Dataproof Communications

Updated the build numbers. This is an informational update only. - Read more

Australian business leaders are focused on AI, digital transformation, and cybersecurity. Learn how to move from AI hype to AI help at Elastic{ON} Sydney 2026, focusing on agentic AI and context engineering across search, observability, and security. - Read more

In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5 hashes. - Read more

For the latest discoveries in cyber research for the week of 19th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Spanish energy company Endesa has disclosed a data breach after unauthorized access to a commercial platform used to manage customer information. Media report attackers listed over 1 terabyte of data, including IBANs, for sale. Belgian hospital AZ Monica has...

In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone numbers, genders and physical addresses. The Ministry of Sports subsequently released a statement acknowledging the incident. - Read...

Microsoft has released an out-of-band emergency update to resolve a critical issue affecting Remote Desktop connections on Windows client devices. The problem emerged immediately following the installation of the January 2026 security update, identified as KB5074109. Administrators and users reported widespread credential prompt failures when attempting to sign in via the Windows App, significantly disrupting access to Azure Virtual...

Let’s Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options became available starting in early 2026, addressing long-standing issues in certificate security. Short-lived certificates last just 160 hours, about six and a half days, while IP-based ones tie directly to IP addresses instead of domain names....

What is the Attack? An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations in North America. Observed activity includes targeted intrusions aimed at gaining initial access, credential harvesting,...

A new Top 10 Cybersecurity Innovators profile by AppGuard has been released, spotlighting growing concerns over AI-enhanced malware. AI makes malware even more difficult to detect. Worse, they use AI to assess, adapt, and move faster than any cyber stack can keep up. The report advocates for a fundamental change in approach, highlighting the limitations...

In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one, so you...