Sophos’ Secure by Design 2025 Progress
We are pleased to openly share our pledges and the progress we are making in each of the seven core pillars of product security in the Secure by Design framework
Similar Posts
HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
Bys sJoseph J. Lazzarotti & Rachel A. Jacob of JacksonLewis write: Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025. The law applies to certain “financial corporations.” Under the law, financial corporation means all entities regulated by…
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
Bys sSolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below – CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system…
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
Bys sA Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money…
Westend Dental agrees to pay Indiana $350K and to implement corrective action plan to settle charges of multiple HIPAA violations
TechCrunch recently did its annual write-up of badly handled data security incidents. The following wasn’t in it but is one of the worst security and privacy failures that I’ve ever read, and that’s saying a lot. This case stems from a ransomware attack by Medusa Locker in October 2020 that is first being seriously addressed…
Hacking Verizon Call Records: A Security Breach with National Security Implications
Bys sKirsten Doyle reports: Security researcher Evan Connelly recently identified a security vulnerability in the Verizon Call Filter iOS app which made it possible for a malicious actor to leak call history logs of Verizon Wireless customers. Call logs can be highly valuable, particularly for nation-states, as they enable intelligence agencies to map social networks, track high-value targets, figure…
US govt login portal could be one cyberattack away from collapse, say auditors
Bys sBrandon Vigliarolo reports: The US government’s Login.gov identity verification system could be one cyberattack, or just a routine IT hiccup, away from serious trouble, say auditors, because it hasn’t shown its backup testing policy is actually in use or effective. The US Government Accountability Office reported Tuesday that Login.gov, which is managed by the federal government’s General…