Mastodawn

Aug 22, 2025

Another case of third party risk biting hard. APCS, a major background check provider, is dealing with a breach traced to its software supplier Intradev. The exposed data includes passport, license, and national insurance details, which is a nightmare in terms of fraud risk. Once again, sensitive personal data ends up vulnerable not through the primary service but through a vendor down the chain.

TL;DR
⚠️ Supplier compromise
🛠️ Sensitive IDs exposed
🔍 ICO now investigating
📌 Financial data spared (so far)

https://www.theregister.com/2025/08/22/apcs_breach/
#cybersecurity #databreach #riskmanagement #infosec #security #privacy #cloud #infosec #3rdPartyRisk

Criminal background checker APCS faces data breach

Exclusive: The attack first affected an upstream provider of bespoke software

The Register

Brian Greenberg

Jul 23, 2025

A new Clorox lawsuit shows that our biggest security risk remains people, not technology. Attackers from Scattered Spider simply phoned the the Clorox helpdesk run by Cognizant and just asked them for passwords.... and they gave them up! Hackers didn't need deep tech skills, just weak verification from Cognizant. 🤬

TL;DR
⚠️ Attackers phoned in to get passwords with no checks
🔐 Lack of identity verification is a major failure point
🛠️ Companies must tighten help desk protocols and training
📌 Liability can ripple far beyond breach response costs

https://www.reuters.com/legal/government/lawsuit-says-clorox-hackers-got-passwords-simply-by-asking-2025-07-22/
#cybersecurity #socialengineering #helpdesksecurity #riskmanagement #security #privacy #cloud #infosec #3rdPartyRisk #OutsourcingFail

ITSEC News Jan 12, 2022

Ransomware Damage Claims Driving Insurance Hikes - The costs of cyber insurance policies are rising exponentially while underwriters... https://securityweekly.com/2022/01/12/ransomware-damage-claims-driving-insurance-hikes/?utm_source=rss&utm_medium=rss&utm_campaign=ransomware-damage-claims-driving-insurance-hikes #exploitprevention #3rdpartyrisk #compliance #articles

Ransomware Damage Claims Driving Insurance Hikes - Security Weekly

The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in […]

Security Weekly

ITSEC News Jun 23, 2021

Making the Case for Supply Chain Behavior Transparency - The Biden Administration’s Cyber Executive Order includes a Software Bill of Mate... http://feedproxy.google.com/~r/securityweekly/XBIC/~3/h4jGRbifZy0/ #networktrafficanalysis #applicationsecurity #intrusiondetection #securityoperations #threatintelligence #incidentresponse #cloudsecurity #3rdpartyrisk #articles #devops

Making the Case for Supply Chain Behavior Transparency - Security Weekly

The Biden Administration’s Cyber Executive Order includes a Software Bill of Materials (SBOM), an electronically readable format designed to provide an inventory of third-party components that make up software components. It is a critical and necessary first measure for protecting the software supply chain, but is it enough?One of the biggest challenges to supply chain transparency […]

ITSEC News Jun 21, 2021

How to Prevent Breaches by Protecting Your Attack Surface - Preventing breaches begins with understanding and protecting your attack surface.... http://feedproxy.google.com/~r/securityweekly/XBIC/~3/toNoCG7MuXY/ #applicationsecurity #penetrationtesting #attacksurfacemgmt #cloudsecurity #3rdpartyrisk #datasecurity #articles

How to Prevent Breaches by Protecting Your Attack Surface - Security Weekly

Preventing breaches begins with understanding and protecting your attack surface. For most enterprises, their attack surface is huge. To help wrangle it, security professionals have struggled for years to use tools such as network mapper (nmap) or vulnerability scanners to discover and test the security of internet-exposed assets; these typically present a path of least […]

ITSEC News Feb 21, 2021

Reading the Application Security Tea Leaves – How to Interpret the Analyst Reports - There are a number of industry analyst reports on application security. Each analyst firm and repo... http://feedproxy.google.com/~r/securityweekly/XBIC/~3/rx1jrvirhN4/ #configurationmanagement #vulnerabilitymanagement #applicationsecurity #containersecurity #assetmanagement #patchmanagement #cloudsecurity #3rdpartyrisk #articles #blueteam #devops

Reading the Application Security Tea Leaves – How to Interpret the Analyst Reports - Security Weekly

There are a number of industry analyst reports on application security. Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market. For example, the Forrester Wave focuses on Static Application Security Testing, the Gartner Magic Quadrant focuses on Application Security Testing as a whole, […]

ITSEC News Sep 4, 2019

Black Hat Interviews: NSS Labs and SaltStack – ESW #152 - Black Hat Interviews: NSS Labs and SaltStack
The post Black Hat Interviews: NSS Labs and SaltStack –... more: http://feedproxy.google.com/~r/securityweekly/XBIC/~3/rJiJzBFWhLQ/ #enterprisesecurityweekly #3rdpartyrisk #devops #other

Black Hat Interviews: NSS Labs and SaltStack - ESW #152 - Security Weekly

Black Hat Interviews: NSS Labs and SaltStack

Security Weekly