The cloud has changed everything. It’s faster, cheaper, and easier to scale than traditional infrastructure. Initially, most companies chose a single cloud provider. That’s no longer enough. Now, nearly 86% of businesses use more than one cloud. This approach—called multi-cloud—lets teams choose the best features from each provider. But it also opens the door to new security risks. When apps, data, and tools are scattered across platforms, managing security gets harder. And in today's world of constant cyber threats, ignoring cloud security is not an option. Let’s walk through real-world challenges and the best ways to protect business data in a multi-cloud environment. 1. Know What You’re Working With Start with visibility. Make a full inventory of the cloud platforms, apps, and storage your business uses. Ask every department—marketing, finance, HR—what tools they’ve signed up for. Many use services without informing IT. This is shadow IT, and it’s risky. Once you have the list, figure out what data lives where. Some workloads are low-risk. Others involve customer records, credit card data, or legal files. Prioritize those. 2. Build a Unified Security Strategy One of the biggest mistakes companies make is treating each cloud provider as a separate system. Every provider has its own rules, tools, and settings. If your security strategy is broken up, gaps will appear. Instead, aim for a single, connected approach. Use the same access rules, encryption standards, and monitoring tools across all clouds. You don’t want different policies on AWS and Azure—it just invites trouble. Tools like centralized dashboards, SIEM (Security Information and Event Management), and SOAR (Security Orchestration, Automation, and Response) help you keep everything in one place. 3. Enforce Strict Access Controls In a multi-cloud world, identity and access control are one of the hardest things to get right. Every platform has its own login system. Without proper integration, mistakes happen. Someone might get more access than they need, or never lose access when they leave the company. Stick to these practices: Use role-based access control. Limit permissions to the bare minimum. Turn on multi-factor authentication. Link logins across platforms using identity federation. The more consistent your access rules are, the easier it is to control who gets in and what they can do. 4. Use the Zero Trust Model Zero Trust means never assume anything is safe. Every user, device, and app must prove itself—every time. Even if a user is on your network, don’t trust them by default. This model reduces risk. It checks each request. It verifies users. And it looks for signs of abnormal behavior, like someone logging in from a new device or country. Zero Trust works well with automation and real-time monitoring. It also forces teams to rethink how data is shared and accessed. 5. Encrypt Data—Always Encryption is a basic but powerful layer of defense. It protects data whether it’s sitting in storage or moving between systems. If attackers get in, encrypted data is useless without the keys. Most cloud platforms offer built-in encryption. But don’t rely only on that. You can manage your own keys with tools like AWS KMS or Azure Key Vault. That gives you more control. To stay safe: Encrypt both at rest and in transit. Avoid default settings. Rotate encryption keys regularly. 6. Monitor in Real Time Security is not a one-time task. You need to watch your systems around the clock. Set alerts for things like large file downloads, unusual logins, or traffic spikes. Centralized monitoring helps a lot. It pulls logs from all your platforms and tools into one place. That way, your security team isn’t flipping between dashboards when something goes wrong. Also, use automation to filter out noise and surface real threats faster. 7. Set Up Regular Audits and Compliance Checks Multi-cloud setups are great for flexibility, but complex when it comes to compliance. Each platform has its own set of controls and certifications. Managing them all can be overwhelming. That’s why audits matter. Run security checks on a regular schedule—monthly, quarterly, or after every major change. Look for misconfigured permissions, missing patches, or unsecured data. And document everything. Also, make sure your tools help meet regulations like GDPR, HIPAA, or PCI DSS. Automated compliance scans can help stay on top of this. 8. Prevent Data Loss with Smart Policies Sensitive data is always at risk. Employees might share it by mistake. Attackers might try to steal it. That’s where Data Loss Prevention (DLP) comes in. DLP tools block unauthorized sharing of personal data, financial records, or internal files. You can create rules like “Don’t send customer SSNs over email” or “Block uploads of credit card data to personal drives.” DLP also supports compliance and helps avoid lawsuits or fines when accidents happen. 9. Automate Where You Can Manual work slows things down, and mistakes happen. That’s why automation is key in cloud security. Automate things like: Patch management Access reviews Backup schedules Security alerts Automation speeds up your response time. It also frees your security team to focus on serious issues, not routine tasks. 10. Centralized Security Control One major downside of multi-cloud isa lack of visibility. If you’re jumping between different tools for each cloud, you miss things. Instead, use a centralized security management system. It collects data from all clouds, shows risk levels, flags issues, and helps you fix them from one place. This unified view makes a huge difference. It helps you react faster and stay ahead of threats. Final Thought Cloud providers have made data storage and computing easier than ever. But with great power comes risk. Using multiple clouds gives more choice, but also more responsibility. Most businesses today are not ready. Only 15% have a mature multi-cloud security plan, says the 2023 Cisco Cyber Security Readiness Index. That means many are exposed. The good news? You can fix this. Start with simple steps. Know what you use. Lock it down. Watch it closely. Keep improving. And above all, treat cloud security not as a technical box to check, but as something critical to your business. Because in today’s world, a single breach can shut you down. And that’s too big a risk to ignore.

The online discussion forum says Anthropic continued to access its site more than 100,000 times after saying it had stopped.

IT Pros ‘Extremely Worried’ About Shadow AI: Report By John P. Mello Jr. June 4, 2025 5:00 AM PT ADVERTISEMENT Enterprise IT Lead Generation Services Fuel Your Pipeline. Close More Deals. Our full-service marketing programs deliver sales-ready leads. 100% Satisfaction Guarantee! Learn more. Shadow AI — the use of AI tools under the radar of IT departments — has information technology directors and executives worried, according to a report released Tuesday. The report, based on a survey of 200 IT directors and executives at U.S. enterprise organizations of 1,000 employees or more, found nearly half the IT pros (46%) were “extremely worried” about shadow AI, and almost all of them (90%) were concerned about it from a privacy and security viewpoint. “As our survey found, shadow AI is resulting in palpable, concerning outcomes, with nearly 80% of IT leaders saying it has resulted in negative incidents such as sensitive data leakage to Gen AI tools, false or inaccurate results, and legal risks of using copyrighted information,” said Krishna Subramanian, co-founder of Campbell, Calif.-based Komprise, the unstructured data management company that produced the report. “Alarmingly, 13% say that shadow AI has caused financial or reputational harm to their organizations,” she told TechNewsWorld. Subramanian added that shadow AI poses a much greater problem than shadow IT, which primarily focuses on departmental power users purchasing cloud instances or SaaS tools without obtaining IT approval. “Now we’ve got an unlimited number of employees using tools like ChatGPT or Claude AI to get work done, but not understanding the potential risk they are putting their organizations at by inadvertently submitting company secrets or customer data into the chat prompt,” she explained. “The data risk is large and growing in still unforeseen ways because of the pace of AI development and adoption and the fact that there is a lot we don’t know about how AI works,” she continued. “It is becoming more humanistic all the time and capable of making decisions independently.” Shadow AI Introduces Security Blind Spots Shadow AI is the next step after shadow IT and is a growing risk, noted James McQuiggan, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla. “Users use AI tools for content, images, or applications and to process sensitive data or company information without proper security checks,” he told TechNewsWorld. “Most organizations will have privacy, compliance, and data protection policies, and shadow AI introduces blind spots in the organization’s data loss prevention.” “The biggest risk with shadow AI is that the AI application has not passed through a security analysis as approved AI tools may have been,” explained Melissa Ruzzi, director of AI at AppOmni, a SaaS security management software company, in San Mateo, Calif. “Some AI applications may be training models using your data, may not adhere to relevant regulations that your company is required to follow, and may not even have the data storage security level you deem necessary to keep your data from being exposed,” she told TechNewsWorld. “Those risks are blind spots of potential security vulnerabilities in shadow AI.” Krishna Vishnubhotla, vice president of product strategy at Zimperium, a mobile security company based in Dallas, noted that shadow AI extends beyond unapproved applications and involves embedded AI components that can process and disseminate sensitive data in unpredictable ways. “Unlike traditional shadow IT, which may be limited to unauthorized software or hardware, shadow AI can run on employee mobile devices outside the organization’s perimeter and control,” he told TechNewsWorld. “This creates new security and compliance risks that are harder to track and mitigate.” Vishnubhotla added that the financial impact of shadow AI varies, but unauthorized AI tools can lead to significant regulatory fines, data breaches, and loss of intellectual property. “Depending on the scale of the agency and the sensitivity of the data exposed, the costs could range from millions to potentially billions in damages due to compliance violations, remediation efforts, and reputational harm,” he said. “Federal agencies handling vast amounts of sensitive or classified information, financial institutions, and health care organizations are particularly vulnerable,” he said. “These sectors collect and analyze vast amounts of high-value data, making AI tools attractive. But without proper vetting, these tools could be easily exploited.” Shadow AI Everywhere and Easy To Use Nicole Carignan, SVP for security and AI strategy at Darktrace, a global cybersecurity AI company, predicts an explosion of tools that utilize AI and generative AI within enterprises and on devices used by employees. “In addition to managing AI tools that are built in-house, security teams will see a surge in the volume of existing tools that have new AI features and capabilities embedded, as well as a rise in shadow AI,” she told TechNewsWorld. “If the surge remains unchecked, this raises serious questions and concerns about data loss prevention, as well as compliance concerns as new regulations start to take effect.” “That will drive an increasing need for AI asset discovery — the ability for companies to identify and track the use of AI systems throughout the enterprise,” she said. “It is imperative that CIOs and CISOs dig deep into new AI security solutions, asking comprehensive questions about data access and visibility.” Shadow AI has become so rampant because it is everywhere and easy to access through free tools, maintained Komprise’s Subramanian. “All you need is a web browser,” she said. “Enterprise users can inadvertently share company code snippets or corporate data when using these Gen AI tools, which could create data leakage.” “These tools are growing and changing exponentially,” she continued. “It’s really hard to keep up. As the IT leader, how do you track this and determine the risk? Managers might be looking the other way because their teams are getting more done. You may need fewer contractors and full-time employees. But I think the risk of the tools is not well understood.” “The low, or in some cases non-existent, learning curve associated with using Gen AI services has led to rapid adoption, regardless of prior experience with these services,” added Satyam Sinha, CEO and co-founder of Acuvity, a provider of runtime Gen AI security and governance solutions, in Sunnyvale, Calif. “Whereas shadow IT focused on addressing a specific challenge for particular employees or departments, shadow AI addresses multiple challenges for multiple employees and departments. Hence, the greater appeal,” he said. “The abundance and rapid development of Gen AI services also means employees can find the right solution [instantly]. Of course, all these traits have direct security implications.” Banning AI Tools Backfires To support innovation while minimizing the threat of shadow AI, enterprises must take a three-pronged approach, asserted Kris Bondi, CEO and co-founder of Mimoto, a threat detection and response company in San Francisco. They must educate employees on the dangers of unsupported, unmonitored AI tools, create company protocols for what is not acceptable use of unauthorized AI tools, and, most importantly, provide AI tools that are sanctioned. “Explaining why one tool is sanctioned and another isn’t greatly increases compliance,” she told TechNewsWorld. “It does not work for a company to have a zero-use mandate. In fact, this results in an increase in stealth use of shadow AI.” In the very near future, more and more applications will be leveraging AI in different forms, so the reality of shadow AI will be present more than ever, added AppOmni’s Ruzzi. “The best strategy here is employee training and AI usage monitoring,” she said. “It will become crucial to have in place a powerful SaaS security tool that can go beyond detecting direct AI usage of chatbots to detect AI usage connected to other applications,” she continued, “allowing for early discovery, proper risk assessment, and containment to minimize possible negative consequences.” “Shadow AI is just the beginning,” KnowBe4’s McQuiggan added. “As more teams use AI, the risks grow.” He recommended that companies start small, identify what’s being used, and build from there. They should also get legal, HR, and compliance involved. “Make AI governance part of your broader security program,” he said. “The sooner you start, the better you can manage what comes next.” John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John. Leave a Comment Click here to cancel reply. Please sign in to post or reply to a comment. New users create a free account. Related Stories More by John P. Mello Jr. view all More in IT Leadership

Published June 4, 2025 10:00am EDT close Windows bug leaves computer Wi-Fi vulnerable to hackers Kurt "CyberGuy" Knutsson explains how to keep your Windows computer safe and the security risks of online retail giant Temu. NEWYou can now listen to Fox News articles! Hackers are no longer targeting only tech giants or hospitals. Any business that collects valuable personal information, such as names, phone numbers, email addresses or even basic financial details, is now a target.Companies that rely heavily on third-party vendors or outsourced customer support are even more at risk, especially if they are not particularly strong in the technology sector.German retailer Adidas learned this the hard way. The company recently confirmed a data breach involving one of its external partners, and although it has acknowledged the issue, many important details are still missing. A hacker at work (Kurt "CyberGuy" Knutsson)Adidas confirms vendor breach: Here’s what we knowAdidas has officially acknowledged that a third-party vendor suffered a breach, resulting in unauthorized access to consumer data. In a public notice titled "Data Security Information," the company revealed that a "third-party customer service provider" had been compromised. While the brand was initially silent on the scope, it had already been reported earlier this month that customers in Turkey and Korea had received breach notifications.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSAdidas posted this information on both its German and English websites. However, no specific region or number of affected individuals has been confirmed. The company’s statement did clarify that no payment information, such as credit card details, nor passwords were included in the breach. Instead, it involved contact details submitted by users to Adidas’ help desk in the past.Data obtained reportedly includes names, phone numbers, email addresses and dates of birth. While this might seem limited compared to financial data, this type of information can be exploited for phishing scams and identity theft.  An Adidas sign (Kurt "CyberGuy" Knutsson)What Adidas told customers after the breachIn the wake of the breach, Adidas began notifying potentially affected customers directly. The company's email to customers below aimed to reassure recipients and clarify what information was involved. Here is the full text of the notification sent to affected individuals.Dear customer,We are writing to inform you of an issue that we recently became aware of which may have impacted some of your data.What happenedadidas recently learned that an unauthorized external party gained access to certain customer data through a third-party customer service provider.What information was involvedThe affected data does not contain passwords, credit card or any other payment-related information. Nor have any Social Security numbers been impacted.It mainly consists of contact information relating to customers who had contacted our customer service help desk in the past. This may have included one or more of the following: name, email address, telephone number, gender and/or birth date.What we are doing Privacy and the security of your data is our priority. Upon becoming aware of this incident, adidas took proactive and immediate steps to investigate and contain the incident. This includes further enhancing security measures and resetting passwords for customer service accounts.What you can doWe are currently unaware of any harm (such as identity theft or fraud) being caused to our customers as a result of this incident. There are no immediate steps that you need to take. Although, as always, please remain vigilant and look out for any suspicious messages. As a reminder, adidas will never directly contact you to ask that you provide us with financial information, such as your credit card details, bank account information or passwords.Who you can contactIf you have any questions, then please contact our Customer Service team at https://www.adidas.com/us/helpWe apologise for any inconvenience caused by this incident.adidas TeamWhat Adidas hasn’t said about the vendor hackDespite the official acknowledgment, several questions remain unanswered. Adidas has yet to clarify whether this is a single breach affecting multiple regions or several separate incidents. The lack of transparency around the name of the third-party vendor and the absence of concrete numbers or locations for affected users has created frustration among observers and possibly among customers themselves.The earlier regional reports from Turkey and Korea might suggest that this incident was either global in scale or that similar third-party vendors were independently targeted. In either case, the company's current handling of the situation has left room for speculation. Adidas claims it is in the process of informing potentially affected customers, but it has not detailed the method or timeline for this outreach.We reached out to adidas for a comment, and a representative referred us to this statement on their website. In part, the company said, "We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident."GET FOX BUSINESS ON THE GO BY CLICKING HERE An Adidas shoe (Kurt "CyberGuy" Knutsson)6 critical steps to take after the Adidas data breachIf you think you were affected or just want to be cautious, here are some steps you can take right now to stay safe from the Adidas data breach:1. Scrub your data from the internet using a personal data removal service: The more exposed your personal information is online, the easier it is for scammers to use it against you. Following the Adidas breach, consider removing your information from public databases and people-search sites. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.2. Watch out for phishing scams and use strong antivirus software: With access to your email and phone number, Adidas attackers can craft convincing phishing emails pretending to be from healthcare providers or banks. These emails might include malicious links designed to install malware or steal login information. To defend yourself, use a strong antivirus program. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.3. Safeguard against identity theft and use identity theft protection: Hackers now have access to high-value information from the Adidas breach. This makes you a prime target for identity theft. You might want to consider investing in identity theft protection, which can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Signing up for identity theft protection gives you 24/7 monitoring, alerts for unusual activity and support if your identity is stolen. See my tips and best picks on how to protect yourself from identity theft.4. Set up fraud alerts: Requesting fraud alerts notifies creditors that they need extra verification before issuing credit in your name. You can request fraud alerts through any one of the three major credit bureaus; they’ll notify the others. This adds another layer of protection without completely freezing access to credit.5. Change passwords and use a password manager: Update passwords on any accounts tied to compromised data. Use unique passwords that are hard to guess and let a password manager do the heavy lifting by generating secure ones for you. Reused passwords are an easy target after breaches. Consider password managers for convenience and security. Get more details about my best expert-reviewed password managers of 2025 here.6. Be wary of social engineering attacks: Hackers may use stolen details like names or birthdates from breaches in phone scams or fake customer service calls designed to trick you into revealing more sensitive info. Never share personal details over unsolicited calls or emails. Social engineering attacks rely on trust, and vigilance is key.Kurt’s key takeawayThe Adidas breach shows that even companies with decades of brand equity and a massive global footprint are not immune to lapses in data security. It underscores the need for companies to go beyond basic compliance and actively evaluate the cybersecurity standards of every partner in their ecosystem. Consumers are becoming increasingly aware of the trade-offs they make when sharing their personal information, and brands that fail to meet this moment may find their reputations eroding faster than they expect.CLICK HERE TO GET THE FOX NEWS APPShould retailers be penalized for neglecting basic cybersecurity practices? Let us know by writing us atCyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Jun 04, 2025Ravie Lakshmanan Threat Intelligence / Data Breach Google has disclosed details of a financially motivated threat cluster that it said "specialises" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with threat groups with ties to an online cybercrime collective known as The Com. "Over the past several months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements," the company said in a report shared with The Hacker News. This approach, Google's Threat Intelligence Group (GTIG) added, has had the benefit of tricking English-speaking employees into performing actions that give the threat actors access or lead to the sharing of valuable information such as credentials, which are then used to facilitate data theft. A noteworthy aspect of UNC6040's activities involves the use of a modified version of Salesforce's Data Loader that victims are deceived into authorizing so as to connect to the organization's Salesforce portal during the vishing attack. Data Loader is an application used to import, export, and update data in bulk within the Salesforce platform. Specifically, the attackers guide the target to visit Salesforce's connected app setup page and approve the modified version of the Data Loader app that carries a different name or branding (e.g., "My Ticket Portal") from its legitimate counterpart. This action grants them unauthorized access to the Salesforce customer environments and exfiltrate data. Beyond data loss, the attacks serve as a stepping stone for UNC6040 to move laterally through the victim's network, and then access and harvest information from other platforms such as Okta, Workplace, and Microsoft 365. Select incidents have also involved extortion activities, but only "several months" after the initial intrusions were observed, indicating an attempt to monetize and profit off the stolen data presumably in partnership with a second threat actor. "During these extortion attempts, the actor has claimed affiliation with the well-known hacking group ShinyHunters, likely as a method to increase pressure on their victims," Google said. UNC6040's overlaps with groups linked to The Com stem from the targeting of Okta credentials and the use of social engineering via IT support, a tactic that has been embraced by Scattered Spider, another financially motivated threat actor that's part of the loose-knit organized collective. The vishing campaign hasn't gone unnoticed by Salesforce, which, in March 2025, warned of threat actors using social engineering tactics to impersonate IT support personnel over the phone and trick its customers' employees into giving away their credentials or approving the modified Data Loader app. "They have been reported luring our customers' employees and third-party support workers to phishing pages designed to steal credentials and MFA tokens or prompting users to navigate to the login.salesforce[.]com/setup/connect page in order to add a malicious connected app," the company said. "In some cases, we have observed that the malicious connected app is a modified version of the Data Loader app published under a different name and/or branding. Once the threat actor gains access to a customer's Salesforce account or adds a connected app, they use the connected app to exfiltrate data." The development not only highlights the continued sophistication of social engineering campaigns, but also shows how IT support staff are being increasingly targeted as a way to gain initial access. "The success of campaigns like UNC6040's, leveraging these refined vishing tactics, demonstrates that this approach remains an effective threat vector for financially motivated groups seeking to breach organizational defenses," Google said. "Given the extended time frame between initial compromise and extortion, it is possible that multiple victim organizations and potentially downstream victims could face extortion demands in the coming weeks or months." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Jun 05, 2025Ravie LakshmananNetwork Security / Vulnerability Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability. "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems," the company said in an advisory. The networking equipment maker, which credited Kentaro Kawane of GMO Cybersecurity for reporting the flaw, noted it's aware of the existence of a proof-of-concept (PoC) exploit. There is no evidence that it has been maliciously exploited in the wild. Cisco said the issue stems from the fact that credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, causing different deployments to share the same credentials as long as the software release and cloud platform are the same. Put differently, the static credentials are specific to each release and platform, but are not valid across platforms. As the company highlights, all instances of Cisco ISE release 3.1 on AWS will have the same static credentials. However, credentials that are valid for access to a release 3.1 deployment would not be valid to access a release 3.2 deployment on the same platform. Furthermore, Release 3.2 on AWS would not have the same credentials as Release 3.2 on Azure. Successful exploitation of the vulnerability could permit an attacker to extract the user credentials from the Cisco ISE cloud deployment and then use it to access Cisco ISE deployed in other cloud environments through unsecured ports. This could ultimately allow unauthorized access to sensitive data, execution of limited administrative operations, changes to system configurations, or service disruptions. That said, Cisco ISE is only affected in cases where the Primary Administration node is deployed in the cloud. Primary Administration nodes that are on-premises are not impacted. The following versions are affected - AWS - Cisco ISE 3.1, 3.2, 3.3, and 3.4 Azure - Cisco ISE 3.2, 3.3, and 3.4 OCI - Cisco ISE 3.2, 3.3, and 3.4 While there are no workarounds to address CVE-2025-20286, Cisco is recommending that users restrict traffic to authorized administrators or run the "application reset-config ise" command to reset user passwords to a new value. However, it bears noting that running the command will reset Cisco ISE to the factory configuration. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

In technical fields like information technology, definitions are fundamental. They are the building blocks for constructing useful applications and systems. Yet, despite this, it’s easy to assume a term’s definition and wield it confidently before discovering its true meaning. The two closely related cases that stand out to me are “security” and “privacy.” I say this with full awareness that, in my many writings on information security, I never adequately distinguished these two concepts. It was only after observing enough conflation of these terms that I resolved to examine my own casual treatment of them. So, with the aim of solidifying my own understanding, let’s properly differentiate “information security” and “information privacy.” Security vs. Privacy: Definitions That Matter In the context of information technology, what exactly are security and privacy? Security is the property of denying unauthorized parties from accessing or altering your data. Privacy is the property of preventing the observation of your activities by any third parties to whom you do not expressly consent to observe those activities. As you can see, these principles are related, which is one reason why they’re commonly interchanged. This distinction becomes comprehensible with examples. Let’s start with an instance where security applies, but privacy does not. Spotify uses digital rights management (DRM) software to keep its media secure but not private. DRM is a whole topic of its own, but it essentially uses cryptography to enforce copyright. In Spotify’s case, it’s what constitutes streaming rather than just downloading: the song’s file is present on your device (at least temporarily) just as if you’d downloaded it, but Spotify’s DRM cryptography prevents you from opening the file without the Spotify application. The data on Spotify (audio files) are secure because only users of the application can stream audio, and streamed content can’t be retained, opened, or transmitted to non-users. However, Spotify’s data is not private because nearly anyone with an email address can be a user. Thus, in practice, the company cannot control who exactly can access its data. A more complex example of security without privacy is social media. When you sign up for a social media platform, you accept an end-user license agreement (EULA) authorizing the platform to share your data with its partners and affiliates. Your data stored with “authorized parties” on servers controlled by the platform and its affiliates would be considered secure, provided all these entities successfully defend your data against theft by unauthorized parties. In other words, if everyone who is allowed (by agreement) to have your data encrypts it in transit and at rest, insulates and segments their networks, etc., then your data is secure no matter how many affiliates receive it. In practice, the more parties that have your data, the more likely it is that any one of them is breached, but in theory, they could all defend your data. On the other hand, any data you fork over to the social network is not private because you can’t control who uses your data and how. As soon as your data lands on the platform’s servers, you can’t restrict what they do with it, including sharing your data with other entities, which you also can’t control. Both examples illustrate security without privacy. That’s because privacy entails security, but not the reverse. All squares are rectangles, but not all rectangles are squares. If you have privacy, meaning you can completely enforce how any party uses your data (or doesn’t), it is secure by definition because only authorized parties can access your data. Mobile Devices: Secure but Not Private Casually mixing security and privacy can lead people to misunderstand the information security properties that apply to their data in any given scenario. By reevaluating for ourselves whether a given technology affords us security and privacy, we can have a more accurate understanding of how accessible our data really is. One significant misconception I’ve noticed concerns mobile devices. I get the impression that the digital privacy content sphere regards mobile devices as not secure because they aren’t private. But while mobile is designed not to be private, it is specifically designed to be secure. Why is that? Because the value of data is in keeping it in your hands and out of your competitor’s. If you collect data but anyone else can grab your copy, you are not only at no advantage but also at a disadvantage since you’re the only party that spent time and money to collect it from the source. With modest scrutiny, we’ll find that every element of a mobile OS that might be marketed as a privacy feature is, in fact, strictly a security feature. Cybersecurity professionals have hailed application permissions as a major stride in privacy. But whom are they designed to help? These menus apply to applications that request access to certain hardware, from microphones and cameras to flash memory storage and wireless radios. This access restriction feature serves the OS developer by letting users lock out as much of their competition as possible from taking their data. The mobile OS developer controls the OS with un-auditable compiled code. For all you know, permission controls on all the OS’s native apps could be ignored. However, even if we assume that the OS developer doesn’t thwart your restrictions on their own apps, the first-party apps still enjoy pride of place. There are more of them; they are preinstalled on your device, facilitate core mobile device features, require more permissions, and often lose core functions when those permissions are denied. Mobile OSes also sandbox every application, forcing each to run in an isolated software environment, oblivious to other applications and the underlying operating system. This, too, benefits the OS vendor. Like the app permission settings, this functionality makes it harder for third parties to grab the same data the OS effortlessly ingests. The OS relies on its own background processes to obtain the most valuable data and walls off every other app from those processes. Mobile Security Isn’t Designed With You in Mind The most powerful mobile security control is the denial of root privileges to all applications and users (besides, again, the OS itself). While it goes a long way toward keeping the user’s data safe, it is just as effective at subjecting everything and everyone using the device to the dictates of the OS. The security advantage is undeniable: if your user account can’t use root, then any malware that compromises it can’t either. By the same token, because you don’t have complete control over the OS, you are unable to reconfigure your device for privacy from the OS vendor. I’m not disparaging any of these security controls. All of them reinforce the protection of your data. I’m saying that they are not done primarily for the user’s benefit; that is secondary. Those of you familiar with my work might see the scroll bar near the bottom of this page and wonder why I haven’t mentioned Linux yet. The answer is that desktop operating systems, my preferred kind of Linux OS, benefit from their own examination. In a follow-up to this piece, I will discuss the paradox of desktop security and privacy. Please stay tuned.

Macworld If you like using Windows apps on your Mac through Parallels Pro, then pay attention. Microsoft is phasing out Windows 10 soon. If you had a Windows computer, you might be able to upgrade to Windows 11 for free. Mac users can still upgrade for cheap, though. It’s only $14.97 to get Windows 11 Pro, but it won’t stay that way for long. Windows 11 Pro has a few upgrades that seriously improve productivity, security, and user experience. Its new interface is more streamlined and user-friendly. For Mac users, it might even seem a little familiar. Features like Snap Layouts and multiple desktops help keep your workspace organized, while Windows Sandbox gives you a secure environment for testing apps without risking your main system. Security enhancements include support for biometrics login, TPM 2.0, and Smart App Control, which can help protect your data from unauthorized access. The built-in AI-powered Copilot assistant is another practical tool, making it easier to quickly adjust settings, generate content, or get answers to questions without disrupting your workflow. You only have a little while longer to get Windows 11 Pro for life on sale for $14.97 (reg. $199). No coupon needed.  Microsoft Windows 11 ProSee Deal StackSocial prices subject to change. 

Data broker LexisNexis Risk Solutions (LNRS) has just disclosed a data breach that occurred at the end of last year, and while it doesn't affect as many individuals as other recent high profile incidents—such as the DISA hack that included 3.3 million people's information—it underscores the ever-present concerns with companies collecting (and profiting off of) user data. As TechCrunch reports, LexisNexis Risk Solutions uses consumers' personal and financial information to help corporations conduct risk assessments on prospective customers and detect fraudulent transactions. For example, LexisNexis sold data on vehicle driving habits collected by car manufacturers to insurance companies to set premiums, while law enforcement agencies pull data from LexisNexis about suspects. (LexisNexis Risk Solutions is a subsidiary of the same corporation that owns data analytics and research firm LexisNexis.)The LexisNexis hack compromised data collected on 364,333 individuals, and there's a potential class action lawsuit brewing over the incident. Here's what you need to know. What happened with LexisNexis?According to the company's filing with the Maine attorney general's office, a data breach took place on December 25, 2024 but wasn't discovered until May 14, 2025. A third-party platform used by LexisNexis was hacked, compromising information that may include the following: NamePhone numberMailing addressEmail addressSocial Security numberDriver's license numberDate of birthIn a letter to affected individuals, LexisNexis states that no financial or credit card information was included in the breach, nor has any data been obviously misused (so far). Few additional details about the incident have been disclosed, other than that none of the company's own networks or systems were hacked. What consumers need to doLexisNexis sent a notice dated May 24 to consumers whose data may have been compromised, so if you receive a letter from LexisNexis Risk Solutions, don't throw it out. The company is offering 24 months of identity protection and credit monitoring services through Experian IdentityWorks, and you must enroll online by August 31, 2025 using the activation code provided in your notice. Affected individuals can also indicate their interest in joining a class action lawsuit against LexisNexis through Oklahoma-based firm Abington Cole + Ellery. If you want to volunteer to be considered as a class representative, fill out the online form with your name, contact information, and connection to the breach.Finally, even if you don't plan to join the class action suit, you should keep an eye out for signs of identity theft. Check your credit report—which you can request for free on a weekly basis—and monitor your accounts for any unauthorized activity. You can also freeze your credit, place a fraud alert, and take other steps to secure your Social Security number so no one can open accounts or take out debt in your name.

Published June 1, 2025 10:00am EDT close Microsoft claims a big leap forward in forecasting Just in time for hurricane season, Microsoft is unveiling a new AI-powered weather prediction system. Infostealer malware has been on the rise recently, and that's evident from the billions of user records leaked online in the past year alone. This type of malware targets everything from your name, phone number and address to financial details and cryptocurrency. Leading the charge is the Lumma infostealer.I have been reporting on this malware since last year, and security researchers have called it one of the most dangerous infostealers, infecting millions. There have been countless incidents of Lumma targeting people's personal data (more on this later), but the good news is that Microsoft has taken it down.The Redmond-based company announced it has dismantled the Lumma Stealer malware operation with the help of law enforcement agencies around the world. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)What you need to knowMicrosoft confirmed that it has successfully taken down the Lumma Stealer malware network in collaboration with law enforcement agencies around the world. In a blog post, the company revealed that its Digital Crimes Unit had tracked infections on more than 394,000 Windows devices globally between March 16 and May 16.Lumma was a go-to tool for cybercriminals, often used to siphon sensitive information like login credentials, credit card numbers, bank account details and cryptocurrency wallet data. The malware’s reach and impact made it a favored choice among threat actors for financial theft and data breaches.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSTo disrupt the malware’s operation, Microsoft obtained a court order from the U.S. District Court for the Northern District of Georgia, which allowed the company to take down key domains that supported Lumma’s infrastructure. This was followed by the U.S. Department of Justice stepping in to seize control of Lumma’s core command system and shut down marketplaces where the malware was being sold.International cooperation played a major role as well. Japan’s cybercrime unit helped dismantle Lumma’s locally hosted infrastructure, while Europol assisted in actions against hundreds of domains used in the operation. In total, over 1,300 domains were seized or redirected to Microsoft-managed sinkholes to prevent further damage.Microsoft says this takedown effort also included support from industry partners such as Cloudflare, Bitsight and Lumen, which helped dismantle the broader ecosystem that enabled Lumma to thrive. HP laptop   (Kurt "CyberGuy" Knutsson)More about the Lumma infostealerLumma is a Malware-as-a-Service (MaaS) that has been marketed and sold through underground forums since at least 2022. Over the years, its developers have released multiple versions to continually improve its capabilities. I first reported on Lumma in February 2024, when it was used by hackers to access Google accounts using expired cookies that contained login information.Lumma continued targeting users, with reports in October 2024 revealing it was impersonating fake human verification pages to trick Windows users into sharing sensitive information. The malware wasn’t limited to Windows. In January 2024, security researchers found the infostealer malware was targeting 100 million Mac users, stealing browser credentials, cryptocurrency wallets and other personal data. Windows laptop   (Kurt "CyberGuy" Knutsson)6 ways you can protect yourself from infostealer malwareTo protect yourself from the evolving threat of infostealer malware, which continues to target users through sophisticated social engineering tactics, consider taking these six essential security measures:1. Be skeptical of CAPTCHA prompts: Legitimate CAPTCHA tests never require you to press Windows + R, copy commands or paste anything into PowerShell. If a website instructs you to do this, it’s likely a scam. Close the page immediately and avoid interacting with it.2. Don’t click links from unverified emails and use strong antivirus software: Many infostealer attacks start with phishing emails that impersonate trusted services. Always verify the sender before clicking on links. If an email seems urgent or unexpected, go directly to the company’s official website instead of clicking any links inside the email.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.3. Enable two-factor authentication: Enable two-factor authentication (2FA) whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.4. Keep devices updated: Regularly updating your operating system, browser and security software ensures you have the latest patches against known vulnerabilities. Cybercriminals exploit outdated systems, so enabling automatic updates is a simple but effective way to stay protected.WHAT IS ARTIFICIAL INTELLIGENCE (AI)?5. Monitor your accounts for suspicious activity and change your passwords: If you’ve interacted with a suspicious website, phishing email or fake login page, check your online accounts for any unusual activity. Look for unexpected login attempts, unauthorized password resets or financial transactions that you don’t recognize. If anything seems off, change your passwords immediately and report the activity to the relevant service provider. Also, consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here.6. Invest in a personal data removal service: Consider using a service that monitors your personal information and alerts you to potential breaches or unauthorized use of your data. These services can provide early warning signs of identity theft or other malicious activities resulting from infostealer malware or similar attacks. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. ​Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web.Kurt’s key takeawayMicrosoft’s takedown of the Lumma Stealer malware network is a major win in the fight against infostealers, which have fueled a surge in data breaches over the past year. Lumma had become a go-to tool for cybercriminals, targeting everything from browser credentials to crypto wallets across Windows and Mac systems. I’ve been tracking this malware since early 2024, and its ability to impersonate human verification pages and abuse expired cookies made it especially dangerous.CLICK HERE TO GET THE FOX NEWS APPDo you feel tech companies are doing enough to protect users from malware like this? Let us know by writing us atCyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.