#insiderthreat — Public Fediverse posts

The New Insider Threat May Not Be Human https://youtu.be/tx58w6bEiHg #Cybersecurity #ArtificialIntelligence #AIGovernance #InsiderThreat #AIThreats #DataSecurity #ZeroTrust #IdentitySecurity #SaaSSecurity #RiskManagement #DigitalTrust #CyberRisk #CISO #BoardroomCybersecurity

📢⚠️ Two US cybersecurity experts have been jailed for aiding the BlackCat ransomware group, extorting victims worldwide, and exploiting insider access for profit.

Read: https://hackread.com/us-cybersecurity-experts-jail-alphv-blackcat-ransomware/

#CyberSecurity #CyberCrime #ALPHV #BlackCat #Ransomware #InsiderThreat

Clearwater, Florida, library disruption leads to felony charge against former employee #ComputerTampering #DeepFreeze #MultiFactorAuthentication #InsiderThreat #Clearwater #AuditLogs #Florida #Library https://dysruptionhub.com/clearwater-library-charge-florida/

Clearwater, Florida, library disruption leads to felony charge against former employee #ComputerTampering #DeepFreeze #MultiFactorAuthentication #InsiderThreat #Clearwater #AuditLogs #Florida #Library https://dysruptionhub.com/clearwater-library-charge-florida/

US Army Employee Indicted for Leaking Classified Defense Information

A former US Army employee with a top-secret clearance has been indicted for allegedly leaking classified national defense information to unauthorized individuals, raising serious questions about trust and security breaches. This shocking case highlights the urgent need for tighter controls and monitoring of sensitive…

https://osintsights.com/us-army-employee-indicted-for-leaking-classified-defense-information?utm_source=mastodon&utm_medium=social

#NationalSecurity #ClassifiedInformation #InsiderThreat #UsArmy #DefenseSector

'Is your biggest security threat already inside your castle?' - the definition of an "insider" has fundamentally changed. It’s not just about disgruntled employees; it’s about a complex web of social engineering, digital savviness, and agentic AI. https://nielharper.com/2026/03/23/is-your-biggest-security-risk-already-inside-your-castle #CyberSecurity #InsiderThreat #DigitalTrust #RiskManagement #AI #ZeroTrust #InfoSec

Insider-Bedrohungen: Das Risiko, das wir uns nicht länger leisten können zu unterschätzen. Während Unternehmen Millionen in den Schutz vor externen Angriffen investieren, entsteht ein Großteil der gefährlichsten Vorfälle dort, wo es niemand erwartet: im eigenen Haus. Aktuelle Untersuchungen zeigen: Insider-Bedrohungen gehören inzwischen zu den kostspieligsten und am schwierigsten zu erkennenden Vorfällen. #InsiderThreat #CyberSecurity #IdentitySecurity #Cybercrime

What happens to insider risk when AI becomes a coworker https://www.helpnetsecurity.com/2026/01/08/ai-insider-risk-management-video/ #Artificialintelligence #LivingSecurity #insiderthreat #Don'tmiss #Video #video #News #CXO

Coinbase insider who sold customer data to criminals arrested in India https://www.bitdefender.com/en-us/blog/hotforsecurity/coinbase-insider-who-sold-customer-data-to-criminals-arrested-in-india #cryptocurrency #insiderthreat #databreach #Guestblog #Dataloss #Coinbase

Understanding AI insider risk before it becomes a problem https://www.helpnetsecurity.com/2026/01/05/ai-insiders-risk-video/ #Artificialintelligence #dataprotection #cybersecurity #insiderthreat #compliance #Don'tmiss #UpGuard #Video #video #News #risk

Crypto theft in 2025: North Korean hackers continue to dominate https://www.helpnetsecurity.com/2025/12/18/crypto-theft-2025-north-korean-domination/ #socialengineering #cryptocurrency #insiderthreat #Chainalysis #NorthKorea #Don'tmiss #Hotstuff #theft #News

Smashing Security podcast #445: The hack that brought back the zombie apocalypse https://grahamcluley.com/smashing-security-podcast-445/ #SmashingSecurity #insiderthreat #CrowdStrike #databreach #Dataloss #password #Podcast #radio #TV

CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch https://techcrunch.com/2025/11/21/crowdstrike-fires-suspicious-insider-who-passed-information-to-hackers/ #cybersecurity #Crowdstrike #InsiderThreat #Lapsus$ #Salesforce #Gainsight

CrowdStrike catches insider feeding information to ScatteredLapsus$Hunters

Sergiu Gatlan reports:

American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors.

However, the company noted that its systems were not breached as a result of this incident and that customers' data was not compromised.

"We identified and terminated a suspicious insider last month following an internal investigation that determined he shared pictures of his computer screen externally," a CrowdStrike spokesperson told BleepingComputer today.

Read more at Bleeping Computer: https://www.bleepingcomputer.com/news/security/crowdstrike-catches-insider-feeding-information-to-hackers/

#insiderthreat #crowdstrike #scatteredlapsus$hunters

Product showcase: Syteca – The human-centric insider threat management platform https://www.helpnetsecurity.com/2025/10/29/product-showcase-syteca-cybersecurity-platform/ #Productshowcase #insiderthreat #Don'tmiss #Hotstuff #Syteca #News

Ransomware, extortion groups adapt as payment rates reach historic lows https://www.helpnetsecurity.com/2025/10/27/ransomware-extortion-payment-q3-2025/ #socialengineering #insiderthreat #remoteaccess #ransomware #Don'tmiss #datatheft #extortion #Hotstuff #Coveware #trends #News

Identifying risky candidates: Practical steps for security leaders https://www.helpnetsecurity.com/2025/10/16/fraudulent-candidate-identification/ #identityverification #Expertanalysis #cybersecurity #insiderthreat #Expertcorner #Don'tmiss #Hotstuff #strategy #opinion #Nisos #News

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S. https://www.helpnetsecurity.com/2025/10/01/north-korea-it-workers-worldwide/ #softwaredevelopment #financialindustry #insiderthreat #remoteworking #government #healthcare #NorthKorea #Don'tmiss #Australia #Singapore #Hotstuff #Germany #Canada #Europe #India #Japan #News #Okta #tips #USA #AI #UK

Imagine a ransomware gang bold enough to try recruiting a BBC reporter—Medusa’s tactics are evolving fast and targeting insiders. How safe are our defenses?

https://thedefendopsdiaries.com/medusa-ransomware-evolving-tactics-and-the-growing-insider-threat/

#medusaransomware
#ransomware
#insiderthreat
#cybersecurity2025
#doubleextortion

Imagine a ransomware gang bold enough to try recruiting a BBC reporter—Medusa’s tactics are evolving fast and targeting insiders. How safe are our defenses?

https://thedefendopsdiaries.com/medusa-ransomware-evolving-tactics-and-the-growing-insider-threat/

#medusaransomware
#ransomware
#insiderthreat
#cybersecurity2025
#doubleextortion

Imagine a ransomware gang bold enough to try recruiting a BBC reporter—Medusa’s tactics are evolving fast and targeting insiders. How safe are our defenses?

https://thedefendopsdiaries.com/medusa-ransomware-evolving-tactics-and-the-growing-insider-threat/

#medusaransomware
#ransomware
#insiderthreat
#cybersecurity2025
#doubleextortion

From mischief to malware: ICO warns schools about student hackers https://www.fortra.com/blog/mischief-malware-ico-warns-schools-about-student-hackers #Securitythreats #insiderthreat #Guestblog #Lawℴ #hacking #school #ico

How CISOs are balancing risk, pressure and board expectations https://www.helpnetsecurity.com/2025/08/28/proofpoint-2025-voice-of-the-ciso-report/ #Artificialintelligence #cybersecurity #insiderthreat #GenerativeAI #Proofpoint #cyberrisk #report #News #CISO

Most cybersecurity risk comes from just 10% of employees https://www.helpnetsecurity.com/2025/07/16/human-cybersecurity-risk-employees/ #CyentiaInstitute #LivingSecurity #riskmanagement #cybersecurity #insiderthreat #humanerror #Don'tmiss #cyberrisk #report #survey #News #CISO

We talk about zero trust.
MFA.
Segmentation.
Defense in depth.

But we don’t talk enough about belonging.

#Cybersecurity #HumanRisk #Leadership #SecurityCulture #Loneliness #DigitalTrust #EmotionalSecurity #InsiderThreat #LimitlessCyber

https://youtu.be/Vt-GZAFLBHA?si=eqi3m8Tz7MjpfOSQ

Your security is only as strong as your people's will to keep it.

Educate.
Endorse.
Or eliminate.

Stay silent. Stay secure.

#CyberSecurity #HumanFactor #SecurityAwareness #InsiderThreat #RiskManagement

Alleged Geisinger hacker will defend himself pro se.

What's that old adage about someone defending themself instead of using a lawyer? That they have a fool for a client?

I've uploaded two of his filings -- the motion to defend pro se, which was granted, and now an emergency motion to be temporarily released from prison because... well, he gives some reasons. You'll see.

https://databreaches.net/2025/06/18/alleged-geisinger-hacker-will-defend-himself-pro-se/

And fwiw, Nuance never responded to my inquiries at the time of his arrest asking about what kind of background check they had done because his history revealed a number of past run-ins with the law.

#databreach #healthsec #businessassociate #HIPAA #insiderthreat #idtheft #fraud

Odoo Employee Database Allegedly Leaked by Insider, For Sale on Dark Web https://dailydarkweb.net/odoo-employee-database-allegedly-leaked-by-insider-for-sale-on-dark-web/ #CyberSecurity #insiderthreat #DataBreaches #employeedata #allegedleak #ERPsoftware #databreach #darkweb #Odoo

HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan

[It's an insider wrongdoing case from 2018 that we never heard about at the time]

https://databreaches.net/2025/05/29/hhs-ocr-settles-hipaa-security-rule-investigation-baycare-health-system-for-800k-and-corrective-action-plan/

#HIPAA #SecurityRule #InsiderThreat #HHS #HHSOCR #BayCare

How well do you know your remote IT worker? https://www.helpnetsecurity.com/2025/05/27/fake-it-workers-cybersecurity-threat/ #cybersecurity #insiderthreat #remoteworking #NorthKorea #Don'tmiss #Hotstuff #threat #News #tips

York County, Pennsylvania incident:

An employee of a vendor that had been hired to develop software for York County Civil Courts was provided “with certain York County Civil Courts data to use for software development and testing purposes. The employee subsequently left the vendor’s employment without returning this data,” according to the county's press release.

So it seems they gave the vendor's employee REAL data to use for development and testing -- with "contact information, Social Security numbers, driver’s license or state ID card numbers, financial and medical information"

And of course, there's no evidence of misuse, but they have referred the matter to law enforcement.....

h/t, https://www.pennlive.com/news/2025/05/central-pa-county-alerts-residents-of-potential-data-leak.html

#infosecurity #govsec #insiderthreat

Today's reminder of the #insiderthreat

Some great reporting by Jason Leopold about how an insider incident at govt contractor #Opexus was the root of a massive federal #databreach

Original source: https://news.bloomberglaw.com/tech-and-telecom-law/probe-found-security-lapses-led-to-us-contractors-data-breach

Nonpaywalled source: https://www.insurancejournal.com/news/national/2025/05/21/824641.htm

DataBreaches.net had reported on the Akhter twins' arrest and conviction for an earlier insider breach back in 2015. Link to past coverage of them: https://databreaches.net/?s=akhter

Coinbase Says Rogue Contractor Data Breach Affects 69,461 Users https://www.securityweek.com/coinbase-says-rogue-contractor-data-breach-affects-69461-users/ #IncidentResponse #cryptocurrency #dataextortion #InsiderThreat #DataBreaches #Phishing #Coinbase #Maine

Coinbase Says Rogue Contractor Data Breach Affects 69,461 Users https://www.securityweek.com/coinbase-says-rogue-contractor-data-breach-affects-69461-users/ #IncidentResponse #cryptocurrency #dataextortion #InsiderThreat #DataBreaches #Phishing #Coinbase #Maine

Coinbase suffers data breach, gets extorted (but won’t pay) https://www.helpnetsecurity.com/2025/05/15/coinbase-suffers-data-breach-gets-extorted/ #cryptocurrencyexchange #insiderthreat #cybercrime #databreach #Don'tmiss #extortion #Hotstuff #Coinbase #News

Insider risk management needs a human strategy https://www.helpnetsecurity.com/2025/05/14/insider-risk-management-human-strategy/ #PraxisSecurityLabs #riskmanagement #accesscontrol #cybersecurity #insiderthreat #Don'tmiss #cyberrisk #Features #Hotstuff #Capterra #Protasec #strategy #Veracode #KaiRoer #opinion #Code42 #Ivanti #News #CISO #MIND #tips

Insider risk management needs a human strategy https://www.helpnetsecurity.com/2025/05/14/insider-risk-management-human-strategy/ #PraxisSecurityLabs #riskmanagement #accesscontrol #cybersecurity #insiderthreat #Don'tmiss #cyberrisk #Features #Hotstuff #Capterra #Protasec #strategy #Veracode #KaiRoer #opinion #Code42 #Ivanti #News #CISO #MIND #tips

Insider risk management needs a human strategy https://www.helpnetsecurity.com/2025/05/14/insider-risk-management-human-strategy/ #PraxisSecurityLabs #riskmanagement #accesscontrol #cybersecurity #insiderthreat #Don'tmiss #cyberrisk #Features #Hotstuff #Capterra #Protasec #strategy #Veracode #KaiRoer #opinion #Code42 #Ivanti #News #CISO #MIND #tips

Insider risk management needs a human strategy https://www.helpnetsecurity.com/2025/05/14/insider-risk-management-human-strategy/ #PraxisSecurityLabs #riskmanagement #accesscontrol #cybersecurity #insiderthreat #Don'tmiss #cyberrisk #Features #Hotstuff #Capterra #Protasec #strategy #Veracode #KaiRoer #opinion #Code42 #Ivanti #News #CISO #MIND #tips

Layoffs pose a cybersecurity risk: Here’s why offboarding matters https://www.helpnetsecurity.com/2025/05/12/offboarding-employees-security-risks/ #cybersecurity #insiderthreat #Don'tmiss #cyberrisk #JumpCloud #Video #video #News

Two Hacks, One Empire: The Cyber Assaults Disney Didn’t See Coming https://hackread.com/two-hacks-one-empire-cyber-attacks-disney-coming/ #EmployeeTraining #Cybersecurity #InsiderThreat #CyberAttacks #HackingNews #CyberAttack #CyberCrime #databreach #Security #Disney #AI

Two Hacks, One Empire: The Cyber Assaults Disney Didn’t See Coming – Source:hackread.com https://ciso2ciso.com/two-hacks-one-empire-the-cyber-assaults-disney-didnt-see-coming-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #EmployeeTraining #cybersecurity #InsiderThreat #CyberAttacks #CyberAttack #HackingNews #CyberCrime #DataBreach #Hackread #security #Disney #AI

Today's reminder of the insider threat involves a pharmacist in Maryland who over a period of 8 years or more, used keyloggers and installed spyware on about 400 computers at the University of Maryland Medical System so he could spy on female co-workers in private moments at work (such as changing clothes, breastfeeding their babies), and in their homes. He was reportedly fired in October 2024, and was able to get another job in another healthcare facility in Maryland because there has been no criminal charges filed against him yet and UMMS apparently didn't alert his new employer.

If Maryland law is like my state's laws, the hospital may be barred legally from revealing what happened if asked for a recommendation by the new employer. And it seems the Maryland state pharmacy board can't just suspend a license unless there's been a conviction, so the failure to have criminal charges filed already seems to have put more potential victims at risk.

Unsurprisingly, a potential class action lawsuit has already been filed against UMMS with six plaintiffs so far. There are estimates that there are more than 80 victims of the now-former employee.

Some of the media coverage on the case: https://thedailyrecord.com/2025/04/04/six-women-sue-umms-claiming-staffer-spied-on-them-after-security-breach/

#InsiderThreat #keylogger #workplace #privacy #infosec

North Korean IT workers set their sights on European organizations https://www.helpnetsecurity.com/2025/04/02/north-korean-it-workers-target-europe/ #webapplication #webdevelopment #insiderthreat #blockchain #NorthKorea #Don'tmiss #datatheft #extortion #Hotstuff #News #CMS #EU #UK

The North Koreans and Russians have been busy, Insiders abound, and attacker tradecraft continues to evolve!

Catch all this and more in our latest wrap-up of the day's news:

🗞️ https://opalsec.io/daily-news-update-monday-april-1-2025-australia-melbourne/

There are a few noteworthy stories to get across - here's the TL;DR to get you up to speed:

🕵️ North Korean Infiltration: This is way bigger than many think. DPRK nationals are landing jobs inside global companies, gaining privileged access ("keys to the kingdom" level!). DTEX reports active investigations in 7% of their Fortune Global 2000 clients, and CrowdStrike notes nearly 40% of their NK-related IR cases involved insiders. They move fast post-hire, pivoting to supply chains and installing RATs disguised as onboarding. Watch out for highly anomalous login behaviour (like days-long sessions!). Rigorous remote hiring checks (camera on, resume checks, comms style) are crucial.

🎣 ClickFix Tactics by Lazarus: The infamous North Korean group is evolving its 'Contagious Interview' campaign (now dubbed 'ClickFake' by Sekoia). They're targeting crypto job seekers (shifting focus to non-tech roles too!) with fake website/document errors ('ClickFix'). These prompt users to run PowerShell/curl commands, dropping the 'GolangGhost' backdoor. Watch out for lures impersonating giants like Coinbase or Kraken. Sekoia has shared YARA rules – definitely worth checking out.

💻 WordPress MU-Plugin Abuse: Bad actors are getting stealthy by hiding malicious code in WordPress "Must-Use Plugins" (wp-content/mu-plugins/). These execute automatically on every page load without activation, making them hard to spot. Sucuri is seeing redirects to fake browser updates, webshell backdoors fetching code from GitHub, and JS hijackers replacing content or links. Keep those instances patched, clean up unused plugins/themes, and lock down admin accounts (MFA!).

Check out what else happened in the past 24 hours, and subscribe to get each edition straight to your inbox:
📨 https://opalsec.io/daily-news-update-monday-april-1-2025-australia-melbourne/#/portal/signup

#CyberSecurity #InfoSec #ThreatIntelligence #Hacking #DataBreach #Phishing #Malware #WordPress #NorthKorea #Russia #Ukraine #AI #SecurityCopilot #GRUB2 #Bootloaders #InsiderThreat #DataProtection #CyberAttack #infosecurity #cybersecuritynews #ClickFix

Man found guilty of planting infinite loop logic bomb on ex-employer’s system – Source: www.bitdefender.com https://ciso2ciso.com/man-found-guilty-of-planting-infinite-loop-logic-bomb-on-ex-employers-system-source-www-bitdefender-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #grahamcluleycom #insiderthreat #Grahamcluley #Guestblog #Lawℴ #logicbomb #Malware

Man found guilty of planting infinite loop logic bomb on ex-employer’s system https://www.bitdefender.com/en-us/blog/hotforsecurity/man-found-guilty-of-planting-infinite-loop-logic-bomb-on-ex-employers-system #insiderthreat #Guestblog #Lawℴ #logicbomb #Malware