Author: HackWatchit

modeling is the pinnacle of analytics value. It doesn’t focus on what happened, or even what will happen – it takes analytics further by telling us what we should do to change what will happen. To harness this extra prescriptive power, however, we must take on an additional assumption…a causal assumption. The naive practitioner may not be aware that moving from predictive to prescriptive comes with the baggage of this lurking assumption. I Googled ‘prescriptive analytics’ and searched the first ten articles for the word ‘causal.’ Not to my surprise (but to my disappointment), I didn’t get a single hit.…

Palo Alto, California, June 30th, 2025, CyberNewsWire Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely to fall prey to cyberattacks than employees, making them the new weakest link that enterprise security teams need to look out for.  Browser AI Agents are software applications that act on behalf of users to access and interact with web content. Users can instruct these agents to automate browser-based tasks such as flight bookings, scheduling meetings, sending emails, and even simple research tasks.…

You’ve probably felt your phone buzz and glanced at the screen, only to see an unfamiliar number. Should you answer? Maybe it’s important. Maybe it’s a scam. More often than not, it’s a spam call — an unwanted interruption that wastes your time and potentially puts your personal information at risk. These calls often rely on automated systems that dial thousands of numbers at once. Instead of speaking with a real person, you’re greeted by a pre-recorded pitch or a suspicious message pretending to be from a trusted company. In some cases, the number looks local, even familiar — a…

Mike Perez // At BHIS, a few of our customers have come to us very recently with the “risk du jour”; no, not the Cash for Creds program Beau highlighted but the risk posed when they discover that a business partner or far flung subsidiary has been hit by some ransomware variant.  Side note: Be sure to take a listen to our recent ransomware webcast! To that end, we came up with some quick and dirty recommendations.  Note that these recommendations also apply when you’ve got a partner that has suffered a breach or major infection. Delineate all business processes/possible interactions…

U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. CISA says there are no indications of an ongoing campaign but urges critical infrastructure organizations and other potential targets to monitor their defense due to the current unrest in the Middle East and cyber attacks previously linked to Iran. In a joint fact sheet, the cyber agencies warn that Defense Industrial Base (DIB) companies with ties to Israeli defense and research, are at increased risk at being targeted. Other organizations in critical infrastructure sectors, including energy, water, and healthcare, are…

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini June 30, 2025 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler vulnerability, tracked as CVE-2025-6543, to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-6543 (CVSS score of 9.2) is a memory overflow vulnerability in NetScaler ADC and NetScaler Gateway when configured as a Gateway (e.g., VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. “Memory overflow vulnerability leading to unintended control flow and Denial of Service…

Hong Kong, a key international financial hub, is confronting increasingly sophisticated cyber threats that demand strong cyber resilience to protect its financial stability and economic operations. The dependence on digital platforms by essential infrastructure providers increases the potential impact of cyber attacks. To address this evolving threat landscape, the Hong Kong Monetary Authority (HKMA) launched the Cybersecurity Fortification Initiative (CFI) in 2016. This program aims to strengthen the cyber defenses of the banking industry and is built upon three main components: the Cyber Resilience Assessment Framework (C-RAF), the Professional Development Programme (PDP), and the Cyber Intelligence Sharing Platform (CISP). Acknowledging…

As ubiquitous as mobile devices have become for federal users, agencies still need to maintain a mobile-first mindset as they modernize infrastructure and applications. That’s especially true as artificial intelligence comes into the picture and security concerns grow more intense, said Mark Clancy, senior vice president for cybersecurity at T-Mobile. “It’s cloud and mobile meet AI,” Clancy said during Federal News Network’s Industry Exchange Data 2025. “It’s all about pervasive connectivity, working from anywhere — whether in the office or on the go — but also keeping everything secure.” He added, “You must always have security running and always present.”…

Spanish authorities arrested five members of a criminal network responsible for laundering €460 million stolen through global cryptocurrency investment fraud schemes. Source: Europol The operation, led by the Guardia Civil with support from Europol and law enforcement in Estonia, France, and the United States, uncovered that more than 5,000 victims worldwide were defrauded. The action day led to: 5 arrests (3 on the Canary Islands and 2 in Madrid), and 5 searches (3 on the Canary Islands and 2 in Madrid). Global network enabled crypto fraud The criminal network is suspected of laundering funds through a complex web of corporate…