Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Banner Ancharia Mobile 1
970x20 Itcentric

Author: Stefano Gazzella

The Poison of Curiosity and the Antidote of Cyber Hygiene: A Social Engineering Recipe

Curiosity, that old rascal. It’s the kind of thing that’s been making people click links or open attachments in a decidedly reckless manner for a long time. After all, it’s one of those tricks cybercriminals know well and have no qualms about incorporating into phishing campaigns. And it works damn well , especially when the fishing nets are cast on a large number of recipients. After all, as long as a method works, why change it? Of course, over time, it’s all about designing the right bait through social engineering techniques. But what matters is crafting a good bait that attracts attention,

The “non-sensitive data” trap: the costly mistake for companies

A wonderfully widespread argument among those who work with personal data is that of underestimating the risks or refusing to address them at all. This is the belief that there’s no need to worry about processing “non-sensitive” data. The ontological premise for seeking solutions and corrective measures in the areas of lawfulness and security is the ability to ask the right questions. This is why a tendency to overly easily skip data cannot constitute a functional or even minimally useful strategy. Of course, sensitive data exists under the GDPR and requires high levels of protection. However, this doesn’t mean that all other

Discipline your email first so you don’t regret it later

Managing employee email inboxes is often overlooked by organizations, despite the widespread use of email and its significant impact on privacy and security . Despite being a work tool, an individual email inbox (and therefore, assigned to a single operator) is considered the employee’s digital home and, therefore, requires reasonable protection to safeguard the rights, fundamental freedoms, and dignity of the data subjects involved in the exchange of communications (both the account holder and third parties). This complexity, recognized not only by case law but also by supervisory authorities with regard to applicable data protection legislation, therefore requires particular attention in coordinating

Will this latest article “against” ChatControl be absolutely useless?

We had already discussed the proposed “ChatControl” regulation almost two years ago, but given the roadmap currently underway, we find ourselves embarrassed to have to discuss it again. It feels like déjà vu, but instead of the black cat in the hallway, we are witnessing the EU, alternating generous doses of fatal slopes and stolen arguments, continuing to align its desire for technological control with the US example denounced at the time by Snowden. Probably because of the ambition inherent in the Old Continent, which still believes itself to be the center of the world. But can we really think that it

Regulating out-of-office work: a best practice for organizations and beyond.

When talking about information security, we must first take a breath and realize that we need to dive deeper than just computer systems and directly expressed information. It concerns all information and all information systems. So we must definitely take a deep breath, because otherwise it’s natural to find ourselves feeling a little dizzy, leading us to ignore what is communicated verbally, everything that can be deduced, for example. And if we’re short of oxygen, those who are planning an attack against us—or rather, against a cluster in which we, unfortunately, are included, because we could rarely be special snowflakes for a

The European Union General Court “upholds” the transfer of personal data to the United States. For now

April 1st wasn’t an April Fool’s joke: the first hearing in the Latombe v. Commission case was adjourned to September 3rd for a ruling on the appeal filed for the annulment of the adequacy decision relating to the Data Privacy Framework. An adequacy decision is the legal instrument provided for by Article 13 of the ECHR. 45 GDPR, through which the Commission recognizes that a third country or organization ensures an adequate level of protection, including in relation to a territorial or sectoral scope, thus allowing the international transfer of personal data without the need for further authorizations or conditions. With a

CISO vs. DPO: Collaboration or Cold War in Business?

Managing security is far from simple, it’s not something that can be standardized, and above all, it can’t be achieved through “solutions.” It requires planning, analysis, and the ability to have a holistic vision, and above all, pursuing the objectives of maintaining data and systems at an acceptable level of security. The most common causes of crises are the disconnect between what has been done and what one would like to do, or, even worse, what one believes one has done. In short: both the situation in which the desiderata are unattainable in practice and the situation in which we delude ourselves

Tea Dating App Data Breach: 72,000 Images and Over 1 Million Private Messages

The “Tea Dating Advice” app reported a data breach on July 25, 2025, involving 72,000 images of users registered before February 2024, including 13,000 selfies and documents uploaded for account verification and 59,000 public images from posts, comments, and direct messages. Security researcher Kasra Rahjerdi later reported that a database containing 1.1 million messages containing identifying information (contacts, social profiles) and conversations from 2023 to the present had also been breached. The company has confirmed the breach of this database as well and is investigating the matter. The unauthorized access occurred on a legacy data storage system, with direct access via a