provides extremely strong security when used correctly.

SSL vs TLS: An Information Security Perspective

It is no longer something extra — in the present digital world, security of data is needed more than ever. Many organizations and individuals focus on the security of their online communications, and often the subjects of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) arise.

Although SSL and TLS can be mentioned in a similar way, they are not identical. In this article, we’re going to look at the important differences between them and where they play a role in protecting data while traveling over a network.

What Are SSL and TLS?

Both SSL and TLS are cryptographic protocols that provide encryption, authentication, and data integrity for communications over networks, especially the internet. They are most commonly associated with HTTPS, securing everything from login pages to banking transactions.

SSL (Secure Sockets Layer): Developed by Netscape in the 1990s, SSL was the original protocol designed to secure internet communications.
TLS (Transport Layer Security): TLS is the successor to SSL. It was first introduced in 1999 as TLS 1.0, based on SSL 3.0 but with improvements to fix known vulnerabilities.

Important Note: SSL is now considered deprecated and insecure. Modern systems use TLS, yet “SSL” is still commonly used in terminology like “SSL certificates” even when TLS is the actual protocol being used.

Key Differences Between SSL and TLS

Feature	SSL	TLS
Latest Version	SSL 3.0 (deprecated)	TLS 1.3 (as of 2018)
Security	Vulnerable to several attacks	Stronger encryption & design
Performance	Slower handshake	Faster & more secure
Cipher Suites	Outdated & weak	Modern & customisable
Support	No longer supported	Widely supported

Why It Matters for Information Security

From an information security standpoint, understanding SSL and TLS is more than a technical curiosity — it’s foundational. Here’s why:

1. Confidentiality

TLS ensures that sensitive data (like passwords, personal data, or financial information) is encrypted during transmission. Without it, data can be intercepted in plaintext — exposing it to attackers.

2. Integrity

TLS uses message authentication codes (MACs) to detect any tampering with data during transmission. This protects against man-in-the-middle (MITM) and replay attacks.

3. Authentication

TLS supports digital certificates issued by trusted Certificate Authorities (CAs) to verify the identity of a server (and optionally the client). This prevents impersonation attacks and phishing.

4. Compliance

Security standards such as PCI-DSS, HIPAA, and GDPR mandate the use of strong encryption for transmitting sensitive data. Relying on SSL is non-compliant and exposes organizations to legal and financial risk.

Risks of Using SSL Today

Despite being outdated, some legacy systems still support SSL — a major security red flag. Known vulnerabilities include:

POODLE Attack (SSL 3.0)
BEAST and CRIME Attacks (SSL/TLS)
Lack of forward secrecy

Using SSL today is akin to locking your front door with a toy lock — it’s simply not enough. Modern best practices require disabling SSL and enforcing TLS 1.2 or TLS 1.3 only.

Best Practices for TLS Implementation

Disable SSL and older TLS versions (i.e., TLS 1.0 and 1.1).
Enforce strong cipher suites with forward secrecy (e.g., ECDHE).
Use certificates from a trusted CA, and implement certificate pinning when possible.
Regularly update libraries and platforms (e.g., OpenSSL, web servers).
Test and audit TLS configurations using tools like SSL Labs’ SSL Test or testssl.sh.

Conclusion

The difference between SSL and TLS isn’t just semantic — it’s fundamental to your security posture. SSL is obsolete and insecure; TLS is the modern, secure choice for encrypting communications.

For security professionals and developers alike, staying informed and up-to-date on TLS best practices is critical. In an era of rising cyber threats, implementing strong TLS configurations isn’t just a recommendation — it’s a necessity for protecting the confidentiality, integrity, and authenticity of your data in motion.

July 2025: Major Data Breaches and Cyber Attacks

Axis Max Life Insurance Announces Data Breach

Axis Max Life Insurance, has reported being notified by an anonymous source about their unauthorized access to some customer information in a data breach.

The incident has prompted a comprehensive security assessment and rigorous data log analysis. The company released a statement confirming the initiation of a detailed investigation, carried out in collaboration with information security experts.

The investigation aims to identify the root cause of the breach and implement corrective measures to strengthen the security framework. “Remedial action, as necessary, will be undertaken based on the findings,” the statement noted, cited by Reuters.

‘Significant’ healthcare data breach exposes more than 41,000 Texans

A data security breach may have exposed more than 41,500 patients of a gastroenterology clinic in South Texas, according to a notice posted by the Texas Attorney General’s Office. The breach, which was reported on Thursday, July 24, may have involved patients’ names, dates of birth, and their health insurance and medical information.

The data breach occurred at Texas Digestive Specialists, also known as Gastroenterology Consultants of South Texas, after an “unauthorized party” accessed patient information in late May, according to a notice the clinic posted on its website. Though the clinic group maintains several locations across the Rio Grande Valley, including McAllen and Brownsville, the data breach appears to have occurred at the group’s Harlingen clinic, located at 512 Victoria Lane. The clinic group offers gastroenterology, colon and rectal, and advanced weight loss care, according to its website.

The information of 41,521 patients may have been exposed, though the clinic’s notice does not specify if that information is from current or past patients. Once the clinic became aware of the unauthorized infiltration, the clinic notified federal law enforcement agencies and “launched an investigation with the assistance of leading cybersecurity specialists,” the notice reads.

South Korean Government Imposes Penalties on SK Telecom for Breach

South Korea has leveled a small fine — but also onerous legal requirements — against mobile telecommunications provider SK Telecom, judging that the company “failed to fulfill its obligations” to provide its users with secure communications.

After a joint public-private investigation of the company’s more than 42,000 servers, a government task force found 28 servers infected with 33 different strains of malware, the Ministry of Science and ICT (Information and Communication Technology) stated in a report published on July 4. The mobile provider will have to pay up to 30 million won (US$21,890) for negligence as a result of its late reporting of a breach, but it also faces a slate of legal requirements, including quarterly security assessments, providing users with a free service to swap out their USIM, and allowing subscribers to cancel without penalty.

CoinDCX Hacked

India’s second-largest cryptocurrency exchange, CoinDCX, confirmed a sophisticated security breach on July 19, 2025, resulting in approximately $44.2 million being stolen from the platform.

This incident marks another significant cyberattack on India’s crypto infrastructure, coming exactly one year after the devastating WazirX h ack that cost investors $235 million.

Security analysis revealed that the attacker had pre-funded their wallet with 1 ETH via Tornado Cash, a cryptocurrency mixing service designed to obfuscate transaction trails.

The funds were subsequently routed through multiple smart contract interactions before being laundered through decentralized exchanges, making recovery efforts significantly more challenging.

The attack demonstrates the inherent vulnerabilities in hot wallet infrastructure used for active trading operations.

CoinDCX has filed an FIR with local authorities and engaged leading cybersecurity firms to strengthen their infrastructure.

The exchange is implementing additional security layers including zero-trust architecture, enhanced intrusion detection systems, and improved wallet segregation protocols.

Industry experts recommend mandatory insurance coverage and standardized security audits for all cryptocurrency platforms operating in India to prevent similar inciden ts and protect investor interests.

Esse Health Data Breach Exposes Personal and Medical Information of 263,000 Patients

Esse Health, a prominent healthcare provider, disclosed a data breach that has potentially exposed the personal and medical information of approximately 263,000 patients.

The breach, detected on April 2025, involved unauthorized access to the organization’s network by a cybercriminal who managed to view and exfiltrate certain files.

This incident underscores the growing threat of cyberattacks targeting healthcare institutions, where sensitive data is often a prime target for malicious actors.

Esse Health has taken swift action to mitigate the fallout from this breach, emphasizing their commitment to safeguarding patient information.

Upon discovery, immediate steps were taken to secure their systems, and law enforcement was promptly notified to aid in tracking the perpetrators.

The organization has since implemented advanced security enhancements to fortify their digital infrastructure against future threats.

Despite no current evidence suggesting misuse of the stolen data, Esse Health is offering complimentary identity protection services through IDX, a renowned data breach recovery provider, urging affected individuals to enroll by the deadlines of September 25 or 30, 2025, depending on the specific notification received.

Euro healthcare giant AMEOS Group shuts down IT systems after mystery attack

The AMEOS Group, which runs over 100 hospitals across Europe, has shut down its entire network after crims busted in.

The organization, which is Swiss-owned but runs medical treatment facilities across the continent, said that unknown miscreants have penetrated its IT systems and may have accessed patient health records, along with data on businesses that work with the healthcare provider.

“As part of the security incident, all internal and external network connections were disconnected and all systems were shut down in a controlled manner,” AMEOS wrote in a post on Wednesday. “IT and forensic service providers were immediately involved. Existing security measures were reviewed and immediately tightened.”

UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks

Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April.

The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations in recent UK retail history.

Key Takeaways

1. 6.5 million Co-op members’ personal data stolen in April cyberattack.

2. Four suspects arrested by the National Crime Agency on cybercrime charges.

3. Co-op prevented ransomware deployment and partnered with cybersecurity recruitment programs.

While no financial or transaction data was accessed, the attack has prompted widespread concern about cybersecurity vulnerabilities in the retail sector and led to the arrests of four suspects by the National Crime Agency (NCA).

McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data

A severe security vulnerability in McDonald’s AI-powered hiring system has exposed the personal information of potentially 64 million job applicants to unauthorized access.

Key Takeaways

1. McDonald’s AI hiring bot exposed 64 million job applicants’ personal data through weak security using password “123456.”

2. Researchers accessed the entire system in 30 minutes using simple password guessing and database manipulation.

3. Names, emails, phone numbers, and chat logs were accessible, enabling potential phishing and fraud schemes.

4. Both companies acknowledged the breach, fixed it same day, and Paradox.ai launched a bug bounty program.

Security researchers Ian Carroll and Sam Curry discovered that the McHire platform, built by artificial intelligence software firm Paradox.ai, suffered from elementary security flaws that allowed hackers to access applicant databases using credentials as simple as the username and password “123456.”

Weak Password Let Ransomware Gang Destroy 158-Year-Old Company

A single compromised password brought down KNP Logistics, putting 730 employees out of work and highlighting the devastating impact of cyber attacks on British businesses.

One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work.

KNP Logistics, a Northamptonshire transport company with roots dating back to 1865, became the latest victim of the Akira ransomware group in June 2024, joining tens of thousands of UK businesses that have fallen prey to such attacks.

The devastating breach began when hackers managed to gain entry to KNP’s computer systems by guessing an employee’s password. Once inside, the Akira gang deployed ransomware that encrypted the company’s essential data and locked down its internal systems, demanding an estimated £5 million ransom.

The attack crippled KNP’s ability to operate, access financial records, and secure crucial new funding, ultimately forcing the 158-year-old firm into administration.

Dell Confirms Security Breach After World Leaks Gang Releases 1.3 TB of Data, Company Disputes Claims

Dell has confirmed a security breach, which it claims affected its Customer Solutions Center, a platform for testing and showcasing its products to business clients.

However, the platform is isolated from its customer and business core systems, suggesting that the security breach was isolated. Details leaked include automation scripts, browser profiles, log files, backups, system data, software packages, and more.

While the threat actor claims the information is valuable, Dell disputes that allegation, stating that the leaked data was primarily synthetic, related to internal scripts or testing outputs, or publicly available information used for product testing.

Nonetheless, the security breach highlights the importance of isolating and securing testing environments to avoid leaking sensitive information.

Allianz Life Insurance Data Breach – 1.4 Million Customers’ Data at Risk

Major U.S. insurance provider Allianz Life Insurance Company confirmed on Saturday that hackers compromised the personal information of the “majority” of its 1.4 million customers following a sophisticated cyberattack on July 16, 2025.

The breach, disclosed in a mandatory filing with Maine’s attorney general, targeted a third-party, cloud-based customer relationship management (CRM) system used by the Minneapolis-based insurer.

According to company spokesperson Brett Weinberg, the attackers employed social engineering techniques to gain unauthorized access to personally identifiable information belonging to customers, financial professionals, and select Allianz Life employees.

Nippon Steel Solutions 0-Day Network Vulnerability Exposes Users Personal Information

Nippon Steel Solutions has disclosed a significant data breach affecting customer, partner, and employee personal information following a zero-day cyber attack that exploited a previously unknown software vulnerability in their network infrastructure.

The incident, detected on March 7, 2025, represents a serious security compromise that has prompted the company to implement immediate containment measures and launch a comprehensive investigation with external cybersecurity specialists.

The breach was discovered when Nippon Steel’s security team detected suspicious access patterns to their internal servers.

Upon detection, the company immediately isolated the compromised systems from its network and engaged external cybersecurity experts to assess the full scope of the intrusion.

Orange Telecom Faces Cyberattack as Hackers Breach Internal Systems

French telecommunications leader Orange has announced that it filed a formal complaint on Monday, July 28, 2025, following a cyberattack detected on one of its information systems, marking the latest in a series of cybersecurity incidents targeting major European infrastructure companies.

Security Incident Detection and Response

Orange first detected the cyberattack on Friday, July 25, 2025, prompting immediate mobilization of security teams across the organization.

The company’s cybersecurity division, Orange Cyberdefense, provided crucial support as teams worked swiftly to isolate potentially affected services and minimize the impact of the breach.

This rapid response demonstrates the telecommunications giant’s commitment to maintaining robust cybersecurity protocols in an increasingly hostile digital landscape.

The security incident required Orange to implement precautionary isolation measures across multiple systems, which inevitably disrupted normal operations for many customers.

These protective measures particularly affected Enterprise clients and several Public services, with disruptions concentrated primarily in France, where Orange maintains its largest operational footprint.

The company’s dedicated customer service teams have been fully mobilized to inform and support affected clients throughout the incident response process.

Louis Vuitton hacked: customer data stolen in cyber attack

On July 2, hackers gained access to Louis Vuitton’s systems in the United Kingdom. Customer data was stolen. Financial data remained out of reach of the attackers.

On July 2, unauthorized third parties gained access to Louis Vuitton UK’s systems. They managed to steal customer information, including names, contact details, and purchase history. The company emphasized in an email to customers that bank details and other financial information were not compromised.

The luxury brand warns that the stolen information could potentially be misused for phishing attacks, fraud, or other unauthorized use. Louis Vuitton has informed the relevant authorities, including the UK Information Commissioner’s Office. “While we have no evidence that your data has been misused to date, phishing attempts, fraud attempts, or unauthorized use of your information may occur,” according to an email to customers.

Security vulnerabilities

The hack at Louis Vuitton UK is not an isolated incident. It is now the third cyberattack on a brand owned by parent company LVMH in a short period. Louis Vuitton Korea reported a similar attack last week in which customer data was stolen. In May, Christian Dior Couture, LVMH’s second-largest fashion brand, was also hit by hackers.

Louis Vuitton UK says it has taken measures to strengthen its system security. The company is investigating the incident and regrets the inconvenience caused to customers. It is still unclear whether the attack is related to the previous incidents at other LVMH brands.

Data breach of 16 billion login credentials could risk Indian users

A recent data breach of about 16 billion login credentials is said to have put users of Facebook, Instagram, Google, and Apple at risk of fraud and identity theft.

The stolen records, scattered across 30 databases, are a “blueprint for mass exploitation” that threatens users in developing nations, according to a June 18 report by CyberNews, whose researchers found the breach. Unlike traditional database hacks, this leak originated from malware that infiltrates devices only when users download corrupted files, then targets people with poor password habits.

Developing countries face the greatest risk from this breach due to rapid digital adoption coupled with inadequate cybersecurity infrastructure, experts said. The vulnerability is particularly acute in Asia and Latin America, which represent the largest user bases for many affected platforms.

Ingram Micro Confirms Ransomware Attack, Working To Restore Systems To ‘Process And Ship Orders’

Ingram Micro late Saturday confirmed that it had been hit with a ransomware attack and that it is “working diligently to restore the affected systems so that it can process and ship orders.”

The $48 billion distribution behemoth, which notified law enforcement and has launched an “investigation” with the assistance of leading cybersecurity experts, “apologized” to customers, vendor partners and others for any “disruption” caused by the incident.

Bleeping Computer reported Saturday that Ingram Micro has been hit with a ransomware attack associated with the Safepay ransomware organization.

Ingram Micro’s website and online ordering systems have been down since Thursday, according to Bleeping Computer.

On Sunday morning, users visiting the Irvine, Calif.-based company’s website were met with the message “Ingram Micro is currently experiencing a cybersecurity incident, for more information ‘click here’,” which directs users to their official statement about the incident.

Among systems impacted are Ingram’s flagship AI-powered Xvantage platform and the Impulse license provisioning platform, according to Bleeping Computer.

Threat Actors Allegedly Claim Access to Nokia’s Internal Network

A threat actor, Tsar0Byte, allegedly claimed to have breached the company’s internal network through a vulnerable third-party link, exposing sensitive data belonging to more than 94,500 employees.

The alleged breach, reported on dark web forums including DarkForums, represents one of the most extensive corporate data exposures affecting Nokia in recent years. According to the threat actor’s claims, the compromised data includes a comprehensive internal directory containing:

Full employee names and contact details
Corporate email addresses and phone numbers
Department information and job titles
LinkedIn profile traces and internal references
Internal documents and partner-side logs
Employee identification numbers and corporate hierarchies

The breach appears to have occurred through the exploitation of a third-party contractor’s systems that had direct access to Nokia’s internal infrastructure for tool development purposes. This method of attack through supply chain vulnerabilities has become increasingly common among cybercriminals targeting major corporations.

Microsoft hit with SharePoint attack affecting global businesses and governments

Microsoft has alerted businesses and governments to “active attacks” on its popular SharePoint collaboration software.
Patches have been issued for two versions of SharePoint software, while one version remains vulnerable.
The Cybersecurity and Infrastructure Security Agency said the vulnerability provides access to file systems and the ability to execute code.

Microsoft has warned of “active attacks” targeting its SharePoint collaboration software, with security researchers noting that organizations worldwide stand to be affected by the breach.

The Cybersecurity and Infrastructure Security Agency said Sunday in a release that the vulnerability provides unauthenticated access to systems and full access to SharePoint content, enabling bad actors to execute code over the network.

CISA said that while the scope and impact of the attack continue to be assessed, the agency warned that it “poses a risk to organizations.”

Microsoft late Sunday issued fixes for customers to apply to two versions of the SharePoint software.

On Monday evening, Microsoft released a patch for SharePoint Server 2016, an older option for on-premises data centers.

In an alert Saturday, Microsoft said the attack applies only to on-premises SharePoint servers, not those in the cloud like Microsoft 365. SharePoint software is commonly used by global businesses and organizations to store and collaborate on documents.

The vulnerability is especially concerning because it allows hackers to impersonate users or services even after the SharePoint server is patched, according to researchers at European cybersecurity firm Eye Security, which said it first identified the flaw.

SharePoint servers often connect to other Microsoft services such as Outlook and Teams, meaning such a breach can “quickly” lead to data theft and password harvesting, Eye Security researchers said.

June 2025: Major Data Breaches and Cyber Attacks

ICC detects and contains new sophisticated cyber security incident

Late last week, the International Criminal Court (“ICC” or “the Court”) detected a new, sophisticated and targeted cyber security incident, which has now been contained.

This incident, the second of this type against the ICC in recent years, was swiftly discovered, confirmed and contained, through the Court’s alert and response mechanisms. A Court-wide impact analysis is being carried out, and steps are already being taken to mitigate any effects of the incident.

The Court considers it essential to inform the public and its States Parties about such incidents as well as efforts to address them, and calls for continued support in the face of such challenges.

Mother of all breaches reveals 26 billion records: what we know so far

The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered.

There are data leaks, and then there’s this. A supermassive Mother of all Breaches (MOAB for short) includes records from thousands of meticulously compiled and reindexed leaks, breaches, and privately sold databases. The full and searchable list is included at the end of this article.

Bob Dyachenko, cybersecurity researcher and owner at SecurityDiscovery.com, together with the Cybernews team, has discovered billions upon billions of exposed records on an open instance.

Even though at first the owner of the database was unknown, Leak-Lookup, a data breach search engine, said it was the holder of the leaked dataset. The platform posted a message on X, saying the problem behind the leak was a “firewall misconfiguration,” which was fixed.

Hawaiian Airlines Cybersecurity Crisis and Suffers from Massive IT Outage

Hawaiian Airlines (HA) recently disclosed a significant cybersecurity incident that may have compromised the personal information of its customers and employees.

The breach was detailed in a filing with the Maine Attorney General’s Office. It revealed that an unauthorized third party accessed sensitive data, potentially exposing names, addresses, and other personal details.

This incident has raised concerns about traveler safety and the security of personal information in the airline industry.

Ahold Delhaize Data Breach Exposes Personal Information of 2.2 Million Shoppers

Ahold Delhaize USA Services, LLC, a major grocery retail operator, has confirmed a significant data breach that compromised the personal information of over 2.2 million shoppers across the United States, including nearly 100,000 residents of Maine.

The breach, which was the result of an external hacking incident, has prompted the company to notify affected customers and offer complimentary identity protection services.

The compromised information includes names and other personal identifiers, though the company has not specified whether financial details or Social Security numbers were involved.

The breach affected a total of 2,242,521 shoppers, with 95,463 of those being Maine residents. Due to the scale of the incident in Maine, consumer reporting agencies were also notified following state law.

Scania confirms insurance claim data breach in extortion attempt

Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents.

Scania told BleepingComputer that the attackers emailed several Scania employees, threatening to leak the data online unless their demands were met.

Scania is a major Swedish manufacturer of heavy trucks, buses, and industrial and marine engines and is a member of the Volkswagen Group.

The company, which is known for its durable fuel-efficient engines, employs over 59,000 people and has an annual revenue of $20.5 billion, selling over 100,000 vehicles yearly.

Late last week, threat monitoring platform Hackmanac spotted a hacking forum post by a threat actor named ‘hensi,’ who is selling data they claimed to have stolen from ‘insurance.scania.com,’ offering it to a single exclusive buyer.

McLaren Health Care Data Breach Exposes 743,000 People Personal Information

McLaren Health Care, a major healthcare organization based in Grand Blanc, Michigan, has disclosed a significant data breach that compromised the personal information of 743,131 individuals nationwide.

The breach notification, filed with the Office of the Maine Attorney General, reveals that the healthcare provider experienced an external system breach through hacking activities that occurred on July 17, 2024.

The cybersecurity incident remained undetected for nearly three weeks before McLaren Health Care discovered the unauthorized access on August 5, 2024.

Amazon’s Whole Foods Distributor United Natural Foods Hit by a Cyber Attack that Disrupted Operations

Amazon’s Whole Foods distributor, United Natural Foods Inc. (UNFI), suffered a cyber attack that forced the company to shut down some IT systems, disrupting operations, including ordering and distribution.

Rhode Island-based UNFI distributes fresh and frozen food items to over 30,000 locations across the United States and Canada from its 53 major distribution centers. It boasts of being the largest full-service grocery partner, serving numerous high-profile clients, including Amazon’s Whole Foods.

According to its regulatory filing with the U.S. Securities and Exchange Commission (SEC), the food distributor learned of the cyber attack on June 5, 2025, after detecting unauthorized activity on some of its systems.

Denodo Scheduler Vulnerability Let Attackers Execute Remote Code

A significant security vulnerability has been discovered in Denodo Scheduler, a data management software component, that allows attackers to execute remote code on affected systems.

The flaw, identified as CVE-2025-26147, exploits a path traversal vulnerability in the Kerberos authentication configuration feature, potentially compromising the security of enterprise data management infrastructure.

Rhino Security Labs, the security firm that discovered the vulnerability, reported the issue to Denodo on April 9, 2024.

The vendor demonstrated exemplary response time, acknowledging the vulnerability and releasing a security patch on April 23, 2024 just 14 days after initial disclosure.

The vulnerability has been addressed in Denodo 8.0 update 20240307, and organizations using affected versions should immediately apply this security update.

This incident underscores the critical importance of implementing secure coding practices, particularly around file upload functionality and input validation.

The vulnerability’s progression from a simple path traversal flaw to remote code execution capability highlights how seemingly minor security oversights can lead to complete system compromise.

Organizations utilizing Denodo Scheduler should prioritize patch deployment and conduct security assessments of their data management infrastructure to ensure comprehensive protection against similar attack vectors.

Hackers Allegedly Leaked 86 Million AT&T Customer Records with Decrypted SSNs

A massive data breach involving AT&T, with hackers allegedly leaking personal information of 86 million customers. Hackers claimed to have successfully decrypted previously protected Social Security numbers and released the information on cybercrime forums.

The breach, first posted on May 15, 2025, on a well-known Russian cybercrime forum and re-uploaded on June 3, 2025, involved a dataset believed to be from a stolen AT&T database.

However, the current leak is distinct because it includes decrypted SSNs, which were encrypted in the earlier breach. Another related breach occurred in August 2021, claimed by ShinyHunters to affect 70 million AT&T customers, acknowledged by AT&T in April 2024, with data from 2019 or earlier affecting 7.6 million current and 65.4 million former account holders.

Cartier discloses data breach amid fashion brand cyberattacks

Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers’ personal information after its systems were compromised.

In notification letters sent today and shared by recipients on social media, Cartier revealed that hackers breached its systems and stole a limited amount of customer information.

“We are writing to inform you that an unauthorized-party gained temporary access to our system and obtained limited client information,” Cartier stated in the data breach notification.

“We contained the issue and have further enhanced the protection of our systems and data.”

According to the company, the compromised information includes names, email addresses, and countries where the customer resides.

Cartier stresses that the breach did not include more sensitive data, such as passwords, credit card numbers, or banking details.

However, the company warns that the stolen data could be used in targeted attacks, asking customers to remain vigilant against unsolicited or suspicious communications.

Punjab National Bank faces INR 3.35 Lakh penalty from BSE for VAPT vulnerabilities

The penalty was imposed on May 27, 2025, due to non-closure of Vulnerability Assessment and Penetration Testing (VAPT) vulnerabilities for the Financial Year 2024-2025.
This is pursuant to SEBI Circular SEBI/HO/MIRSD/MIRSD-PoD-1/P/CIR/2023/24 dated 06.02.2023 and Exchange Notice no. 20240916-2 dated 16.09.2024.
The impact on financial, operation or other activities of the listed entity is only to the extent of the amount of penalty.
PNB is considering an appeal for a waiver of the penalty to the Exchange within the prescribed timeline.

Proxy vs VPN

What is Proxy?

An internet proxy (or proxy server) is an intermediary system that sits between your device and the internet. When you use a proxy, your internet requests (like visiting a website) are first sent to the proxy server. The proxy then forwards these requests to the destination website or online service on your behalf, receives the response, and sends it back to you.

What is VPN?

A VPN (Virtual Private Network) is a technology that creates a secure, encrypted connection between your device and the internet. When you use a VPN, your internet traffic is routed through a remote server operated by the VPN provider. This process hides your real IP address, making your online activity more private and difficult to trace.

Difference Between Proxy and VPN

The main difference between a proxy and a VPN lies in how they handle your internet traffic and the level of privacy and security they provide:

Proxy servers act as intermediaries between your device and the internet. When you use a proxy, your internet requests go through the proxy server, which then forwards them to the destination website. The proxy masks your IP address, making it appear as if your traffic is coming from the proxy’s location. However, proxies do not encrypt your data—they simply reroute it. This means your traffic can still be intercepted or monitored by third parties, such as your ISP or hackers.
VPNs (Virtual Private Networks) also route your traffic through a remote server, masking your IP address. The key difference is that VPNs encrypt all data sent between your device and the VPN server, creating a secure “tunnel.” This encryption protects your data from ISP tracking, government surveillance, and hackers, making VPNs suitable for handling sensitive information like online banking or confidential work documents.

Below is the table for comparison:

Feature	Proxy Server	VPN
IP Masking	Yes	Yes
Encryption	No	Yes
Scope	Application-specific (browser or app)	System-wide (all device traffic)
Security Level	Low	High
Use Cases	Bypassing geo-blocks, basic anonymity	Secure browsing, privacy, remote work
Cost	Often Free	Usually Paid
Speed	Generally faster (no encryption overhead)	Can be slower (due to encryption)

Summary of key differences:

Encryption: VPNs encrypt your traffic, proxies do not.
Coverage: VPNs protect all traffic from your device; proxies typically only cover specific apps or browsers.
Security: VPNs provide stronger security against eavesdropping and data interception.
Cost and reliability: Proxies are often free but less reliable whereas VPNs are usually paid and more stable.

In short: Use a VPN if you need privacy, security, and encryption for all your online activities. Use a proxy if you only need to mask your IP address for less sensitive tasks and don’t require encryption.

Security Practices:

VPN
1. Use Strong Authentication
  - Multi-Factor Authentication (MFA): Always enforce MFA, preferably phishing-resistant types such as FIDO2 security keys or biometric methods, to reduce the risk of compromised credentials.
  - Strong, Unique Credentials: Avoid easily guessable passwords and never reuse credentials across systems.
2. Choose Robust Encryption & Protocols
  - Strong Encryption: Use strong encryption protocols like AES-256 for data protection. Avoid weak or outdated protocols, such as PPTP.
  - Secure Tunneling Protocols: Opt for secure protocols such as OpenVPN or IKEv2/IPsec, which provide advanced security features and strong encryption.
  - Enable force tunnelling and disable split tunnelling.
3. Keep Software Updated
  - Patch Management: Consistently update VPN software, clients, servers, and related devices to address known vulnerabilities, and promptly apply security patches.
  - Configuration Audits: Regularly review and update VPN configurations to prevent misconfigurations and outdated practices.
4. Implement Least Privilege & Access Control
  - Access Control Policies: Restrict user access based on job roles and need-to-know basis. Use granular authorization rules and security groups to control access to network resources.
  - Certificate Management: Employ client certificates and establish revocation mechanisms for compromised or obsolete certificates.
5. Provider and Logging Practices
  - Trustworthy Providers: Choose reputable VPN providers with strong privacy commitments and transparent, verifiable no-logging policies.
  - Review Jurisdictions and Policies: Be mindful of the provider’s jurisdiction and its laws around data retention and government access.
6. Monitor, Audit, and Respond
  - Continuous Monitoring: Enable and regularly review VPN log data to detect unusual access, suspicious activity, or configuration changes.
  - Security Audits: Perform periodic security audits to assess policy adherence and identify potential vulnerabilities.
  - Session Management: Set session timeout policies to limit exposure from unattended connections
Proxy
- Secure Configuration and Access
  - Disable Unnecessary Features: Disallow the CONNECT command or restrict it only to specific ports needed for business, such as SSL (443) and email (563), limiting attack avenues and port forwarding misuse.
  - Strong Authentication: Enforce robust authentication mechanisms to restrict unauthorized access. Consider combining username/password with IP whitelisting to add layers of control.
  - Role-Based Access Control (RBAC): Use RBAC to minimize privileges, giving users and administrators only the access they require.
- Encryption and Privacy
  - Encrypt All Traffic: Deploy SSL/TLS encryption so data passing through the proxy is protected from interception or man-in-the-middle (MitM) attacks.
  - End-to-End Encryption: Ensure encryption extends from client through the proxy to the end destination, preventing data leakage at any stage.
  - Proper Log Management: Secure and encrypt proxy logs, limit access to them, and establish retention policies to prevent sensitive information exposure

May 2025: Major Data Breaches and Cyber Attacks

South African Airways hit by cyber attack

South African Airways (SAA) has become the latest organisation to fall victim to a cyber attack.

In a statement released today, the flagship carrier of South Africa says it has been impacted by a significant cyber incident that began on Saturday, 3 May.

According to SAA, the breach temporarily disrupted access to the airline’s website, mobile application and several internal operational systems, prompting swift response measures to mitigate its effects.

On Saturday, the airline took to social media to say: “SAA regrets to inform customers that we are experiencing an intermittent technical system outage affecting the SAA website and mobile app. Our teams are working on resolving the issue as soon as possible. We apologise for any inconvenience this may cause and will provide updates accordingly.”

IT Guy Let Girlfriend Enter into Highly Restricted Server Rooms

A major security breach at Deutsche Bank’s New York datacenter has come to light through a lawsuit filed by a former Computacenter manager who claims he was wrongfully terminated after reporting unauthorized access incidents.

James Papa, previously a service delivery manager at Computacenter, alleges he was fired in July 2023 after raising alarming security concerns about one of his subordinates who repeatedly allowed his Chinese girlfriend into highly secure server rooms.

The lawsuit, filed this Monday in New York, details how a Computacenter employee granted his girlfriend “Jenny” unauthorized access to Deutsche Bank’s server rooms housing the institution’s “big iron” – industry terminology for high-performance mainframe computers processing millions of sensitive financial transactions.

Coinbase Hacked – Massive Data Breach Costs Them $400 Million

Coinbase Global, Inc., one of the world’s largest crypto exchanges, disclosed a major cybersecurity incident in a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC) on May 14, 2025.

The breach, orchestrated by an unknown threat actor, involved the unauthorized access of sensitive customer information and internal company documentation.

With estimated remediation costs ranging from $180 million to $400 million, the incident underscores the growing risks of cyber threats in the crypto ecosystem.

The Breach: How It Happened

The incident came to light on May 11, 2025, when Coinbase, Inc., a subsidiary of Coinbase Global, received an email from a threat actor claiming to have obtained sensitive data.

The perpetrator allegedly acquired the information by paying multiple contractors or employees in support roles outside the United States. These individuals, who had access to internal Coinbase systems for their job functions, collected customer account details and internal documentation, including materials related to customer-service and account-management systems.

Coinbase’s security monitoring systems had independently detected instances of unauthorized data access by these personnel in the months leading up to the email.

Upon discovery, the company swiftly terminated the involved parties, implemented enhanced fraud-monitoring protections, and warned affected customers to prevent misuse of their data. However, the May 11 email revealed that these prior incidents were part of a coordinated campaign, which Coinbase now refers to as the “Incident.”

The threat actor demanded a ransom to refrain from publicly disclosing the stolen data. Coinbase has refused to pay and is cooperating with law enforcement to investigate the breach.

What Was Compromised?

While the breach did not involve the compromise of customer passwords, private keys, or access to funds, the scope of the stolen data is concerning. According to Coinbase, the exposed information includes:

Customer Data: Names, addresses, phone numbers, email addresses, masked Social Security numbers (last four digits only), masked bank account numbers, some bank account identifiers, government-issued ID images (e.g., driver’s licenses, passports), account balance snapshots, and transaction histories.
Corporate Data: Limited internal documents, training materials, and communications available to support agents.

Customer Data Compromised in Dior Cyber Attack

Luxury fashion house Dior experienced a significant security incident when unauthorized external actors breached their customer database.

According to the official notification, Dior immediately implemented containment protocols and engaged cybersecurity experts to investigate the intrusion.

The breach exposed various categories of personal information, though Dior maintains that financial details remained secure despite the breach.

This incident highlights the ongoing vulnerability of high-profile brands to sophisticated cyber attacks targeting customer information repositories.

The security incident, detected on May 7, 2025, involved unauthorized access to Dior’s customer relationship management (CRM) system by what the company described as “an unauthorized external party.”

Steel giant Nucor Corporation facing disruptions after cyberattack

A cybersecurity incident on Nucor Corporation’s systems, the largest steel producer in the U.S., forced the company to take offline parts of its networks and implement containment measures.

The incident caused the company to temporarily suspend production at multiple locations, although the full impact on Nucor’s business remains unclear.

Nucor is a major steel producer in the U.S. and scrap recycler in the North America. It is a primary supplier of reinforcing bar that is used extensively in the country’s buildings, bridges, roads, and infrastructure.

The company employs more than 32,000 people across numerous mills across the U.S., Mexico, and Canada, and reported a $7.83 billion revenue in the first quarter of the year.

The cybersecurity incident was disclosed via an 8-K filing the firm submitted earlier today to the U.S. Securities and Exchange Commission (SEC).

Hitachi Vantara Confirms Ransomware Attack

Hitachi Vantara has confirmed experiencing a ransomware incident that disrupted some systems, with servers remaining offline and the support connect feature for partners made inaccessible for now.

The Santa Clara, Calif.-based hybrid cloud infrastructure and data protection products vendor will bring systems back online once its unnamed third-party subject matter experts remediate the incident, Hitachi Vantara said in a blog post that gave a partner support email address for solution providers to use while support connect is down.

“While we will try to provide as much information as we can, please know that our investigation is in its early stages and remains ongoing at this time,” the vendor said in the post. “We will continue to provide updates as we make progress.”

UK government confirms massive data breach following hack of Legal Aid Agency

Britain’s Ministry of Justice (MoJ) confirmed on Monday that hackers had “accessed a large amount of information” from people who had applied for legal aid, potentially including their criminal histories.

According to the MoJ statement, everyone in England and Wales who applied for legal aid using the Legal Aid Agency’s online platform since 2010 may be affected.

Legal aid applicants “will include some of the most vulnerable people in our society,” said Gareth Mott, a research fellow at the Royal United Services Institute think tank and former lecturer in security and intelligence at the University of Kent.

The perpetrators of the data extortion incident claim to have data on more than 2 million people. The hackers have threatened to publish this data online in what would amount to one of the most significant data breaches to ever impact the British criminal justice system.

Volkswagen Car Hacked – Owner’s Personal Data & Service Details Exposed

Significant vulnerabilities uncovered in Volkswagen’s connected car app that exposed sensitive personal information and complete service histories of vehicles worldwide.

The flaws disclosed allowed unauthorized access to user data through simple exploits requiring only a vehicle’s VIN number, which is visible through most car windshields.

This breach marks the second major cybersecurity incident for Volkswagen in six months, following a December 2024 cloud storage leak that compromised data from 800,000 electric vehicles.

Cellcom Confirms Cybersecurity Breach After Network Failure

Cellcom/Nsight has officially confirmed a cyberattack as the cause of a five-day service disruption affecting customers across its network.

In an official statement released today, company leadership acknowledged the incident while assuring customers that sensitive personal information appears to remain secure.

According to company officials, the cyberattack targeted a segment of Cellcom’s network infrastructure that was isolated from customer data repositories.

“The incident was concentrated on an area of our network separate from where we store sensitive information,” the company stated, emphasizing that there is currently “no evidence that personal information related to customers, including names, addresses, and financial information, has been compromised.”

Upon detecting the breach, Cellcom implemented pre-established cybersecurity protocols, which included engaging external cybersecurity specialists, notifying the Federal Bureau of Investigation and Wisconsin state officials, and initiating a comprehensive recovery strategy.

The company maintains that despite the service interruption, their security preparation allowed them to respond according to established contingency plans designed specifically for cyber incidents.

Adidas Warns Customers of Data Breach After Third-Party Security Incident

Adidas, the renowned German sportswear manufacturer, has issued a warning regarding a recent consumer data breach. On May 23, 2025, the company revealed that an unauthorized external party accessed specific consumer information via a third-party customer service provider. According to official statements, the compromised data primarily consists of contact details belonging to individuals who had previously reached out to Adidas’s customer service help desk.

Adidas stressed that neither payment card numbers nor passwords were compromised. “We immediately took steps to address the incident and started a comprehensive investigation, working alongside top information security specialists,” the company said. This guarantee was created to ease concerns among its global customer base regarding financial fraud or direct account compromise.

LexisNexis Risk Solutions Data Breach Exposes 364,000 individuals personal Data

LexisNexis Risk Solutions has disclosed a significant data breach affecting approximately 364,000 individuals after discovering that an unauthorized third party gained access to sensitive personal information through a compromised third-party software development platform.

The cybersecurity incident, which LexisNexis learned about on April 1, 2025, actually occurred on December 25, 2024, when attackers successfully acquired data from an external platform used for software development purposes.

The breach notification reveals that the incident did not directly compromise LexisNexis’s own internal networks or systems, but rather affected data stored on a third-party platform utilized for development activities.

The company, which provides risk management services to business customers, immediately launched a comprehensive investigation with assistance from leading external cybersecurity experts upon discovering the unauthorized access.

Deloitte Data Breach: Alleged Leak of Source Code & GitHub Credentials

A threat actor using the alias “303” allegedly claimed to have breached the company’s systems and leaked sensitive internal data on a dark web forum.

The alleged breach reportedly involves GitHub credentials and source code from internal project repositories belonging to Deloitte’s U.S. consulting division.

According to reports emerging from cybersecurity monitoring services, the threat actor posted details of the alleged compromise on a well-known dark web forum, claiming to have accessed and exfiltrated critical development resources.

The leaked data allegedly includes GitHub credentials that could potentially grant unauthorized access to Deloitte’s internal development infrastructure, as well as source code from proprietary projects.

Victoria’s Secret website down as company investigates security incident

Women’s fashion brand Victoria’s Secret said it is working to restore operations after experiencing a security incident.

The company did not respond to requests for comment but the victoriassecret.com domain now features a brief message to customers explaining that it has “identified and are taking steps to address a security incident.”

“We immediately enacted our response protocols, third-party experts are engaged, and we took down our website and some in store services as a precaution,” the company said.

“We are working to quickly and securely restore operations. We continue to serve customers in our Victoria’s Secret and PINK stores.”

April 2025: Major Data Breaches and Cyber Attacks

Ransomware surge: Sensata Technologies, US state agencies targeted in widespread cyber incidents

Industrial technology company Sensata Technologies disclosed that the company experienced a ransomware attack that encrypted parts of its network. The company took its systems offline, initiated response protocols, and launched an investigation with third-party cybersecurity experts. Law enforcement has been notified and is involved. This comes as several U.S. states have recently disclosed cyber incidents affecting critical government services, including Arizona, Arkansas, Idaho, Nebraska, and Oregon.

“On April 6, 2025, Sensata Technologies Holding plc (the “Company”) experienced a ransomware incident that has encrypted certain devices in the Company’s network,” Richard Siedel, vice president and chief accounting officer at the Massachusetts headquartered company, detailed in a Securities and Exchange Commission (SEC) filing on Wednesday. “Upon discovery, Sensata immediately activated its response protocols, implemented containment measures, including proactively taking its network offline, and launched an investigation with the assistance of third-party cybersecurity professionals. In coordination with legal counsel, the Company has notified law enforcement about the matter and is supporting its investigation.”

Hackers Allegedly Leaked 1.59 Million Rows of Indian Insurance User’s Sensitive Data

Hackers allegedly claim that a software company based in India was compromised on December 19, 2024, by a hacker identified as @303. The breach exposed approximately 1,590,798 rows of sensitive data, including customer information and administrative credentials.

The dataset, initially leaked on the dark web forum by a user known as “frog,” contains email addresses from major Indian insurance providers, mobile numbers, and potentially confidential administrative access credentials.

The Sample data analyzed by Cyber Security News contains information about employees of prominent insurance companies, including HDFC Ergo, Bajaj Allianz, ICICI Lombard, and others.

Cyberattack Hits British Retailer Marks & Spencer

Iconic British retailer Marks & Spencer (M&S) is scrambling to restore services impacted by a cybersecurity incident that occurred over the Easter holiday.

While the company’s online services remained operational, the incident impacted certain store operations, causing delays and frustration among customers.

“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced,” M&S said in a filing with the London Stock Exchange.

The company says it has engaged with cybersecurity experts to investigate the incident and relevant authorities have been notified.

“We are taking actions to further protect our network and ensure we can continue to maintain customer service,” M&S also said, without providing further details on the impacted services.

Western Sydney University discloses security breaches, data leak

Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community.

WSU is a prominent Australian institution offering various undergraduate, postgraduate, and research programs across multiple disciplines.

It serves a student body of 47,000 and employs over 4,500 permanent and seasonal staff, operating with an annual budget of approximately $600 million.

One of the incidents disclosed concerns the compromise of one of the University’s single sign-on (SSO) systems between January and February 2025.

This breach has reportedly led to the unauthorized access of demographic, enrollment, and progression information for approximately 10,000 current and former students.

DOGE breach sparks cybersecurity crisis as Russian IP tries to access Federal Labor Systems

A looming national cybersecurity emergency is being witnessed following a whistleblower’s disclosure that an IP address registered in Russia tried to access sensitive federal labor databases mere minutes following a contentious data scraping by the agency led by Elon Musk, Department of Government Efficiency (DOGE), as per a report.

The breach attempt was directed at the National Labor Relations Board (NLRB), by using credentials associated with a recently created DOGE email address, as per Nextgov report.

County Data Breach Also Affected City of Chattanooga, Tenn.

The cybersecurity incident, which dates to July, stemmed to an agency that “provides debt collection services to city government,” a city spokesperson said in a news release, noting there’s “no indication that anything other than debt collection services data was affected.”

(TNS) — The city of Chattanooga was also affected by a data breach that Hamilton County officials have recently disclosed, officials said Friday.

Both incidents stem from Nationwide Recovery Services, a collection agency based in Cleveland, Tennessee.

Nationwide Recovery Services provides debt collection services to city government,” city spokesperson Eric Holl said in a news release. “There is no indication that anything other than debt collection services data was affected.”

Hackers Allegedly Breach TikTok, Exposing Over 900,000 Usernames & Passwords

A hacking collective identifying itself as R00TK1T has claimed responsibility for a massive data breach affecting TikTok, allegedly exposing the credentials of more than 900,000 users.

According to the group’s statements, they have released a sample of 927,000 TikTok user records into the wild, describing it as “proof of their vulnerabilities”.

R00TK1T stated they had previously warned ByteDance and TikTok about security vulnerabilities but were ignored.

“We warned ByteDance and TikTok, but their silence speaks volumes. Despite our clear message, they’ve ignored the cries of users locked out, suspended, or erased from the platform,” the group declared.

Western Sydney University student data stolen again, posted on dark web

The details of more than 10,000 students have been stolen from one of Australia’s largest universities.

Western Sydney University has again been targeted in a cyber breach. In a statement released on Thursday, the university said demographic, enrolment and course progress information had been taken.

In a separate incident, “personal information belonging to the university community” was discovered on the dark web in late March – the information had been online for almost five months.

It is unclear if the information was for sale or posted as a whole.

A university spokesperson said the matter was under police investigation and could not be elaborated on.

Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents

ANY.RUN research identified a large-scale data leak event triggered by a false positive in Microsoft Defender XDR. The security platform incorrectly flagged benign files as malicious, leading to their automatic submission to ANY.RUN’s public sandbox for analysis. As a result, over 1,700 sensitive documents were uploaded and indexed publicly.

The leak, which involved corporate data from hundreds of companies, has raised alarm bells about the risks of misclassification in threat detection systems and the unintended consequences of user behavior in response to such errors.

More than 11,000 DBS, Bank of China customers’ information compromised after data attack on vendor

Customer data from two banks here was stolen in a ransomware attack on a printing vendor, though no login information was compromised.

In a joint statement late on April 7, the Cyber Security Agency of Singapore (CSA) and Monetary Authority of Singapore (MAS) said the two banks were DBS Bank and Bank of China, Singapore (BOC).

DBS said the customer statements of around 8,200 customers were potentially compromised, while BOC separately said that the breach affected around 3,000 customers, whose paper letters were printed and distributed by Toppan Next Tech.

Both banks added that their respective systems had not been compromised, and customer monies remained safe. DBS added that there was no evidence of unauthorised transactions resulting from the incident so far.

According to DBS, the affected customers are mainly users of brokerage DBS Vickers and short-term loan service Cashline.

The potentially compromised information came from statements or letters sent to individual customers between December 2024 and February 2025.

Customer data exposed in these statements includes names, postal addresses and details relating to equities held under DBS Vickers and Cashline loans, said DBS, adding that the documents do not contain login credentials, passwords, NRIC details, deposit balances or total wealth holdings.

Transitioning to PCI DSS 4.0: Essential Compliance Updates

The shift from PCI DSS 3.2.1 to 4.0 brings critical security enhancements to protect payment card data against evolving cyber threats. If your organization processes payments, these changes will impact you.

The below table highlights changes for each requirement:

Requirement	PCI DSS v3.2.1	PCI DSS v4.0 (Changes & Enhancements)
1: Install and maintain a firewall configuration to protect cardholder data	Required the use of firewalls to segment networks and protect cardholder data from unauthorized access.	Expanded scope to include Network Security Controls (NSCs) instead of just firewalls, allowing organizations to use modern security solutions like cloud-based security tools. Requires more granular firewall rules review and justification for allowed traffic.
2: Do not use vendor-supplied defaults for system passwords and security parameters	Mandated changing vendor default credentials before deploying any system on the network.	Strengthened requirements to include all security configurations, not just passwords. Introduced new guidance on securely configuring cloud-based and containerized environments. MFA is required for non-console administrative access to all system components.
3: Protect stored cardholder data	Required encryption, truncation, masking, and hashing to protect stored cardholder data.	Enhanced cryptographic storage requirements, ensuring that stored cardholder data is protected with stronger encryption methods (e.g., AES-256). Introduced stricter key management controls and better protection of encryption keys from unauthorized access.
4: Encrypt transmission of cardholder data across open, public networks	Required the use of secure transmission protocols such as TLS 1.2 and SSH.	Explicitly prohibits outdated encryption protocols (e.g., SSL, early TLS). Mandates continuous monitoring of encryption methods, requiring organizations to automate monitoring for transmission security failures.
5: Protect all systems and networks from malicious software	Required antivirus software on all systems commonly affected by malware.	Shifted to a risk-based approach, allowing organizations to implement Endpoint Detection and Response (EDR), behavioral monitoring, and AI-driven security instead of just traditional antivirus. Introduced specific anti-malware protections for cloud workloads.
6: Develop and maintain secure systems and applications	Required organizations to apply critical security patches within a defined timeframe.	Expanded to require a Secure Software Development Lifecycle (SDLC). Strengthened multi-factor authentication (MFA) requirements for application developers and administrators. Introduced specific guidance for cloud security, API security, and DevOps security.
7: Restrict access to cardholder data by business need to know	Required access control measures based on job roles and responsibilities.	Strengthened Identity and Access Management (IAM) controls, introducing Zero Trust principles. Requires organizations to review access privileges more frequently and document justifications for access.
8: Identify and authenticate access to system components	Required strong authentication methods and passwords for access to system components.	MFA now required for all access to cardholder data, not just admin accounts. Introduced stronger password requirements, including longer minimum password lengths and adaptive authentication measures such as risk-based authentication.
9: Restrict physical access to cardholder data	Required security controls for physical access, such as badges, cameras, and visitor logs.	Introduced real-time logging and alerting for physical access. Strengthened visitor access controls and mandated the logging of all physical access attempts, even unsuccessful ones.
10: Track and monitor all access to network resources and cardholder data	Required logging of user activities and retention of logs for at least 12 months.	Expanded requirements to include real-time security event monitoring using SIEM (Security Information and Event Management) solutions. Mandated automated log correlation and anomaly detection to improve security response times.
11: Regularly test security systems and processes	Required annual penetration testing and quarterly vulnerability scanning.	Introduced continuous security testing requirements, including automated scanning and real-time penetration testing approaches. Mandated organizations to demonstrate a robust security testing methodology instead of just periodic testing.
12: Support information security with organizational policies and programs	Required organizations to implement a comprehensive security policy that is reviewed annually.	Strengthened security awareness training, requiring ongoing training programs instead of just annual training. Mandated the inclusion of social engineering testing in security awareness programs. Required organizations to perform risk assessments annually and implement a customized approach if standard controls cannot be met.

The below table highlights changes for each category.

Category	PCI DSS v3.2.1	PCI DSS v4.0	Key Changes & Implications
Authentication & Access Control	Multi-Factor Authentication (MFA) required for admin access to the Cardholder Data Environment (CDE).	MFA is required for all accounts accessing the CDE, including non-admin users.	Expanded MFA enforcement reduces the risk of unauthorized access.
Password Requirements	Minimum password length: 7 characters. Passwords changed every 90 days.	Minimum password length: 12 characters (or 8 characters if additional security measures are implemented).	Stronger password policies to enhance security.
Encryption Standards	Use of TLS 1.2 or higher required for data encryption. Legacy encryption protocols allowed in certain cases.	Stronger cryptographic requirements with TLS 1.2+ mandatory. Weak encryption methods phased out.	Ensures encryption is in line with evolving security threats.
Risk-Based Approach	Compliance was prescriptive—specific controls must be followed.	Introduces a Customized Approach, allowing organizations to implement alternative security measures if they meet the same security objective.	Greater flexibility while maintaining security effectiveness.
E-commerce & Web Security	Basic guidelines for securing online transactions.	Expanded requirements for phishing protection, e-commerce security, and web application firewalls (WAFs).	Addresses modern cyber threats like account takeovers and web-based attacks.
Security Awareness Training	General security training required for employees.	More emphasis on phishing, social engineering, and security best practices.	Strengthens the human factor in cybersecurity.
Monitoring & Logging	Logs must be reviewed daily, but requirements were less stringent.	Enhanced logging and real-time threat detection using automated tools.	Helps organizations detect and respond to threats faster.
Penetration Testing	Annual penetration testing required.	Risk-based penetration testing required, considering emerging threats.	Adaptive security testing based on real-world risks.
Third-Party Security (Vendors & Partners)	Vendors handling payment data must comply with PCI DSS.	Stricter third-party risk management requirements, including security assessments.	Strengthens supply chain security to prevent breaches.
Incident Response & Threat Detection	Incident response plans were required but lacked clear testing guidelines.	Incident response plans must be tested regularly and include ransomware & emerging threats.	Improves preparedness for cyberattacks like ransomware.
Cloud Security	Limited guidance on cloud environments.	Expanded cloud security requirements, ensuring security responsibilities are clearly defined between cloud providers and clients.	Addresses modern cloud adoption trends and shared security responsibilities.
Firewall & Network Security	Firewalls required for segmentation of payment environments.	More detailed requirements for firewall rule reviews and automated network security monitoring.	Improves security for complex network architectures.
Scope Definition & Risk Assessment	Scope definition was relatively fixed.	Enhanced scoping guidance to ensure organizations identify all assets handling cardholder data.	Reduces hidden risks and overlooked assets in compliance assessments.

The revised PCI DSS 4.0 standard was published on March 31, 2022. The key deadlines are March 31, 2024 which is the date on which the previous version (PCI DSS 3.2.1) is retired. Compliance with PCI DSS 4.0 is compulsory after this date. However, some of the requirements of PCI DSS 4.0 are flagged as best practice until March 31, 2025, at which point they too become mandatory.

March 2025: Major Data Breaches and Cyber Attacks

Data breach at Japanese telecom giant NTT hits 18,000 companies

Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.

The data breach was discovered in early February 2025, but the exact date when the hackers gained initial access to NTT’s systems hasn’t been determined.

“NTT Communications Corporation discovered on February 5 that our facilities had been subjected to unauthorized access”.

“On February 6, we confirmed that some information might have been leaked externally.”

Specifically, NTT says hackers breached its ‘Order Information Distribution System,’ which held details on 17,891 corporate customers (companies), but no data on personal customers (consumers).

The types of data that may have been stolen by hackers includes:

Customer name (registered contract name)
Customer representative’s name
Contract number
Phone number
Email address
Physical address
Service usage information

NTT says contracts for corporate smartphones and mobile phones provided directly by NTT Docomo were not affected by this incident.

Tata Technologies Battles Ransomware Attack

Tata Technologies, a leading global engineering and digital services company, confirmed that it fell victim to a ransomware attack. The breach led to the temporary suspension of some of its IT services, which have since been restored.

Tata Technologies has initiated a detailed investigation in collaboration with cybersecurity experts to determine the root cause of the breach. The company is committed to taking all necessary steps to mitigate potential risks and ensure the highest standards of security and data protection.

Cyber Attack at Raymond: IT Teams, Authorities Probe Massive Breach

Leading textile and apparel conglomerate Raymond Limited has confirmed a cyber-attack on its IT infrastructure on February 19. The company swiftly isolated affected systems to safeguard core business operations, ensuring no disruption to customer-facing platforms or store networks.

In a regulatory filing, Raymond’s Company Secretary and Compliance Officer, Rakesh Darji, assured that its retail and physical store operations remain unaffected. While the filing did not disclose details about the threat actors or confirm any ransomware involvement, the company stated that “necessary precautions and protocols” were activated to mitigate the impact.

Despite the security breach, Raymond reassured stakeholders that its critical manufacturing and retail systems are secure, with no significant service disruptions reported. The company’s cybersecurity experts, along with internal IT teams, are conducting forensic analysis to assess the attack’s entry points, duration, and potential data exposure risks. Additionally, India’s cybersecurity agency CERT-In has been notified, and an investigation is underway.

Massive Data Breach Hits NSW Online Registry: 9,000+ Files Stolen

A major cybersecurity incident has struck the New South Wales court system, as cybercrime detectives investigate a significant data breach affecting the Department of Communities and Justice (DCJ).

The breach targeted the NSW Online Registry Website (ORW), a critical platform that houses sensitive information related to both civil and criminal cases across the state.

The breach was discovered on Tuesday, March 25, 2025, prompting officers from the State Crime Command’s Cybercrime Squad to initiate an immediate investigation under Strike Force Pardey.

The investigation revealed that approximately 9,000 sensitive court files, including apprehended violence orders and affidavits, were accessed and downloaded by unauthorized parties.

Hackers steal sensitive data from Pennsylvania county during ransomware attack

Personal information from Union County, Pennsylvania, residents was stolen during a ransomware attack on government systems 10 days ago.

The county published a notice on Friday warning its more than 40,000 residents that the ransomware attack was discovered on March 13. Federal law enforcement was notified and cybersecurity experts were hired to help with the recovery process.

On March 13, the county learned that the hackers took personal information from its network.

Infosys settles U.S. cyber incident lawsuits for $17.5 mn

Indian IT services giant Infosys has reached a settlement agreement concerning multiple lawsuits filed against its U.S. subsidiary, Infosys McCamish Systems, over a cybersecurity breach that occurred in 2023. The company announced on Friday that it would pay $17.5 million into a settlement fund to resolve all pending class action lawsuits and associated allegations.

Impact of the Cybersecurity Breach

The security incident resulted in unauthorized access and data exfiltration affecting a substantial number of individuals. In April 2024, Infosys revealed that an internal investigation, conducted in collaboration with its third-party vendor eDiscovery, identified up to 6.5 million individuals whose personal information had been compromised.

Although the company did not disclose the exact nature of the data breach, cybersecurity analysts speculate that sensitive personal data, including financial and insurance-related information, may have been accessed. The breach raised concerns over Infosys McCamish Systems’ cybersecurity infrastructure and data protection measures, prompting regulatory scrutiny and class action lawsuits from affected parties.

Oracle Denies Breach Amid Hacker’s Claim of Access to 6 Million Records

A recent investigation by CloudSEK’s XVigil platform has uncovered a cyberattack targeting Oracle Cloud, resulting in the exfiltration of six million records and potentially affecting over 140,000 tenants. Reportedly, a threat actor, identified as ‘rose87168,’ perpetrated this attack that involved the theft of sensitive data, including JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys, which are now being sold on Breach Forums and other dark web forums.

The attacker, active since January 2025, claims to have compromised a subdomain login.us2.oraclecloud.com, which has since been taken down. This subdomain was found to be hosting Oracle Fusion Middleware 11G, as evidenced by a Wayback Machine capture from February 17, 2025. They are demanding ransom payments from affected tenants for the removal of their data and have even offered incentives for assistance in decrypting the stolen SSO and LDAP passwords.

Nine newspapers subscribers have data exposed online in breach

Thousands of the subscribers to Nine newspapers have had their personal data exposed online in a major cybersecurity breach.

Sixteen-thousand subscribers to the Sydney Morning Herald, The Age and The Financial Review had their names, postal addresses and email addresses left exposed online.

A spokesperson for Nine said payment details and passwords were not affected.

Nine said it was first made aware of the hack to a third-party supplier that had access to subscriber’s details by a security researcher.

“We have been made aware by a security researcher that certain personal information held by a third party supplier was not protected to the level of Nine’s strict internal data protocols after an unauthorised change,” a spokesperson said.

“This included a limited number of The Sydney Morning Herald, The Age and The Australian Financial Review print subscriber records.”

The company said there was no breach of its “internal technology infrastructure” and that the data was no longer visible online.

President Mahama’s hacked X account restored after several hours of cybersecurity breach

President John Dramani Mahama has confirmed that his X (formerly Twitter) account has been restored following a cybersecurity breach.

The account was compromised on March 17, 2025, and used to promote a suspicious cryptocurrency called “Solana Africa.”

In a post on X after regaining access, Mahama reassured the public, stating:

“My team has restored my account, working with the X support team. Thank you for your enquiries and offers to assist.”

The breach has also highlighted the importance of robust cybersecurity measures for public figures. Experts have urged political leaders and organizations to implement stronger authentication systems, regular security audits, and emergency response protocols to protect their digital assets.

Definitions

Essential Characteristics (NIST)

Service Models

Deployment Models

Core Concepts

CSA Enterprise Architecture

Shared Responsibility Model

Key Tools

Share this:

Understanding Pretty Good Privacy (PGP) and Its Importance in the Digital Age

What is Pretty Good Privacy (PGP)?

How PGP Works – A Simple Overview

Challenges and Misconceptions

Share this:

What Are SSL and TLS?

Key Differences Between SSL and TLS

Why It Matters for Information Security

1. Confidentiality

2. Integrity

3. Authentication

4. Compliance

Risks of Using SSL Today

Best Practices for TLS Implementation

Conclusion

Share this:

Axis Max Life Insurance Announces Data Breach

‘Significant’ healthcare data breach exposes more than 41,000 Texans

South Korean Government Imposes Penalties on SK Telecom for Breach

CoinDCX Hacked

Esse Health Data Breach Exposes Personal and Medical Information of 263,000 Patients

Euro healthcare giant AMEOS Group shuts down IT systems after mystery attack

UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks

McDonald’s AI Hiring Bot With Password ‘123456’ Leaks Millions of Job-Seekers Data

Weak Password Let Ransomware Gang Destroy 158-Year-Old Company

Dell Confirms Security Breach After World Leaks Gang Releases 1.3 TB of Data, Company Disputes Claims

Allianz Life Insurance Data Breach – 1.4 Million Customers’ Data at Risk

Nippon Steel Solutions 0-Day Network Vulnerability Exposes Users Personal Information

Orange Telecom Faces Cyberattack as Hackers Breach Internal Systems

Security Incident Detection and Response

Louis Vuitton hacked: customer data stolen in cyber attack

Security vulnerabilities

Data breach of 16 billion login credentials could risk Indian users

Ingram Micro Confirms Ransomware Attack, Working To Restore Systems To ‘Process And Ship Orders’

Threat Actors Allegedly Claim Access to Nokia’s Internal Network

Microsoft hit with SharePoint attack affecting global businesses and governments

Share this:

ICC detects and contains new sophisticated cyber security incident

Mother of all breaches reveals 26 billion records: what we know so far

Hawaiian Airlines Cybersecurity Crisis and Suffers from Massive IT Outage

Ahold Delhaize Data Breach Exposes Personal Information of 2.2 Million Shoppers

Scania confirms insurance claim data breach in extortion attempt

McLaren Health Care Data Breach Exposes 743,000 People Personal Information

Amazon’s Whole Foods Distributor United Natural Foods Hit by a Cyber Attack that Disrupted Operations

Denodo Scheduler Vulnerability Let Attackers Execute Remote Code

Hackers Allegedly Leaked 86 Million AT&T Customer Records with Decrypted SSNs

Cartier discloses data breach amid fashion brand cyberattacks

Punjab National Bank faces INR 3.35 Lakh penalty from BSE for VAPT vulnerabilities

Share this:

Share this:

South African Airways hit by cyber attack

IT Guy Let Girlfriend Enter into Highly Restricted Server Rooms

Coinbase Hacked – Massive Data Breach Costs Them $400 Million

The Breach: How It Happened

What Was Compromised?

Customer Data Compromised in Dior Cyber Attack

Steel giant Nucor Corporation facing disruptions after cyberattack

Hitachi Vantara Confirms Ransomware Attack

UK government confirms massive data breach following hack of Legal Aid Agency

Volkswagen Car Hacked – Owner’s Personal Data & Service Details Exposed

Cellcom Confirms Cybersecurity Breach After Network Failure

Adidas Warns Customers of Data Breach After Third-Party Security Incident

LexisNexis Risk Solutions Data Breach Exposes 364,000 individuals personal Data

Deloitte Data Breach: Alleged Leak of Source Code & GitHub Credentials

Victoria’s Secret website down as company investigates security incident

Share this:

Share this:

Share this:

Data breach at Japanese telecom giant NTT hits 18,000 companies

Tata Technologies Battles Ransomware Attack

Cyber Attack at Raymond: IT Teams, Authorities Probe Massive Breach

Ahold Delhaize Data Breach Exposes Personal Information of 2.2 Million Shoppers