2006, Information Security and Risk - Cyber Security Informer

2006

Information Security

Risk

The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control

Cisco Security

JULY 12, 2021

Chief Information Security Officers (CISOs) across the Global 2000 and Fortune 1000 are obsessed with protecting the workforce endpoints as critical vulnerabilities in the cybersecurity and risk management posture of their enterprises. Should a risk-conscious, security-aware culture be considered a critical security control?

Security Awareness

Security Awareness Risk CISO Cybersecurity

MI5 seized Boris Johnson’s phone over security risk fears

Security Affairs

JUNE 21, 2021

In April, media reported that Boris Johnson ‘s personal mobile phone number has been freely available on the internet for the past 15 years after it was published in a think tank press release in 2006, but never deleted. The post MI5 seized Boris Johnson’s phone over security risk fears appeared first on Security Affairs.

Risk

Risk Mobile Spyware Hacking

Join 28,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Trending Sources

OWASP discloses a data breach

Security Affairs

APRIL 1, 2024

The incident impacted OWASP members from 2006 to around 2014 who provided their resumes as part of joining OWASP. Exposed resumes contained names, email addresses, phone numbers, physical addresses, and other personally identifiable information. Nothing needs to be done if the information at risk is outdated.

Data breaches

Data breaches Mobile Software Media

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence

Security Affairs

MARCH 7, 2025

Cynthia Dwork (2006) introduced the fundamental idea, established its mathematical basis, and illustrated how privacy guarantees can be attained by adding numerical work. Differential privacy in Finance AI Financial institutions use AI-driven data for fraud detection, segmentation, and risk assessment.

Artificial Intelligence

Artificial Intelligence Healthcare Data privacy Banking

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

“URGENT/11 poses a significant risk to all of the impacted VxWorks connected devices currently in use. This timespan might be even longer, as according to Wind River, three of the vulnerabilities were already existent in IPnet when it acquired the stack from Interpeak in 2006.” Pierluigi Paganini.

Risk

Risk IoT Firewall DNS

Threat actors offer for sale data for 50 millions of Moscow drivers

Security Affairs

OCTOBER 24, 2021

Stolen data spans from 2006 and 2019, local media outlets have confirmed their authenticity. Threat actors are also offering a file containing information from 2020 to those that will buy the database. Threat actors are also offering a file containing information from 2020 to those that will buy the database. Pierluigi Paganini.

Insurance

Insurance Hacking Cybercrime Media

Critical unauthenticated remote code execution flaw in OpenSSH server

Security Affairs

JULY 1, 2024

The issue is due to a signal handler race condition, Qualys researchers state that the flaw poses a considerable risk because it affects sshd in its default configuration. The flaw was introduced with the fix for another vulnerability, tracked as CVE-2006-5051. This race condition affects sshd in its default configuration.”

Internet

Internet Internet Risk Hacking

Experts found three new 15-year-old bugs in a Linux kernel module

Security Affairs

MARCH 13, 2021

The flaws were present in the component since it was being developed in 2006. This driver became more visible due to a fairly new technology (RDMA) and default behavior based on compatibility instead of risk.” The first vulnerability, tracked as CVE-2021-27365, is a heap buffer overflow in the iSCSI subsystem.

Hacking

Hacking Accountability Technology Risk

US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

JANUARY 23, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Authentication

Authentication Hacking Government Risk

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

As a member of the club, he competed in a local programming competition, helping the team to win in both 2005 and 2006. This ruling has caused some concerns in the information security community. We don’t just report on threats—we remove them Cybersecurity risks should never spread beyond a headline.

Malware

Malware Passwords Identity Theft Data collection

Topic-specific policy 7/11: backup

Notice Bored

OCTOBER 19, 2021

We don't always take the trouble to consult with colleagues, research the topic, explore the risks and controls, and think both broadly and deeply about the subject area - the topic of the policy. My concern is that it still only covers part of the problem space, a peak on the risk landscape you could say.

Backups

Backups Risk Internet Internet

Redesigning the Security Narrative

Duo's Security Blog

APRIL 29, 2022

As I immersed myself in foreign concepts around the information security industry, marketing, and business practices at scale, I grew to appreciate not just the technology we were building at Duo, but the people who built it, the diverse audiences that we addressed, and the unique problems-to-solve around security at large.

Marketing

Marketing InfoSec Architecture Authentication

US Government Accountability Office Releases New Report On The Internet of Things (IoT)

Privacy and Cybersecurity Law

MAY 19, 2017

One sensor called an accelerometer cost an average of $2 in 2006. With these benefits comes potential risk. The GAO report identifies five risk categories presented by the onset of new IoT technology: (1) information security; (2) privacy; (3) safety; (4) standards; and (5) economic issues. Information security.

IoT

IoT Internet Internet Computers and Electronics

The Essential Guide to Radio Frequency Penetration Testing

Pen Test

OCTOBER 12, 2023

GHz and 5 GHz bands, providing high-speed wireless internet connectivity (Kurkovsky, 2006). Wireless communication is susceptible to diverse security challenges such as eavesdropping, data interception, and unauthorized access (Chen, 2015). Journal of Information Security Research, 25(1), 78-91. H., & Yau, K.

Penetration Testing

Penetration Testing Wireless IoT Technology

The Hacker Mind: Shattering InfoSec's Glass Ceiling

ForAllSecure

MARCH 8, 2023

What if you are a woman in information security? I’m Robert Vamosi, and in the episode I’m talking about diversity, equality, and inclusion in information security with one of the industries' most successful examples. And, and how that how that is related to security or how that can be secured.

InfoSec

InfoSec Engineering CSO Hacking

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

The Security Ledger

AUGUST 12, 2021

It is no news to anyone who has stayed abreast of the cyber security space that vulnerable software and hardware pose a serious risk to critical infrastructure in the United States. It is also no secret that sophisticated nation-state adversaries have made a habit of poking around inside sensitive government and corporate networks. .

Cybersecurity

Cybersecurity Cyber Risk Government Financial Services

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

In 2006, the researchers conducted a sabotage test with centrifuges, and President George Bush authorized the operation. Symantec researchers discovered that the Stuxnet code was updated over time, in May 2006 and in February 2007, when the Iran’s government began installing the centrifuges at Natanz.

Malware

Malware Engineering Advertising Hacking

CISSPs from Around the Globe: An Interview with Chinyelu Philomena Karibi-Whyte

CyberSecurity Insiders

DECEMBER 1, 2021

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.

Education

Education Security Awareness Risk Cybersecurity

The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control

MI5 seized Boris Johnson’s phone over security risk fears

Webinars

Trending Sources

OWASP discloses a data breach

Webinars

The Role of Differential Privacy in Protecting Sensitive Information in the Era of Artificial Intelligence

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Threat actors offer for sale data for 50 millions of Moscow drivers

Critical unauthenticated remote code execution flaw in OpenSSH server

Experts found three new 15-year-old bugs in a Linux kernel module

US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

Alleged FruitFly malware creator ruled incompetent to stand trial

Topic-specific policy 7/11: backup

Redesigning the Security Narrative

US Government Accountability Office Releases New Report On The Internet of Things (IoT)

The Essential Guide to Radio Frequency Penetration Testing

The Hacker Mind: Shattering InfoSec's Glass Ceiling

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

CISSPs from Around the Globe: An Interview with Chinyelu Philomena Karibi-Whyte

Stay Connected