Latest news with #breaches
Associated Press
21 hours ago
- Sport
- Associated Press
Man City fined more than $1 million for repeatedly delaying Premier League kickoff times
Manchester City was fined more than one million pounds ($1.35 million) by the Premier League on Thursday for repeatedly delaying kickoff times 'without good reason' last season. City, managed by Pep Guardiola, admitted to nine breaches of league rules related to kickoffs and re-starts after halftime and has apologized. The most dominant team in English soccer over the past decade was handed fines for each breach, amounting to 1.08 million pounds ($1.45 million). The biggest individual fine was 210,000 pounds ($283,000) for a delay of 2 minutes, 22 seconds at the start of the second half against Ipswich on Jan. 19. 'Rules relating to kickoffs and re-starts help ensure the organization of the competition is set at the highest possible professional standard and provides certainty to fans and participating clubs,' the Premier League said in a statement. 'It also ensures the broadcast of every Premier League match is kept to schedule.' City, currently in the U.S. for the Club World Cup, delayed kickoffs for the start of both halves in a match against Manchester United in December. The start of the second half was delayed 2 minutes, 24 seconds — the longest of all the breaches. Last year, City was fined 2.09 million pounds ($2.8 million) for 22 breaches of the same rule over the previous two seasons. City is still waiting on the outcome of a hearing into more than 100 charges of alleged financial breaches over a nine-year period. The hearing began in September last year after charges were made in February 2023. ___ James Robson is at ___ AP soccer:
Forbes
2 days ago
- Business
- Forbes
Multiplayer AI: The New Operating Model For Identity Security
Dr. John Pritchard is the Chief Product Officer at Radiant Logic, responsible for the company's global product vision. AI-powered deepfakes and credential attacks are rewriting the rules of cyber risk, with identity-related breaches now costing organizations an average of $4.45 million per incident and accounting for over 70% of successful attacks on enterprise infrastructure and supply chains. Despite record investments in detection and response, breaches keep making headlines. Why? I call this the identity security paradox: More technology doesn't equal protection, especially if tools—and the people and AI agents using them—don't work together. Identity is the primary attack surface in the enterprise. Most organizations built their identity security stack on a traditional combination of IAM, IGA and PAM, but the rapid proliferation of cloud apps, machine identities and AI agents outpace these traditional controls. The result? Siloed data, unmanaged privileged accounts and hidden nonhuman identities—each a potential attack vector. Gartner finds that 65% of organizations still lack IAM maturity, weighed down by technical debt and fragmented architectures. Point solutions deployed to 'fix' audit findings or compliance gaps create more complexity, not less. Attackers exploit these seams, moving laterally between systems and identities that aren't monitored holistically. CISA's Silentshield Red Team Assessment demonstrated that decentralized teams and poor communication allowed adversaries to persist undetected, even when individual groups spotted anomalies. The lesson is clear: Solo efforts—whether a lone expert, an isolated AI agent or a disconnected tool—cannot keep pace with adversaries who are increasingly agile, automated and collaborative. To close these gaps, interoperability must become the standard for tools and the people and AI agents using them. Interoperability means more than connecting dashboards or sharing alerts. It's about ensuring that identity security posture management (ISPM) and identity threat detection and response (ITDR) systems share data, context and workflows in real time, across both human and machine identities. Gartner recommends a 'system of systems' approach, built on identity fabric principles, to support zero trust and intelligent automation. This means breaking down technical and organizational silos so prevention and detection teams operate from a unified, continuously updated single source of truth for identity data—a concept Gartner identifies as foundational for modern identity security. This trusted, authoritative data layer enables faster, more accurate decisions and ensures that every team acts on the same intelligence. When ISPM and ITDR interoperate, and when human and AI teammates collaborate based on shared reference points, blind spots shrink and attackers have fewer seams to exploit. I call the next evolution in identity security: multiplayer AI—intelligent systems designed to amplify human capabilities through enhanced teamwork. Gartner predicts by 2027, 90% of successful AI implementations in cybersecurity will focus on tactical task automation and process augmentation, not full autonomy or staff replacement. Multiplayer AI enables human and AI collaboration, breaking down silos and bridging gaps between prevention and detection. AI excels at analyzing vast datasets, detecting patterns humans miss and automating repetitive processes. Critical decisions, like determining whether anomalies are a threat or false positives, still require human judgment and contextual understanding. Studies show organizations using collaborative AI models—human decisions based on AI recommendations—see faster response times, fewer security incidents and improved resilience. The key is not just technology, but teamwork: AI handles the heavy lift of data processing and pattern recognition, while humans provide creativity, ethical oversight and business context. Thankfully, the industry is moving quickly. With the meteoric rise of agentic AI, open standards like Model Context Protocol (MCP) and Agent2Agent (A2A) are enabling AI agents from different vendors, clouds and frameworks to communicate, share context and coordinate tasks securely. Technology partners including OpenAI, Microsoft and Google are already adopting these protocols, breaking down silos that limit automation's impact. For business leaders, agentic AI means specialized agents for threat detection, access management, compliance and user behavior analytics can now form ad hoc teams-automating complex workflows and adapt to new threats. By 2028, Gartner forecasts multiagent AI will account for 70% of threat detection and response implementations, primarily to augment—not replace—staff. Early adopters will see measurable results: Leveraging agent-to-agent collaboration is predicted to cut attacker dwell time in compromised environments by up to 50%, while accelerating response and reducing operational risk. When humans and AI work together, identity security becomes faster, smarter and more resilient. 1. Establish an interoperability baseline. Audit ISPM and ITDR tools for data sharing and workflow integration across human and machine identities. Ensure architectures support agent-to-agent interoperability using open standards like MCP and A2A, so specialized agents can collaborate and automate cross-vendor workflows. Set quarterly targets to reduce IAM tool integration gaps. 2. Pilot tactical AI augmentation. Start with a focused, data-driven use case, such as automated privilege review or anomaly detection. Track improvement in response time and risk reduction. 3. Build AI literacy and human oversight. Train teams on both the benefits and limits of AI, including where human verification is required in critical workflows. 4. Continuously review identity hygiene. Use AI-driven discovery to identify unused or risky accounts, but require human validation before making changes. Aim to reduce privileged account sprawl and remediate orphaned accounts as they are detected. 5. Measure what matters. Track outcome-driven metrics such as percentage reduction in excessive permissions, improvement in MFA deployment rates and decreased incident response times. For example, reducing excessive permissions by 20% and increasing MFA coverage to 95% of privileged accounts within one year. The next breach won't be stopped by just another dashboard or a new AI agent. Organizations that have achieved true interoperability across tools, teams and AI will be able to respond more accurately to security issues. Multiplayer AI and agent-to-agent collaboration will lead the blueprints for resilience in the age of AI turbulence. Start by assessing your current environment for interoperability gaps, unify your tools and teams and empower your people with AI that amplifies—not replaces—their expertise. In the high-stakes game of identity security, victory belongs to those who play as a team. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
BBC News
03-06-2025
- Business
- BBC News
EFL charges Sheffield Wednesday over payment delays
Sheffield Wednesday have been charged by the English Football League with multiple breaches of its regulations relating to payment Dejphon Chansiri has also been charged with "causing the club to be in breach of EFL Regulations despite his commitment to fund their cash requirements".The charges relate to the club failing to pay players' wages on time and in full in both March and May this club and Chansiri have 14 days to respond to the charges.
BBC News
25-05-2025
- Health
- BBC News
Jersey organisations urged to get data protection basics right
The head of a Jersey data protection body has urged organisations to "get the basics right" if they want to avoid breaches of personal follows a virtual audit of a health department by the Jersey Office of the Information Commissioner (JOIC) which it said holds sensitive information and had suffered breaches in the past. While there were areas of good practice the audit set timeframes for improvements in staff training and ensuring it had relevant and effective data protection policies and commissioner Paul Vane said he hoped the results of the audit sent a "very strong message" to organisations trusted with people's data. 'Distress and harm' The JOIC is a part of the Jersey Data Protection Authority and is responsible for overseeing the data protection and freedom of information its audit process the JOIC assesses policies, processes and levels of compliance with data protection law, highlight potential risks and set timeframes for most recent audit follows a separate review of part of the island's health sector in March. "Organisations should be getting the basics right to avoid breaches which can cause distress and harm to individuals and reputational damage," Mr Vane said. "Elements of this most recent audit mirror the findings from a separate audit on a health service sector that we published earlier this year."We publish key findings to allow those processing personal information in Jersey, no matter how small or large their organisation, to benefit from the lessons learned."We hope lessons from our audits as well as other enforcement actions send a very strong message to those operating in Jersey that are entrusted with islanders' personal information."
Fox News
24-05-2025
- Fox News
19 billion passwords have leaked online: How to protect yourself
Passwords are outdated, and it's time for both tech companies and users to move on. There, I said it. Like it or not, the weakest link in cybersecurity is anything that relies on human input. While organizations continue to invest in firewalls and endpoint security, the most persistent vulnerability remains the human password. The internet has long struggled with poor password practices, but a recent discovery highlights just how serious the problem is. Security researchers have uncovered more than 19 billion newly leaked passwords, collected from hundreds of breaches between April 2024 and April 2025. An astonishing 94% of these passwords were either reused, predictable or both. Between April 2024 and April 2025, data from nearly 200 separate cybersecurity incidents became publicly available, as discovered by Cybernews. These were not isolated events. They involved massive leak repositories including combolists, stealer logs and compromised databases. In total, over 3 terabytes of raw leaked data were analyzed, comprising more than 19 billion passwords. Only 6 percent of these, just over 1.1 billion, were unique. Among the most used passwords, "123456" appeared in over 338 million instances. Words like "Password" and "admin" followed close behind, despite years of public warnings. Such defaults often originate from devices like routers or enterprise tools, where they are rarely changed and frequently reused elsewhere. Personal names remain a common pattern as well. The name "Ana" appeared in nearly 179 million passwords, followed by countless other first names and name-based combinations. Pop culture, food, cities and even swear words were frequent themes. Words like "Mario," "love," "pizza," "Rome" and various profanities were not just creative choices. They are now security liabilities. Even worse, attackers do not need to guess anymore. They have automation. Credential stuffing tools now run through billions of known passwords across hundreds of platforms, breaching accounts at success rates as high as two percent. That equates to thousands of compromised profiles, bank accounts, emails and cloud tools every single day. According to CyberNews researcher Neringa Macijauskaite, the core issue is not just weak passwords but how often they are reused. Only six percent of passwords are unique. For most users, security depends entirely on two-factor authentication, if it is enabled at all. Most passwords fall between eight to 10 characters, with eight being the most common. Around 27 percent of them contain only lowercase letters and digits, making them highly vulnerable to brute force attacks. Less than 20 percent use a mix of cases and numbers, and only a small fraction includes symbols. Despite widespread education efforts, user habits remain stagnant, but one positive trend has emerged. In 2022, only one percent of passwords used a mix of lowercase, uppercase, numbers and symbols. Now that figure has grown to 19 percent, likely driven by stricter password requirements across platforms. Get a free scan to find out if your personal information is already out on the web. Reused or weak passwords pose a massive threat, not just to individuals but to organizations. A single compromised password can trigger a domino effect, exposing multiple accounts across services. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here. Protecting your data requires a mix of smart security habits and reliable tools. Here are four effective ways to keep your information safe. 1. Enable two-factor authentication (2FA): Even if your password is stolen, 2FA adds an extra layer of security by requiring a second form of verification, such as a code from an authentication app or biometric confirmation. Cybercriminals rely on stolen usernames and passwords to break into accounts, but with 2FA enabled, they cannot gain access without the additional security step. Make sure to enable 2FA on important accounts like email, banking and work-related logins. 2. Use strong antivirus software and be cautious with downloads and links: Infostealer malware is the root cause of why your password is out there. It often spreads through malicious downloads, phishing emails and fake websites. Avoid downloading software or files from untrusted sources, and always double-check links before clicking them. Attackers disguise malware as legitimate software, game cheats or cracked applications, so it is best to stick to official websites and app stores for downloads. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Keep software updated: Cybercriminals exploit outdated software to deliver malware. Keeping your operating system, browsers, and security software up to date ensures that known vulnerabilities are patched. Enable automatic updates whenever possible, and install reputable antivirus or endpoint protection software that can detect and block infostealer threats before they compromise your system. 4. Consider a personal data removal service: These services can help remove your personal information from data broker sites, reducing your risk of identity theft, spam and targeted scams. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. When it comes down to it, passwords just aren't cutting it anymore. The sheer number of leaked passwords and the fact that so few are unique show how vulnerable we really are. Cybercriminals are getting smarter and faster, but we don't have to make it easy for them. By using password managers, enabling two-factor authentication, keeping our software updated and considering extra privacy tools, we can take back some control over this situation. It might take a little effort to change old habits, but the peace of mind you get is worth it. How many of your accounts use the same password or a variation of it? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most-asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
