home.social

#thirdpartyrisk — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #thirdpartyrisk, aggregated by home.social.

  1. Der Fall von C.A. Cloud Attribution zeigt deutlich, wie professionell und international organisierte Tech-Support-Betrugsnetzwerke heute operieren. Cybercrime ist längst kein Einzelfall von Hackern mehr, sondern umfasst komplexe Geschäftsmodelle mit globalen Callcentern, Telemarketing-Systemen und digitaler Infrastruktur. 👇

    #cybercrime #datenbetrug #malware #telefonbetrug #scamnetzwerk #onlinebetrug #digitalesicherheit #callcenterbetrug #socialengineering #identitätsdiebstahl #thirdpartyrisk #cybersecuritytips #itsicherheit

    teufelswerk.net/cybercrime-im-

  2. Der Fall von C.A. Cloud Attribution zeigt deutlich, wie professionell und international organisierte Tech-Support-Betrugsnetzwerke heute operieren. Cybercrime ist längst kein Einzelfall von Hackern mehr, sondern umfasst komplexe Geschäftsmodelle mit globalen Callcentern, Telemarketing-Systemen und digitaler Infrastruktur. 👇

    #cybercrime #datenbetrug #malware #telefonbetrug #scamnetzwerk #onlinebetrug #digitalesicherheit #callcenterbetrug #socialengineering #identitätsdiebstahl #thirdpartyrisk #cybersecuritytips #itsicherheit

    teufelswerk.net/cybercrime-im-

  3. Der Fall von C.A. Cloud Attribution zeigt deutlich, wie professionell und international organisierte Tech-Support-Betrugsnetzwerke heute operieren. Cybercrime ist längst kein Einzelfall von Hackern mehr, sondern umfasst komplexe Geschäftsmodelle mit globalen Callcentern, Telemarketing-Systemen und digitaler Infrastruktur. 👇

    #cybercrime #datenbetrug #malware #telefonbetrug #scamnetzwerk #onlinebetrug #digitalesicherheit #callcenterbetrug #socialengineering #identitätsdiebstahl #thirdpartyrisk #cybersecuritytips #itsicherheit

    teufelswerk.net/cybercrime-im-

  4. Der Fall von C.A. Cloud Attribution zeigt deutlich, wie professionell und international organisierte Tech-Support-Betrugsnetzwerke heute operieren. Cybercrime ist längst kein Einzelfall von Hackern mehr, sondern umfasst komplexe Geschäftsmodelle mit globalen Callcentern, Telemarketing-Systemen und digitaler Infrastruktur. 👇

    #cybercrime #datenbetrug #malware #telefonbetrug #scamnetzwerk #onlinebetrug #digitalesicherheit #callcenterbetrug #socialengineering #identitätsdiebstahl #thirdpartyrisk #cybersecuritytips #itsicherheit

    teufelswerk.net/cybercrime-im-

  5. Der Fall von C.A. Cloud Attribution zeigt deutlich, wie professionell und international organisierte Tech-Support-Betrugsnetzwerke heute operieren. Cybercrime ist längst kein Einzelfall von Hackern mehr, sondern umfasst komplexe Geschäftsmodelle mit globalen Callcentern, Telemarketing-Systemen und digitaler Infrastruktur. 👇

    #cybercrime #datenbetrug #malware #telefonbetrug #scamnetzwerk #onlinebetrug #digitalesicherheit #callcenterbetrug #socialengineering #identitätsdiebstahl #thirdpartyrisk #cybersecuritytips #itsicherheit

    teufelswerk.net/cybercrime-im-

  6. NYC Health Breach Exposes 1.8M Patients' Sensitive Data

    A massive data breach at NYC Health + Hospitals has exposed the sensitive information of 1.8 million patients, highlighting the alarming vulnerability of personal data in the healthcare system. This incident serves as a stark reminder of the devastating consequences of a breach, especially when it comes to biometric data that can never be truly…

    osintsights.com/nyc-health-bre

    #Healthcare #NycHealth #DataBreach #BiometricData #ThirdpartyRisk

  7. Nachdem es gestern etwas Probleme mit dem #dns und der #denic gab, ist es heute an der Zeit mal die Risikobewertung zu aktualisieren…

    #thirdpartyrisk #compliance

  8. Vimeo Breach Exposes 119,000 Email Addresses

    A data breach at Vimeo has compromised the email addresses of over 119,000 users, with hackers also accessing some metadata and technical data from a third-party analytics vendor. Fortunately, no video content, login credentials, or payment card information was stolen.

    osintsights.com/vimeo-breach-e

    #DataBreach #Vimeo #ThirdpartyRisk #SupplyChain #EmergingThreats

  9. Taboola Exploits Banking Sessions to Route Users to Temu Tracking Endpoint

    Imagine a single line of code secretly redirecting people logged into their bank accounts to a commercial tracking site - that's what happened when a bank unknowingly approved a Taboola pixel that sent users to a Temu tracking endpoint. This sneaky exploit slipped past security controls, leaving both the bank and…

    osintsights.com/taboola-exploi

    #ThirdpartyRisk #SupplyChain #SessionHijacking #TrackingExploit #BankingSecurity

  10. McGraw Hill Breach Exposed by Salesforce Setup Flaw

    A configuration error in Salesforce, a widely used customer relationship management platform, led to a data breach at McGraw Hill, exposing customer data and raising questions about vendor services and data stewardship. The incident highlights the importance of proper setup and management of third-party services to protect sensitive…

    osintsights.com/mcgraw-hill-br

    #DataBreach #Salesforce #ThirdpartyRisk #EducationSector #ConfigurationError

  11. 🔐 Cyber Tip: Know your vendors’ cybersecurity posture. Third party risk is real.

    A weak partner can become your breach point. Vet security practices and require accountability.

    zurl.co/qAPTn

    #Zevonix #CyberSecurity #ThirdPartyRisk #DaytonaBeach

  12. 🔐 Cyber Tip: Know your vendors’ cybersecurity posture. Third party risk is real.

    A weak partner can become your breach point. Vet security practices and require accountability.

    zurl.co/qAPTn

    #Zevonix #CyberSecurity #ThirdPartyRisk #DaytonaBeach

  13. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  14. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  15. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  16. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  17. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  18. Third-party ecosystems are structurally exposed.
    Black Kite’s 2026 report reframes supply chain cyber risk from “weakest link” theory to concentration dynamics.

    Key systemic indicators:
    • 5.28 downstream victims per breach (2025 average)
    • 10-day median detection vs. 73-day median disclosure
    • 53%+ organizations with at least one critical vulnerability
    • 23%+ with corporate credentials exposed

    Top 50 shared vendors:
    – 70% KEV exposure
    – 84% CVSS ≥ 8
    – 62% stealer-log credential presence
    – 52% breach history

    Shared infrastructure nodes are now strategic attack surfaces.
    Security teams must shift toward:
    Dependency mapping
    Concentration analytics
    Active intelligence monitoring
    Exposure propagation modeling
    Is your organization modeling systemic fragility — or auditing in isolation?

    Source: blackkite.com/press-releases/b

    Engage below.
    Follow TechNadu for advanced infosec, vendor risk, and threat intelligence coverage.

    #Infosec #ThirdPartyRisk #VendorSecurity #ThreatIntelligence #CISAKEV #CyberExposure #Ransomware #SupplyChainSecurity #SecurityEngineering #CyberResilience #RiskAnalytics

  19. Third-party ecosystems are structurally exposed.
    Black Kite’s 2026 report reframes supply chain cyber risk from “weakest link” theory to concentration dynamics.

    Key systemic indicators:
    • 5.28 downstream victims per breach (2025 average)
    • 10-day median detection vs. 73-day median disclosure
    • 53%+ organizations with at least one critical vulnerability
    • 23%+ with corporate credentials exposed

    Top 50 shared vendors:
    – 70% KEV exposure
    – 84% CVSS ≥ 8
    – 62% stealer-log credential presence
    – 52% breach history

    Shared infrastructure nodes are now strategic attack surfaces.
    Security teams must shift toward:
    Dependency mapping
    Concentration analytics
    Active intelligence monitoring
    Exposure propagation modeling
    Is your organization modeling systemic fragility — or auditing in isolation?

    Source: blackkite.com/press-releases/b

    Engage below.
    Follow TechNadu for advanced infosec, vendor risk, and threat intelligence coverage.

    #Infosec #ThirdPartyRisk #VendorSecurity #ThreatIntelligence #CISAKEV #CyberExposure #Ransomware #SupplyChainSecurity #SecurityEngineering #CyberResilience #RiskAnalytics

  20. Third-party ecosystems are structurally exposed.
    Black Kite’s 2026 report reframes supply chain cyber risk from “weakest link” theory to concentration dynamics.

    Key systemic indicators:
    • 5.28 downstream victims per breach (2025 average)
    • 10-day median detection vs. 73-day median disclosure
    • 53%+ organizations with at least one critical vulnerability
    • 23%+ with corporate credentials exposed

    Top 50 shared vendors:
    – 70% KEV exposure
    – 84% CVSS ≥ 8
    – 62% stealer-log credential presence
    – 52% breach history

    Shared infrastructure nodes are now strategic attack surfaces.
    Security teams must shift toward:
    Dependency mapping
    Concentration analytics
    Active intelligence monitoring
    Exposure propagation modeling
    Is your organization modeling systemic fragility — or auditing in isolation?

    Source: blackkite.com/press-releases/b

    Engage below.
    Follow TechNadu for advanced infosec, vendor risk, and threat intelligence coverage.

    #Infosec #ThirdPartyRisk #VendorSecurity #ThreatIntelligence #CISAKEV #CyberExposure #Ransomware #SupplyChainSecurity #SecurityEngineering #CyberResilience #RiskAnalytics

  21. Third-party ecosystems are structurally exposed.
    Black Kite’s 2026 report reframes supply chain cyber risk from “weakest link” theory to concentration dynamics.

    Key systemic indicators:
    • 5.28 downstream victims per breach (2025 average)
    • 10-day median detection vs. 73-day median disclosure
    • 53%+ organizations with at least one critical vulnerability
    • 23%+ with corporate credentials exposed

    Top 50 shared vendors:
    – 70% KEV exposure
    – 84% CVSS ≥ 8
    – 62% stealer-log credential presence
    – 52% breach history

    Shared infrastructure nodes are now strategic attack surfaces.
    Security teams must shift toward:
    Dependency mapping
    Concentration analytics
    Active intelligence monitoring
    Exposure propagation modeling
    Is your organization modeling systemic fragility — or auditing in isolation?

    Source: blackkite.com/press-releases/b

    Engage below.
    Follow TechNadu for advanced infosec, vendor risk, and threat intelligence coverage.

    #Infosec #ThirdPartyRisk #VendorSecurity #ThreatIntelligence #CISAKEV #CyberExposure #Ransomware #SupplyChainSecurity #SecurityEngineering #CyberResilience #RiskAnalytics

  22. Third-party breach, 38M impacted, European e-commerce sector.
    ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
    Authorities notified: CNIL, ANSSI.
    Passwords not reportedly accessed.
    Subcontractor access revoked.

    Key risk vectors:
    – SaaS support platforms
    – Vendor access governance
    – Over-retention of ticketing data
    – Centralized customer communication logs
    – Supply chain attack surface expansion

    This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

    How mature is your third-party risk telemetry?
    Engage below.

    Source: bleepingcomputer.com/news/secu

    Follow @technadu for high-signal infosec reporting.

    Repost to amplify awareness across the security community.

    #Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

  23. Third-party breach, 38M impacted, European e-commerce sector.
    ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
    Authorities notified: CNIL, ANSSI.
    Passwords not reportedly accessed.
    Subcontractor access revoked.

    Key risk vectors:
    – SaaS support platforms
    – Vendor access governance
    – Over-retention of ticketing data
    – Centralized customer communication logs
    – Supply chain attack surface expansion

    This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

    How mature is your third-party risk telemetry?
    Engage below.

    Source: bleepingcomputer.com/news/secu

    Follow @technadu for high-signal infosec reporting.

    Repost to amplify awareness across the security community.

    #Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

  24. Third-party breach, 38M impacted, European e-commerce sector.
    ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
    Authorities notified: CNIL, ANSSI.
    Passwords not reportedly accessed.
    Subcontractor access revoked.

    Key risk vectors:
    – SaaS support platforms
    – Vendor access governance
    – Over-retention of ticketing data
    – Centralized customer communication logs
    – Supply chain attack surface expansion

    This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

    How mature is your third-party risk telemetry?
    Engage below.

    Source: bleepingcomputer.com/news/secu

    Follow @technadu for high-signal infosec reporting.

    Repost to amplify awareness across the security community.

    #Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

  25. Third-party breach, 38M impacted, European e-commerce sector.
    ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
    Authorities notified: CNIL, ANSSI.
    Passwords not reportedly accessed.
    Subcontractor access revoked.

    Key risk vectors:
    – SaaS support platforms
    – Vendor access governance
    – Over-retention of ticketing data
    – Centralized customer communication logs
    – Supply chain attack surface expansion

    This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

    How mature is your third-party risk telemetry?
    Engage below.

    Source: bleepingcomputer.com/news/secu

    Follow @technadu for high-signal infosec reporting.

    Repost to amplify awareness across the security community.

    #Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

  26. An alleged ransomware incident involving Apple partner Luxshare highlights ongoing supply-chain exposure risks.

    RansomHub claims access to internal engineering data, though details remain unverified and no confirmation has been issued by the company.

    The case reinforces the importance of third-party risk management, incident verification, and measured public communication.

    Follow TechNadu for factual, non-speculative cybersecurity reporting.

    #Infosec #Ransomware #SupplyChainSecurity #ThirdPartyRisk #CyberSecurity #TechNadu

  27. Anchorage Police Department shut down specific servers and disabled vendor access after being notified that a third-party service provider was targeted in a cyber incident.

    The department reports:
    • No evidence of compromise to internal systems
    • Proactive isolation and data removal measures
    • Ongoing third-party investigation

    This incident reinforces the importance of third-party risk visibility, contractual security controls, and rapid containment - even when direct impact is not confirmed.

    How do you approach precautionary response when vendor exposure is suspected but unverified?

    Source: dysruptionhub.com/anchorage-po

    Share insights and follow @technadu for measured, fact-based security reporting.

    #InfoSec #ThirdPartyRisk #IncidentResponse #PublicSectorSecurity #CyberGovernance #TechNadu

  28. Anchorage Police Department shut down specific servers and disabled vendor access after being notified that a third-party service provider was targeted in a cyber incident.

    The department reports:
    • No evidence of compromise to internal systems
    • Proactive isolation and data removal measures
    • Ongoing third-party investigation

    This incident reinforces the importance of third-party risk visibility, contractual security controls, and rapid containment - even when direct impact is not confirmed.

    How do you approach precautionary response when vendor exposure is suspected but unverified?

    Source: dysruptionhub.com/anchorage-po

    Share insights and follow @technadu for measured, fact-based security reporting.

    #InfoSec #ThirdPartyRisk #IncidentResponse #PublicSectorSecurity #CyberGovernance #TechNadu

  29. Anchorage Police Department shut down specific servers and disabled vendor access after being notified that a third-party service provider was targeted in a cyber incident.

    The department reports:
    • No evidence of compromise to internal systems
    • Proactive isolation and data removal measures
    • Ongoing third-party investigation

    This incident reinforces the importance of third-party risk visibility, contractual security controls, and rapid containment - even when direct impact is not confirmed.

    How do you approach precautionary response when vendor exposure is suspected but unverified?

    Source: dysruptionhub.com/anchorage-po

    Share insights and follow @technadu for measured, fact-based security reporting.

    #InfoSec #ThirdPartyRisk #IncidentResponse #PublicSectorSecurity #CyberGovernance #TechNadu

  30. Anchorage Police Department shut down specific servers and disabled vendor access after being notified that a third-party service provider was targeted in a cyber incident.

    The department reports:
    • No evidence of compromise to internal systems
    • Proactive isolation and data removal measures
    • Ongoing third-party investigation

    This incident reinforces the importance of third-party risk visibility, contractual security controls, and rapid containment - even when direct impact is not confirmed.

    How do you approach precautionary response when vendor exposure is suspected but unverified?

    Source: dysruptionhub.com/anchorage-po

    Share insights and follow @technadu for measured, fact-based security reporting.

    #InfoSec #ThirdPartyRisk #IncidentResponse #PublicSectorSecurity #CyberGovernance #TechNadu

  31. ESA is assessing claims of a data exposure involving hundreds of gigabytes of internal and contractor-linked information, following a prior incident disclosed weeks earlier.

    Alleged data types include operational procedures, satellite system documentation, and third-party materials - highlighting challenges around:
    Long-term identity and access management
    Vendor and contractor trust boundaries
    Monitoring across complex, distributed environments

    This case reinforces the importance of continuous risk assessment and defense-in-depth, especially for organizations supporting critical infrastructure and research missions.

    What defensive control would you prioritize in environments like this?

    Source: theregister.com/2026/01/07/eur

    Engage in the discussion and follow TechNadu for objective InfoSec reporting.

    #InfoSec #CyberDefense #ThirdPartyRisk #CriticalInfrastructure #SecurityOperations #TechNadu

  32. Ledger has disclosed a customer data exposure related to a third-party payment processor, Global-e, involving personal contact information.

    The incident underscores persistent third-party risk challenges, particularly where external services process or store customer data. Vendor security posture and contractual controls remain critical components of overall risk management.

    From an infosec standpoint, what controls best reduce downstream exposure from partners?

    Source: linkedin.com/posts/hackmanac_c

    Share insights and follow @technadu for objective infosec coverage.

    #ThirdPartyRisk #DataProtection #CryptoSecurity #Infosec #PrivacyEngineering #VendorManagement

  33. Ledger has disclosed a customer data exposure related to a third-party payment processor, Global-e, involving personal contact information.

    The incident underscores persistent third-party risk challenges, particularly where external services process or store customer data. Vendor security posture and contractual controls remain critical components of overall risk management.

    From an infosec standpoint, what controls best reduce downstream exposure from partners?

    Source: linkedin.com/posts/hackmanac_c

    Share insights and follow @technadu for objective infosec coverage.

    #ThirdPartyRisk #DataProtection #CryptoSecurity #Infosec #PrivacyEngineering #VendorManagement

  34. Ledger has disclosed a customer data exposure related to a third-party payment processor, Global-e, involving personal contact information.

    The incident underscores persistent third-party risk challenges, particularly where external services process or store customer data. Vendor security posture and contractual controls remain critical components of overall risk management.

    From an infosec standpoint, what controls best reduce downstream exposure from partners?

    Source: linkedin.com/posts/hackmanac_c

    Share insights and follow @technadu for objective infosec coverage.

    #ThirdPartyRisk #DataProtection #CryptoSecurity #Infosec #PrivacyEngineering #VendorManagement

  35. Ledger has disclosed a customer data exposure related to a third-party payment processor, Global-e, involving personal contact information.

    The incident underscores persistent third-party risk challenges, particularly where external services process or store customer data. Vendor security posture and contractual controls remain critical components of overall risk management.

    From an infosec standpoint, what controls best reduce downstream exposure from partners?

    Source: linkedin.com/posts/hackmanac_c

    Share insights and follow @technadu for objective infosec coverage.

    #ThirdPartyRisk #DataProtection #CryptoSecurity #Infosec #PrivacyEngineering #VendorManagement

  36. Marquis Software ransomware attack has exposed sensitive customer data across multiple U.S. banks.

    • Vendor-level breach
    • SSNs & financial data exfiltrated
    • Up to 1.35M individuals potentially impacted

    technadu.com/marquis-software-

    #InfoSec #Ransomware #ThirdPartyRisk #BankingSecurity

  37. Marquis Software ransomware attack has exposed sensitive customer data across multiple U.S. banks.

    • Vendor-level breach
    • SSNs & financial data exfiltrated
    • Up to 1.35M individuals potentially impacted

    technadu.com/marquis-software-

    #InfoSec #Ransomware #ThirdPartyRisk #BankingSecurity

  38. Marquis Software ransomware attack has exposed sensitive customer data across multiple U.S. banks.

    • Vendor-level breach
    • SSNs & financial data exfiltrated
    • Up to 1.35M individuals potentially impacted

    technadu.com/marquis-software-

    #InfoSec #Ransomware #ThirdPartyRisk #BankingSecurity

  39. Marquis Software ransomware attack has exposed sensitive customer data across multiple U.S. banks.

    • Vendor-level breach
    • SSNs & financial data exfiltrated
    • Up to 1.35M individuals potentially impacted

    technadu.com/marquis-software-

    #InfoSec #Ransomware #ThirdPartyRisk #BankingSecurity

  40. 🤝 Your business is only as secure as your vendors.
    ⚠️ Third-party risks are real—always check your vendors’ cybersecurity posture.
    👉 zurl.co/dsvgN

    #CyberSecurity #ThirdPartyRisk #VendorManagement #Zevonix

  41. 🤝 Your business is only as secure as your vendors.
    ⚠️ Third-party risks are real—always check your vendors’ cybersecurity posture.
    👉 zurl.co/dsvgN

    #CyberSecurity #ThirdPartyRisk #VendorManagement #Zevonix

  42. A single “smart” device with undocumented connectivity can quietly tunnel out of your network—and most organizations don’t discover it until something goes wrong.

    On the latest Cyberside Chats episode, Sherri Davidoff and Matt Durrin walk through real-world scenarios where hidden radios, cloud paths, and offshore update servers slipped in through routine hardware purchases. They explain how simple policies, ABOM requirements, and smart segmentation can stop these surprises before they become security incidents.

    Listen here: chatcyberside.com/e/chinas-hid

    Watch the video: youtu.be/WYq6YTqanA4

    #CybersideChats #HardwareRisk #SupplyChainSecurity #ThirdPartyRisk #ABOM #NetworkSecurity #FirmwareIntegrity #ConnectedTech

  43. A single “smart” device with undocumented connectivity can quietly tunnel out of your network—and most organizations don’t discover it until something goes wrong.

    On the latest Cyberside Chats episode, Sherri Davidoff and Matt Durrin walk through real-world scenarios where hidden radios, cloud paths, and offshore update servers slipped in through routine hardware purchases. They explain how simple policies, ABOM requirements, and smart segmentation can stop these surprises before they become security incidents.

    Listen here: chatcyberside.com/e/chinas-hid

    Watch the video: youtu.be/WYq6YTqanA4

    #CybersideChats #HardwareRisk #SupplyChainSecurity #ThirdPartyRisk #ABOM #NetworkSecurity #FirmwareIntegrity #ConnectedTech

  44. A single “smart” device with undocumented connectivity can quietly tunnel out of your network—and most organizations don’t discover it until something goes wrong.

    On the latest Cyberside Chats episode, Sherri Davidoff and Matt Durrin walk through real-world scenarios where hidden radios, cloud paths, and offshore update servers slipped in through routine hardware purchases. They explain how simple policies, ABOM requirements, and smart segmentation can stop these surprises before they become security incidents.

    Listen here: chatcyberside.com/e/chinas-hid

    Watch the video: youtu.be/WYq6YTqanA4

    #CybersideChats #HardwareRisk #SupplyChainSecurity #ThirdPartyRisk #ABOM #NetworkSecurity #FirmwareIntegrity #ConnectedTech

  45. When security assessments leak, the fallout can eclipse the original incident.

    In our latest Cyberside Chats episode on the Louvre heist, Sherri Davidoff and Matt Durrin dig into how exposed audit findings fueled public scrutiny and what every organization should learn from it.

    If you want to hear how a seven-minute robbery turned into a reputational firestorm — and how to keep your own reports from becoming headlines — listen to the full podcast here: chatcyberside.com/e/louvre-hei

    #Cybersecurity #InformationSecurity #ReputationalRisk #SecurityAudits #DataProtection #ThirdPartyRisk #IncidentResponse #CyberRisk

  46. When security assessments leak, the fallout can eclipse the original incident.

    In our latest Cyberside Chats episode on the Louvre heist, Sherri Davidoff and Matt Durrin dig into how exposed audit findings fueled public scrutiny and what every organization should learn from it.

    If you want to hear how a seven-minute robbery turned into a reputational firestorm — and how to keep your own reports from becoming headlines — listen to the full podcast here: chatcyberside.com/e/louvre-hei

    #Cybersecurity #InformationSecurity #ReputationalRisk #SecurityAudits #DataProtection #ThirdPartyRisk #IncidentResponse #CyberRisk

  47. When security assessments leak, the fallout can eclipse the original incident.

    In our latest Cyberside Chats episode on the Louvre heist, Sherri Davidoff and Matt Durrin dig into how exposed audit findings fueled public scrutiny and what every organization should learn from it.

    If you want to hear how a seven-minute robbery turned into a reputational firestorm — and how to keep your own reports from becoming headlines — listen to the full podcast here: chatcyberside.com/e/louvre-hei

    #Cybersecurity #InformationSecurity #ReputationalRisk #SecurityAudits #DataProtection #ThirdPartyRisk #IncidentResponse #CyberRisk

  48. Cyberangriff auf Renault – wieder war’s nicht die interne IT, sondern ein externer Dienstleister. Wie IT-Daily berichtet, erfolgte der Einbruch nicht über Renaults eigene Systeme, sondern über einen Drittanbieter. Das ist kein Ausreißer mehr – es ist ein Muster: Unternehmen schützen ihre eigenen Firewalls, Update-Strategien, Monitoring, doch der Zulieferer ist der schwächste Punkt. #CyberSecurity #SupplyChain #ThirdPartyRisk #Cyberangriff #Renault #ZeroTrust #ITSecurity #Lieferkette #Ransomware