Accountability, InfoSec and Technology - Cyber Security Informer

Thinking About the Future of InfoSec (v2022)

Daniel Miessler

MARCH 20, 2022

The ideas will cover multiple aspects of InfoSec, from organizational structure to technology. Technology. At the highest level, I think the big change to InfoSec will be a loss of magic compared to now. Technology. HT to Jeremiah Grossman to also being very early to seeing the role of insurance in InfoSec.

InfoSec

InfoSec Insurance Technology Engineering

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

For example, mine was just one of many tens of thousands of Pfizer email addresses, and that sort of thing is going to raise the ire of some folks in corporate infosec capacities. DemandScience is what we refer to as a "data aggregator" in that they combine identity data from multiple locations, bundle it up, and then sell it.

Data breaches

Data breaches Passwords B2B Technology

Professional services infosec policy template

Notice Bored

MAY 12, 2022

Professional services engagements, and hence the associated information risks, are so diverse that it made no sense to specify particular infosec controls, except a few examples. The policy is generic, pragmatic and yet succinct at just over 2 pages. and that once again emphasises that corporate policies form a mesh.

InfoSec

InfoSec Risk Accountability Government

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

FEBRUARY 4, 2024

” This one, as far as infosec stories go, had me leaning and muttering like never before. Online security, technology and “The Cloud” Australian.", But fortunately these days many people make use of 2 factor authentication to protect against account takeover attacks where the adversary knows the password.

Passwords

Passwords Accountability Backups Data breaches

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Security Boulevard

JANUARY 16, 2022

The post Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation appeared first on The Shared Security Show. The post Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation appeared first on Security Boulevard.

Accountability

Accountability Antivirus Cryptocurrency Scams

Deepfake Fraud, Data Brokers Tracking Military Personnel

Security Boulevard

NOVEMBER 24, 2024

In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel.

Media

Media Technology Accountability Surveillance

The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers

Threatpost

AUGUST 30, 2021

In part one of a two-part series, Akamai's director of security technology and strategy, Tony Lauro, lays out what orgs need to know to defend against account takeover attacks.

Accountability

Accountability Technology InfoSec

CSTA Turns 400 – Proof That Technology Integrations Is Exactly What You Are Looking For

Cisco Security

AUGUST 26, 2021

We constantly see new threats, and threat vectors, come and go; which puts a tremendous strain on the InfoSec teams that have to protect organizations and businesses from these threats. With the addition of Kenna Security into our program we now have over 250 technology partners and over 400 integrations for our mutual customers to utilize.

Technology

Technology Firewall VPN Authentication

InfoSec Leaders Weigh in on New SEC Rules Making CISO Hotseat Hotter

SecureWorld News

JULY 31, 2023

Cybersecurity professionals have various views on last week's news from the United States Securities and Exchange Commission (SEC) when it surprised the InfoSec community and the C-suites of corporate America. Management is required to connect the dots of cybersecurity impacts on the business. After all, a CISO can't do it all.

CISO

CISO InfoSec Risk Cybersecurity

Difference between Information Security and Cybersecurity

CyberSecurity Insiders

OCTOBER 3, 2022

Information Security- Protection of information and the information storing systems from unauthorized access accounts to Information Security. The term InfoSec aka Information Security is often used to determine availability of the systems and to protect the data integrity and confidentiality.

Information Security

Information Security Cybersecurity Computers and Electronics InfoSec

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard

Security Boulevard

SEPTEMBER 26, 2021

The post No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard appeared first on The Shared Security Show. The post No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard appeared first on The Shared Security Show.

Internet

Internet Internet Passwords Accountability

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

Security Boulevard

DECEMBER 30, 2024

As the rules were authorized in late 2023, we shared what we see as the implications for infosec leaders. Check Point Software Technologies Ltd. In partnership with senior executives, they need to pay close attention to the risks their companies face and the strategies those companies put in place to comply. Avaya Holdings Corp.,

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON , a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. A marketing slide deck promoting i-SOON’s Advanced Persistent Threat (APT) capabilities.

Government

Government Hacking Cyber threats Mobile

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Security Boulevard

FEBRUARY 5, 2023

Three […] The post Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass appeared first on The Shared Security Show. The post Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass appeared first on Security Boulevard.

Password Management

Password Management Passwords Accountability Phishing

Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser

Security Boulevard

AUGUST 21, 2022

The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on The Shared Security Show. The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on Security Boulevard.

Authentication

Authentication Accountability Hacking Ransomware

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Through the course of this year, Gartner forecasts that the infosec market will climb 9 percent to $124 billion. Yet, technology alone isn’t all that’s required. The perpetrators deploy botnets to automate the injection of surreptitiously obtained usernames and password pairs until they gain fraudulent access to a targeted account.

Passwords

Passwords Password Management Internet Internet

Why Taylor Swift Fans Should Work in Cybersecurity

SecureWorld News

SEPTEMBER 12, 2023

On June 14, 2019, Taylor Swift posted a seemingly random string of text to her social media accounts: gxgjxkhdkdkydkhdkhfjvjfj!!! These skills also happen to apply to information security (infosec) and cyber threat intelligence and research. And you'll leave your first infosec conference with an armful of them.

Cybersecurity

Cybersecurity InfoSec Threat Detection Accountability

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Security Boulevard

JANUARY 21, 2024

Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.

Media

Media Accountability Hacking Scams

Authentication is Outdated: A New Approach to Identification

CyberSecurity Insiders

JULY 3, 2021

As any infosec manager will tell you, no matter how secure your infrastructure, anyone with the right credentials can walk through the front door. They also can use stolen personal information for identity theft, opening fraudulent accounts. We are already seeing the adoption of similar technologies.

Authentication

Authentication Identity Theft Technology InfoSec

Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware

Security Boulevard

MARCH 10, 2024

In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user’s and Meta’s part.

Media

Media Accountability Hacking Malware

Launching the First “Yomi Hunting” Challenge!

Security Affairs

FEBRUARY 17, 2020

About a year ago, we publicly released the Yomi Hunter sandbox for a few simple reasons: in Yoroi we believe in the InfoSec community value, we think it plays a central role in the fight of cyber-threats and we feel the need to support it. . It was natural for us to try to give back something to the community we believe in, concretely.

InfoSec

InfoSec Malware Advertising Cyber threats

News Alert: Adaptive Shield to showcase new ITDR platform for SaaS at Black Hat USA

The Last Watchdog

JULY 30, 2024

Adaptive Shield will demonstrate its new ITDR platform and award-winning technology at booth #1268 during Black Hat USA, from August 7-8, 2024, showcasing its capabilities with the most complex threat detection use cases and campaigns seen in the wild. Account hijacking through user compromised user devices.

Threat Detection

Threat Detection Accountability InfoSec Technology

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

Mandiant said the attackers will continue to change their tactics and malware, “especially as network defenders continue to take action against this adversary and their activity is further exposed by the infosec community.” “COVID-19 extended the life of these companies and technologies, and that’s unfortunate.”

Risk

Risk VPN Internet Internet

Why Human Input Is Still Vital to Cybersecurity Tech

SecureWorld News

APRIL 17, 2022

It can certainly be said that advances in technology have had a huge impact on cybersecurity in recent years. It was once the case that cybersecurity technology consisted of little more than a firewall and antivirus software. This essentially fulfills the same role as a Google Account, with all of your passwords stored for you.

Cybersecurity

Cybersecurity Passwords Technology Password Management

The Rise of Data Sovereignty and a Privacy Era

SecureWorld News

JUNE 24, 2024

Additionally, there sectoral privacy regulations in the United States, such as the Health Insurance Portability and Accountability Act (HIPAA), and state level regulations like the California Consumer Privacy Act (CCPA). Traditionally, InfoSec lies within the IT organization, and Privacy is housed inside the Legal department.

IoT

IoT InfoSec Artificial Intelligence Risk

Careers in cybersecurity: Malwarebytes talks to teachers and students

Malwarebytes

MARCH 16, 2021

The theme is often breaking into infosec. Quite a few students have to be convinced that lots of security folk don’t necessarily even have technology qualifications. One of the most interesting things about fresh talent is watching it pull apart new technology and highlight unforeseen dangers. Closing thoughts.

Cybersecurity

Cybersecurity InfoSec Education Technology

Business Must Change: InfoSec in 2019

The Falcon's View

JANUARY 3, 2019

Consider, if you will, that fundamentally we in infosec want people to make better decisions. However, when people are empowered to make their own decisions and are held accountable for the lasting impacting , then and only then will they start adopting more of a caretaker mentality and start considering long-term impacts.

InfoSec

InfoSec Engineering Digital transformation CISO

Leapfrogging with Smart Tech Refresh

Cisco Security

JANUARY 28, 2021

For example, do you think about an antiquated technology that is not integrated needing a fresh lease of life? Or is it just getting new technology to solve a problem that the predecessor failed at solving? This is also an advantage to the business side; the sunk cost of the original technology is not entirely thrown away.

Technology

Technology InfoSec Antivirus Architecture

If Infosec Was a Supermarket Business

Security Boulevard

FEBRUARY 27, 2023

So, let’s consider a supermarket as if it were a well-known and respected enterprise with information technology (IT) capabilities and a cybersecurity program, what does the supermarket look like then? If supermarkets can apply this type of thinking and control, how does this align with infosec & cybersecurity?

InfoSec

InfoSec Cybersecurity Risk Technology

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

In the spirit of National Cyber Security Awareness Month (NCSAM), my colleague Ashvin Kamaraju wrote about how organizations can use fundamental controls to secure their information technology. One of the most common ways by which malicious actors perpetrate account takeover (ATO) fraud is via password brute forcing attacks.

Security Awareness

Security Awareness InfoSec Passwords Accountability

Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers

Security Boulevard

MARCH 6, 2022

This week we discuss some of the more interesting hacks of Russian assets, technology, and more. The post Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers appeared first on The Shared Security Show.

Hacking

Hacking Technology Accountability InfoSec

SolarWinds blaming intern for leaked password is symptom of ‘security failures’

SC Magazine

MARCH 2, 2021

But infosec thought leaders say that blaming an intern ignores the true roots of the problem, including insufficient credentials policies and access management practices – as evidenced in part by the simplicity of the password itself: “solarwinds123”. Infosec experts similarly chided the company for a lack of strong credentials.

Passwords

Passwords Password Management CISO InfoSec

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS

DDOS VPN Data breaches Cybercrime

Human Fraud: Detecting Them Before They Detect You

Threatpost

SEPTEMBER 6, 2021

Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.

Accountability

Accountability Technology InfoSec

Top-Paying Tech Jobs Highlight New Roles, Cybersecurity Tie-ins

SecureWorld News

MAY 31, 2024

Blockchain Developer: Blockchain is a disruptive technology that has created new development roles in the last five years or so. The days of 'full-stack engineer' may be behind us as focus shifts towards specialized roles in technology and cybersecurity.

Artificial Intelligence

Artificial Intelligence Cybersecurity Engineering Technology

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers.

Social Engineering

Social Engineering Engineering Accountability Backups

Empowering Women in Cybersecurity: Insights from ISC2's Latest Study

SecureWorld News

APRIL 9, 2025

Thankfully, the InfoSec community is terminally online, and when I fell into this niche, I was finally able to meet other InfoSec professionals in online venues where I felt comfortable. Educational opportunities: Pursuing certifications and training programs can bridge knowledge gaps and bolster credibility in the field.

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

McAfee

OCTOBER 31, 2021

Equally, direct messages have been used by groups to take control over influencer accounts to promote messaging of their own. We live in a world where we are governed by rules, territories, and jurisdictions; to hold a threat actor accountable, we would need digital evidence. Who Can Regulate? In May 2021 for example, the U.S.

Cybercrime

Cybercrime Government Malware Media

Reboot Your Smartphone, FBI’s Top Targeted Vulnerabilities, Flirty Account Dupes Defense Contractors

Security Boulevard

AUGUST 1, 2021

The post Reboot Your Smartphone, FBI’s Top Targeted Vulnerabilities, Flirty Account Dupes Defense Contractors appeared first on The Shared Security Show. The post Reboot Your Smartphone, FBI’s Top Targeted Vulnerabilities, Flirty Account Dupes Defense Contractors appeared first on Security Boulevard.

Accountability

Accountability Social Engineering Engineering InfoSec

Spotlight on Cybersecurity Leaders: Randy Raw

SecureWorld News

MARCH 31, 2022

Randy is a CISSP and is active in the Central Missouri InfoSec community. Answer: Effective, cross-platform and easy-to-implement password-less authentication with regular assessment of account/system behavior to enforce expected behavior and identify anomalous actions. Get to know Randy Raw.

Cybersecurity

Cybersecurity InfoSec Authentication DDOS

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Security Boulevard

FEBRUARY 14, 2025

Cybersecurity News) How to mitigate buffer overflow vulnerabilities (Infosec Institute) How to prevent buffer overflow attacks (TechTarget) VIDEOS What is a Buffer Overflow Attack? Thats a key takeaway from Cybercrime: A Multifaceted National Security Threat, a report releaesd this week by Googles Threat Intelligence Group.

Banking

Banking Cybercrime Cybersecurity Ransomware

The cyber skills gap & the diversity debate

Thales Cloud Protection & Licensing

JUNE 25, 2019

There remains the question, however, of whether people who are from a different ethnicity, gender or background to the stereotype “standard IT/infosec professional” are actually being treated equally in the cybersecurity industry. No matter what type of attack takes place, employees play a large role in securing an organisation.

Technology

Technology Small Business InfoSec Cybersecurity

How AI is Advancing Cybersecurity

eSecurity Planet

JUNE 18, 2021

Technology for today and the future. ” This technology enables cybersecurity tools to pinpoint attacks with more accuracy than a human security engineer. . ” This technology enables cybersecurity tools to pinpoint attacks with more accuracy than a human security engineer.

Artificial Intelligence

Artificial Intelligence Cybersecurity Engineering Risk

Thinking About the Future of InfoSec (v2022)

Inside the DemandScience by Pure Incubation Data Breach

Trending Sources

Professional services infosec policy template

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Deepfake Fraud, Data Brokers Tracking Military Personnel

The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers

CSTA Turns 400 – Proof That Technology Integrations Is Exactly What You Are Looking For

InfoSec Leaders Weigh in on New SEC Rules Making CISO Hotseat Hotter

Difference between Information Security and Cybersecurity

Happy 13th Birthday, KrebsOnSecurity!

No Password Microsoft Accounts, Facebook Smart Glasses, Security.txt Internet Standard

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

New Leak Shows Business Side of China’s APT Menace

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Why Taylor Swift Fans Should Work in Cybersecurity

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Authentication is Outdated: A New Approach to Identification

Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware

Launching the First “Yomi Hunting” Challenge!

News Alert: Adaptive Shield to showcase new ITDR platform for SaaS at Black Hat USA

CISA Order Highlights Persistent Risk at Network Edge

Why Human Input Is Still Vital to Cybersecurity Tech

The Rise of Data Sovereignty and a Privacy Era

Careers in cybersecurity: Malwarebytes talks to teachers and students

Business Must Change: InfoSec in 2019

Leapfrogging with Smart Tech Refresh

If Infosec Was a Supermarket Business

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers

SolarWinds blaming intern for leaked password is symptom of ‘security failures’

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

Human Fraud: Detecting Them Before They Detect You

Top-Paying Tech Jobs Highlight New Roles, Cybersecurity Tie-ins

Scattered Spider x RansomHub: A New Partnership

Empowering Women in Cybersecurity: Insights from ISC2's Latest Study

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

Reboot Your Smartphone, FBI’s Top Targeted Vulnerabilities, Flirty Account Dupes Defense Contractors

Spotlight on Cybersecurity Leaders: Randy Raw

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

The cyber skills gap & the diversity debate

How AI is Advancing Cybersecurity

Stay Connected