Schneier on Security

MAY 24, 2024

The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing 330

Marketing Spyware Surveillance Government 330

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. ” continues the report.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Troy Hunt

DECEMBER 30, 2018

So here it is - 10 Personal Financial Lessons for Technology Professionals. For example, the ICT industry (Information, Communication, Technology) was the 5th highest paying with an average salary of $104,874 (dollars are Aussie, take off about 30% for USD). Intro: This Industry Rocks! Banking is below that. Medical even lower.

Technology 280

Technology Education Marketing Insurance 280

Schneier on Security

MARCH 21, 2024

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. Given how transformative this technology will be for the world, this is a problem. It’s nothing I haven’t said here before, but for anyone who hasn’t read my longer essays on the topic, it’s a shorter introduction.

Small Business 344

Small Business Government Technology Marketing 344

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. We can expect security teams feeling pressure to adopt new technology quickly.

Risk 173

Risk Threat Detection Technology Phishing 173

Krebs on Security

DECEMBER 14, 2020

Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. accounting firms. Communications at the U.S. Fortune 500. all five branches of the U.S. the Pentagon.

Hacking 363

Hacking Antivirus Software Accountability 363

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. Protect your social media accounts by using Malwarebytes Identity Theft Protection. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant.

Encryption 141

Encryption Identity Theft Media Telecommunications 141

Malwarebytes

JANUARY 21, 2025

Graylark Technologies who makes GeoSpy says its been developed for government and law enforcement. But the investigative journalists from 404 Media report thatthe tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women.

Media 142

Media Artificial Intelligence Identity Theft Surveillance 142

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government 144

Government VPN Accountability Authentication 144

Centraleyes

MAY 27, 2024

What is the Centraleyes AI Governance Framework? The AI Governance assessment, created by the Analyst Team at Centraleyes, is designed to fill a critical gap for organizations that use pre-made or built-in AI tools. What are the requirements for AI Governance? The primary goals of the AI Governance assessment are threefold.

Government 110

Government Risk Technology Data collection 110

Schneier on Security

APRIL 9, 2024

It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred.

Hacking 331

Hacking Government Accountability Technology 331

Malwarebytes

NOVEMBER 8, 2024

The Government of Canada ordered the TikTok Technology Canada Inc. The government is taking action to address the specific national security risks related to ByteDance Ltd.’s s operations in Canada through the establishment of TikTok Technology Canada, Inc.

Media 126

Media Identity Theft Government Technology 126

BH Consulting

MARCH 26, 2025

If there is one statistic that sums up the increasing pace of technological change, it might well be this. In a presentation titled Digital governance for boards and senior executives: AI, cybersecurity, and privacy , she called on her extensive experience advising boards on these areas. Where should they focus their attention?

Government 52

Government Artificial Intelligence Risk Digital transformation 52

Troy Hunt

FEBRUARY 25, 2025

Origin Story Last month after loading the aforementioned corpus of data, someone in a government agency reached out and pointed me in the direction of more data by way of two files totalling just over 5GB. Another path had "ve", so it was off to Caracas and the Venezuelan victim's account was confirmed. Up to speed?

Passwords 361

Passwords Accountability VPN Malware 361

Security Affairs

SEPTEMBER 23, 2023

The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. The attack impacted all the government departments. ” said Burt.

Cyber Attacks 139

Cyber Attacks Government Internet Internet 139

Jane Frankland

JANUARY 19, 2025

For us in cyber, how do we navigate these new digital threats especially when we layer in the rise of AI and deepfake technologies, and the stakes grow even higher? Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity 130

Cybersecurity Technology Scams Risk 130

Responsible Cyber

NOVEMBER 23, 2024

Gartner’s insights on TPRM reveal actionable strategies to mitigate risk, optimize governance, and ensure data-sharing efficiency for better business outcomes. The Case for Efficient Governance Effective governance lies at the heart of successful TPRM.

Risk 105

Risk Government Education Technology 105

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. Compromising a single Gmail account can grant access to an extensive personal and corporate data treasure trove.

Phishing 113

Phishing Artificial Intelligence Password Management Accountability 113

The Last Watchdog

MARCH 24, 2025

There are two sides to this: 1) assessing a technology vendors cryptoagility efforts in your RFPs as a part of determining third-party tech supplier risk, 2) assessing a technology vendors capability to help you in your PQC migration as technology functionality you can use.

Encryption 130

Encryption Financial Services Technology Risk 130

The Last Watchdog

DECEMBER 18, 2024

To mitigate risks, businesses will invest in modern, privacy-enhancing technologies (PETs), such as trusted execution environments (TEEs) and fully homomorphic encryption (FHE). state privacy laws, the EUs governance of ethical AI deployment, and updated regulations in India and Japan. EU AI Act) demand proactive adaptation.

Cybersecurity 130

Cybersecurity CISO Risk Government 130

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 291

Scams Artificial Intelligence Cryptocurrency Accountability 291

Schneier on Security

MAY 3, 2019

It's an impassioned debate, acrimonious at times, but there are real technologies that can be brought to bear on the problem: key-escrow technologies, code obfuscation technologies, and backdoors with different properties. Public-interest technology isn't new. We need public-interest technologists.

Cybersecurity 275

Cybersecurity Technology Government Internet 275

Jane Frankland

APRIL 18, 2025

Organisations invest heavily in governance, risk, and compliance (GRC) and risk management efforts while neglecting foundational elements like leadership and culture. Without these foundations, all the technology in the world wont secure your organisation. However, technology alone cannot solve the security puzzle. The result?

Cybersecurity 130

Cybersecurity Technology Risk Security Awareness 130

The Last Watchdog

JUNE 23, 2021

These hacking waves contribute to the harvesting of account credentials and unauthorized access to loosely-configured servers; and these ill-gotten assets can, in turn, be utilized to execute different stages of higher-level hacks, such as account takeovers and ransomware campaigns. Remote desktop risks.

Accountability 201

Accountability Passwords Hacking Cyber Risk 201

Schneier on Security

MARCH 5, 2019

It's an impassioned debate, acrimonious at times, but there are real technologies that can be brought to bear on the problem: key-escrow technologies, code obfuscation technologies, and backdoors with different properties. Public-interest technology isn't new. We need public-interest technologists.

Cybersecurity 265

Cybersecurity Technology Government Internet 265

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Mobile 112

Mobile Telecommunications Data breaches Hacking 112

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. Click to enlarge.

DDOS 324

DDOS Internet Internet Government 324

SecureWorld News

FEBRUARY 25, 2025

It is recommended that organizations should consider AI-powered deception technologies to detect and neutralize AI-driven threats. As AI takes a larger role in cybersecurity, governance and ethical AI usage must become a priority. The use of AI by threat actors means that traditional cybersecurity defenses may no longer be sufficient.

Cybersecurity 99

Cybersecurity Social Engineering Artificial Intelligence Cyber threats 99

Security Affairs

DECEMBER 1, 2024

The increasing sophistication of these technologies has made it harder than ever to distinguish real content from fake. A study by the Massachusetts Institute of Technology (MIT) presented in 2019 revealed that deepfakes generated by AI could deceive humans up to 60% of the time. As the technology evolves, so will its misuse.

Artificial Intelligence 132

Artificial Intelligence Phishing Media Cyber threats 132

Security Affairs

JANUARY 11, 2025

“On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group.” After discovering the security breach, the company investigated the incident and notified law enforcement.

Data breaches 111

Data breaches Retail Cybercrime Government 111

Security Affairs

OCTOBER 28, 2024

While conventional “internal” employees account for 29% of identities, non-employees or “external identities” in aggregate (contractors, vendors, etc.) account for nearly half of the total users (48%). And therein lies the problem: Your enterprise could be at risk if their credentials are unsafe. Let’s see how.

B2B 124

B2B Cybersecurity Risk Identity Theft 124

SecureList

FEBRUARY 20, 2025

Kaspersky Managed Detection and Response service (MDR) provides round-the-clock monitoring and threat detection, based on Kaspersky technologies and expertise. in government, 17.8% Human-driven targeted attacks accounted for 43% of high-severity incidents 74% more than in 2023 and 43% more than in 2022. in IT, 18.3%

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

Schneier on Security

MAY 6, 2019

Enable two-factor authentication for all important accounts whenever possible. Watch your credit reports and your bank accounts for suspicious activity. The best way for you to protect yourself is to change that incentive, which means agitating for government oversight of this space.

Identity Theft 279

Identity Theft Passwords Password Management Authentication 279

Security Affairs

DECEMBER 9, 2024

On June 20, 2024, the group targeted an Indonesian data center causing the disruption of around 210 critical government services, including customs and immigration. Their ransom notes share stylistic similarities with SenSayQ ransomware, and their TOR websites use similar technologies. Deloitte has faced hacking claims twice recently.

Hacking 122

Hacking Ransomware Accountability Architecture 122

The Last Watchdog

SEPTEMBER 25, 2023

Taking an active role Your cybersecurity policy should address your employees and technology systems. Taurins It’s also essential your business evaluates its technology and keeps it regularly updated to the latest security standards. Security places a crucial role in your technology. Employee training is crucial.

Small Business 222

Small Business Cybersecurity Technology Accountability 222

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords 362

Passwords Accountability Hacking Password Management 362

Krebs on Security

MAY 18, 2022

for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. would be permanently deleted. ’ ID.me

Government 288

Government Accountability Surveillance Data collection 288