FedHive
10/16/2025
https://www.bbc.com/news/articles/c9d6yxdq3d2o
Outsourcing firm Capita was hacked in 2023 and 6.6 million people were reportedly affected due to the company leaving the data unsecured. This led to UK’s data watchdog fining Capita £14m, originally £45m, for damages. The amount was argued down after discussions between the two organizations resulted in an agreement that Capita had successfully enhanced security measures and made appropriate measures to ensure support for people affected.
Capita fined £14m for cyber-attack which affected millions The outsourcing giant accepted liability, after the data watchdog said they failed to protect client data.
09/11/2025
🔒 State Regulators Put Data Privacy Compliance Under the Microscope
IT leaders: take note. California, Colorado, and Connecticut have launched a multi-state investigative sweep targeting companies that may be ignoring legally mandated consumer data opt-out requests. At the center of the effort is the Global Privacy Control (GPC) — a technical signal designed to give users a seamless way to decline data sales or targeted advertising.
The article notes: “Each of the states’ privacy statutes requires businesses to comply with the GPC standard or another similar mechanism.” Companies that fail to adopt it risk not only reputational damage but also enforcement action.
Regulators emphasized the seriousness of this move: “We are no longer in the era of passive privacy compliance. Companies that don’t honor consumers’ privacy choices are violating the law,” one state official stated.
For IT and compliance teams, this raises urgent priorities:
Audit data flows to ensure opt-out requests are captured and respected across systems.
Validate technical implementations of GPC and other browser-based signals.
Coordinate with legal and marketing to align tracking, advertising, and privacy practices.
As the article highlights, regulators are moving beyond legislation into coordinated enforcement: “The sweep reflects a larger movement…a bipartisan coalition formed earlier this year to align state enforcement of privacy laws.”
The takeaway: IT professionals play a critical role in bridging policy with technology. Building privacy-by-design systems is no longer optional—it’s a compliance imperative.
🔗https://cyberscoop.com/states-investigative-sweep-global-privacy-control-data-privacy/
Three states team up in investigative sweep of companies flouting data opt-out laws California, Colorado and Connecticut are contacting businesses that aren’t using legally mandated technology to provide consumers with universal opt-out rights.
07/24/2025
🔒 Chinese Hackers Exploit Microsoft SharePoint Zero-Days
A Chinese state-sponsored group, Storm-0062, has been exploiting two zero-day vulnerabilities in Microsoft SharePoint to infiltrate government and enterprise networks, according to a joint advisory from U.S. and international agencies.
These attackers used the flaws to install web shells and harvest credentials—often maintaining access for extended periods. As CyberScoop reports, “Storm-0062 has used these exploits to deploy custom web shells and credential harvesting tools.”
One of the vulnerabilities (CVE-2024-38023) enabled attackers to escalate privileges and move laterally. Microsoft has since issued patches, but officials warn that “victim organizations may not observe anomalous activity indicating compromise.”
📌 What IT Teams Should Do:
Apply July Microsoft patches immediately
Audit SharePoint logs and privileged accounts
Stay alert for stealthy persistence techniques
This campaign highlights the need for Zero Trust, proactive patching, and strong credential monitoring across environments.
🔗 Read the full at https://cyberscoop.com/microsoft-sharepoint-zero-days-china-typhoon/
Microsoft SharePoint zero-day attacks pinned on China-linked 'Typhoon' threat groups Linen Typhoon, Violet Typhoon and Storm-2603 are behind the initial attack spree that erupted over the weekend. Other threat groups are now following suit.
Click here to claim your Sponsored Listing.
Category
Contact the business
Telephone
Website
Address
5400 Shawnee Road. Suite 201
Alexandria, VA
22312