#information-security
#information-security

Fairway is the latest mortgage company to report cyber incident

Fairway Independent Mortgage Corp. suffered a cyber attack due to vulnerabilities in a vendor system.

The company engaged a third-party security firm to assist in identifying impacted customers and promptly implemented a patch to rectify the vulnerability. [ more ]

Databreaches

UK: South Tees Hospitals NHS Foundation Trust reprimanded for "serious, harmful" data breach

The Information Commissioner's Office has reprimanded South Tees Hospitals NHS Foundation Trust for a data breach involving the disclosure of sensitive information to an unauthorized individual.

The breach was caused by human error and the Trust failed to adequately prepare staff for handling sensitive correspondence. [ more ]

Theregister

UK water company that serves millions confirms system attack

Criminals broke into Southern Water's IT systems and stole a limited amount of data.

The stolen data includes identity documents, HR-related documents, and corporate car-leasing documents. [ more ]

Databreaches

EU data protection

UK: Coventry school reprimanded for data breach after IT system 'hacked three times'

Finham Park Multi Academy Trust in Coventry has been reprimanded by the Information Commissioners Office for data breaches.

The school's IT system was hacked three times and 1,843 UK Data Subjects were affected.

The ICO found that the school did not have adequate account lockout or password policies in place. [ more ]

TechRepublic

Checklist: Network and Systems Security | TechRepublic

Identifying security risks and mitigating vulnerabilities reduces stress and volatility for cybersecurity professionals.

A network and systems security checklist can help information security professionals in managing cyberthreats. [ more ]

www.housingwire.com

Freddie Mac: Seller/servicers must keep up with cybersecurity threats

Freddie Mac is urging seller/servicers to prioritize cybersecurity and maintain robust information security programs to prevent and mitigate the impact of cyber incidents.

Record numbers of cybersecurity incidents against seller/servicers occurred in 2023, including social engineering attacks and the installation of malware and ransomware. [ more ]

Nextgov.com

4 months ago

Agencies' FISMA implementation is still 'mostly ineffective,' watchdog says

Only 8 out of 23 surveyed civilian agencies were found to have effective information security programs in place.

Various causes for the ineffective programs were identified, including management accountability issues and gaps in standards and quality control. [ more ]

morecybersecurity

information security

Axios

5 months ago

Ex-Twitter exec claims X fired him for raising security concerns after Musk-led takeover

Twitter's former global head of information security is accusing the company of wrongly firing him for raising concerns about budget cuts following the Elon Musk-led takeover.

The lawsuit alleges that Musk hired an advisor who cut Twitter's products and services that supported an FTC consent decree, and both Musk and the advisor were dismissive of the decree. [ more ]

Nextgov.com

5 months ago

Nevada Dem renews push for data privacy standards

Sen. Catherine Cortez Masto reintroduced three bills aimed at adding oversight and transparency to private sector data collection.

The bills address information security standards, data collection practices, software distribution, and privacy-enhancing technologies.

Cortez Masto emphasizes the need for stronger privacy laws to protect consumers' personal information. [ more ]

ComputerWeekly.com

6 months ago

ICO alerted after technical 'issue' exposed college files to student barristers | Computer Weekly

The Inns of Court College of Advocacy (ICCA), a leading college for barristers, experienced a data breach that allowed students to access sensitive files on hundreds of other students.

The breach exposed personal information such as email addresses, phone numbers, exam marks, previous institutions attended, ID photos, and sensitive data like health records, visa status, and parental status.

The college is investigating the breach and has notified the Information Commissioner's Office. They have also sought written undertakings from the students who accessed the files to not share the data further. [ more ]

moreinformation security

Theregister

1 week ago

VMware security advisories just became a lot less accessible

VMware security advisories are now only viewable through a Broadcom Support account, potentially creating issues for security professionals. [ more ]

Theregister

1 week ago

Te years since the first corp ransomware and no end in sight

Ransomware attacks on corporations have increased over the past decade, with no sign of slowing down, posing a significant threat to information security. [ more ]

Nextgov.com

3 days ago

Space assets are in foreign adversaries' cyber crosshairs, DOD official says

Adversaries like China and Russia are increasingly interested in disrupting American space assets through cyberattacks, focusing on ground stations transmitting data to satellites. [ more ]

Nextgov.com

2 days ago

GSA names 7 leaders to inaugural FedRAMP board

The GSA is updating the FedRAMP program with a new board for provisional approvals. [ more ]

Los Angeles Times

2 weeks ago

Kaiser Permanente notifies 13.4 million members of data breach. City of Hope also reported breach

Kaiser Permanente apologized for inadvertently transmitting members' search information to Google and other platforms, affecting 13.4 million individuals. [ more ]

Ars Technica

2 months ago