Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A global technology services provider based in the United Kingdom, with more than 11,000 employees, was quickly scaling while serving clients across the finance, telecom, media, retail and healthcare sectors. Behind the scenes, its Information Technology (IT) and security teams were facing growing challenges: too many password tools, limited visibility into access controls and widening compliance gaps as cyber threats became more sophisticated.

Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be highly exploitable. StealC is an infostealer malware that has been circulating since early 2023, sold under a Malware-as-a-Service (MaaS) model and marketed to threat actors seeking to steal cookies, passwords, and other sensitive data from infected computers.

Due to growing awareness of data privacy risks, organizations face mounting pressure from regulators to safeguard sensitive personal information. This can be particularly challenging for US companies, which must adhere to both domestic regulations, such as the CCPA and HIPAA, as well as international frameworks in their target global markets.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! You might want to get on to this…

A leading insurance and asset management company was hit by a large-scale data breach, impacting more than four million customer and employee records and resulting in widespread media attention. Through an accelerated response with emergency call center support, a dedicated support website and expedited notice mailing, Kroll’s Breach Notification services ensured the business was able to take quick and decisive action following this globally significant security event.

By Omry Farajun, President and CEO, Storage Guardian Storage Guardian, in partnership with Acronis, has launched the Incident Response Planner to help organizations meet CIS Control 17 – Incident Response Management. The solution uses out-of-band SMS communication and predefined response templates to rapidly engage key stakeholders, host a centralized incident response plan and execute validation drills and tabletop exercises with confidence.

The persistence of decades-old technology in industrial settings is a fact of life. Operational technology (OT) environments in factories, power plants and critical infrastructure facilities are studded with industrial PCs running operating systems that the corporate IT world retired years ago.

Following the recent cyberattack on Endesa, one of Spain’s largest electricity and gas providers, Outpost24’s threat intelligence team has compiled a comprehensive analysis of the incident based on publicly available evidence from underground forums, leaked dataset listings, and the threat actor’s own statements.

The VMware virtual machine disks consolidation is needed error usually appears when snapshots fail to merge correctly with the main virtual disk. This problem often occurs after incomplete backups, canceled snapshot deletions, or low storage space. Left unresolved, it can slow down your VM or even risk data corruption. Read this blog to learn why the virtual machine consolidation needed status occurs and how to resolve it safely.

Today, we’re excited to share that Cloudflare has acquired Human Native, a UK-based AI data marketplace specializing in transforming multimedia content into searchable and useful data.