Episodes
This week, we discuss a data breach affecting Casio users in 149 countries, two zero-day vulnerabilities in Cisco’s IOS XE web user interface, a slew of legal action against Progress Software following the MOVEit Transfer breach, and an update on last month’s cyber attack on the International Criminal Court.
Published 10/23/23
Published 10/23/23
This week, we discuss another GDPR fine for TikTok relating to its processing of child users’ personal information, more data breaches caused by MOVEit Transfer, including Sony Interactive Entertainment, and the exposure of a mammoth 3.8 billion data records.
Published 10/06/23
This week, we discuss a cyber attack on MGM Resorts that has allegedly cost the company millions of dollars in revenue even before it began its remediation efforts, the leak of 38 terabytes of Microsoft data and a cyber attack on the International Criminal Court in The Hague.
Published 09/22/23
This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi.
Published 09/07/23
This week, we discuss “insider wrongdoing” at Tesla, a data breach affecting 2.6 million Duolingo users and the conclusion of a two-month court case against members of the Lapsus$ gang.
Published 08/24/23
This week, we discuss data breaches affecting the Electoral Commission and the Police Service of Northern Ireland, and the financial repercussions of Capita’s March ransomware incident.
Published 08/10/23
This week, we discuss the new EU adequacy decision for the US, based on the Data Privacy Framework (plus Max Schrems’s inevitable reaction), and a proposed UK-US ‘data bridge’; fixes for three more vulnerabilities in Progress Software’s MOVEit Transfer app; plus this month’s Patch Tuesday and other security updates.
Published 07/13/23
This week, we discuss 100,000 compromised ChatGPT credentials, a data breach affecting the LetMeSpy stalkerware app, and a potential security vulnerability in Microsoft Teams that could be exploited to spread malware. Plus, Alan Calder discusses the current cybersecurity and regulatory landscape, and how they affect organisations.
Published 06/29/23
This week, we discuss a data breach affecting users of Progress Software’s MOVEit file transfer app, GDPR fines for LinkedIn and Spotify, and the delay of Google Bard’s EU launch because of privacy concerns.
Published 06/15/23
This week, we discuss more organisations affected by Capita’s security issues, the security implications of 20 NHS trusts’ use of Meta Pixel, Meta’s €1.2 billion GDPR fine and its potential effects for other organisations, and the progress of the DPDI (No. 2) Bill. Plus, Alan Calder discusses cyber regtech and how organisations can use it to manage their regulatory compliance.
Published 06/01/23
This week, we look at the wider repercussions of the Capita ransomware attack, and how numerous clients have been affected, including the Universities Superannuation Scheme and other pension providers. Plus, accusations of another Capita breach and Alan Calder on what all organisations can learn from the attack and Capita’s response.
Published 05/18/23
This week, we discuss ChatGPT’s restoration in Italy despite wider security concerns, an apology from the LockBit ransomware group and another breach for T-Mobile, and Alan Calder discusses what boards need to do to build their organisations’ cyber defences.
Published 05/04/23
This week, we discuss the apparent sale of exfiltrated Capita data by the Black Basta ransomware group, a zero-day Google Chrome vulnerability and the development of a new LockBit ransomware variant targeting macOS, and Alan Calder analyses the new US National Cybersecurity Strategy and explains what all organisations should learn from it.
Published 04/20/23
This week, we discuss a cyber attack on the outsourcing giant Capita, Italy's ban on OpenAI's ChatGPT chatbot and further bad news for TikTok: a £12.7 million fine from the ICO for breaching UK data protection law.
Published 04/05/23
This week, we discuss ransomware attacks on Ferrari and the Dole Food Company, another TikTok ban – this time by the BBC – and vulnerabilities that allow some Android phones to be hacked with only the victim's phone number.
Published 03/23/23
This week, we discuss a data breach affecting WH Smith, the latest proposals to reform data protection law in the UK, TikTok's response to being banned by the European Commission and European Parliament, and the proposed US RESTRICT Act, and a woman who has been sentenced for defrauding Luton Borough Council in a cyber attack.
Published 03/09/23
This week, we discuss the European Parliament Committee on Civil Liberties’s opinion of the EU-US Data Privacy Framework, Twitter’s decision to disable free text-based 2FA, a series of attacks on GoDaddy’s infrastructure and the HardBit 2.0 ransomware group’s negotiation tactics.
Published 02/23/23
This week, we discuss a Which? investigation into basic security flaws on banks' websites and apps, a ransomware attack on the financial firm ION Cleared Derivatives, and a phishing attack that compromised the emails of Stewart McDonald MP.
Published 02/09/23
This week, we discuss the fallout from the latest Mailchimp breach, a ransomware attack on KFC, Pizza Hut and Taco Bell's parent company, another T-Mobile data breach, an incident affecting Planet Ice, and an update for older Apple devices. We also talk to the ISO 27001 expert Steve Watkins about his new pocket guide to the Standard.
Published 01/26/23
This week, we discuss a series of ransomware attacks on 30 schools and colleges in the UK, legal action against both Meta and the Irish Data Protection Commission following last year’s massive Facebook GDPR fine, and the third stage of a cyber-defence-in-depth strategy: management.
Published 01/12/23
This week, we discuss a ransomware attack on Rackspace, a Citrix zero-day vulnerability, the forthcoming EU adequacy decision in respect of the EU-U.S Data Privacy Framework, and the second stage of a cyber-defence-in-depth strategy: protection.
Published 12/15/22
This week, we discuss the Hive ransomware as a service, the latest developments following the Medibank breach, a Canadian city shut down by ransomware, Suffolk Police's leak of sensitive data and the ethical implications of AI.
Published 11/24/22
This week, we discuss a £4.4 million GDPR fine for the construction company Interserve, a data breach affecting 9.7 million customers of Medibank, an unusual GDPR fine for UPS, and Microsoft’s latest software updates.
Published 11/10/22
This week, we discuss the new mechanism for transferring EU residents’ personal data to the US, the first GDPR Data Protection Seal, a new ransomware attack targeting Ukraine and its allies, and the first layer in a defence-in-depth approach to cyber security: detection.
Published 10/27/22