Schneier on Security

NOVEMBER 16, 2020

While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures.Online voting may seem appealing: voting from a computer or smart phone may seem convenient and accessible.

Computers and Electronics 363

Computers and Electronics Internet Internet Risk 363

Schneier on Security

APRIL 12, 2023

How much of a risk is this, really? News article. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports. Carry your own charger and USB cord and use an electrical outlet instead.

Malware 348

Malware Software Risk 348

Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.

Data collection 322

Data collection Risk 322

Schneier on Security

MARCH 1, 2024

The CSF’s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation. […] The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s

Cybersecurity 336

Cybersecurity Small Business Government Risk 336

Joseph Steinberg

JULY 8, 2021

Ironically, while many larger enterprises purchase insurance to protect themselves against catastrophic levels of hacker-inflicted damages, smaller businesses – whose cyber-risks are far greater than those of their larger counterparts – rarely have adequate (or even any) coverage.

Insurance 364

Insurance Cyber Insurance Cybersecurity Small Business 364

Heimadal Security

JANUARY 16, 2025

With its stringent requirements for managing cyber risks, securing supply chains, and reporting incidents, its essential for organizations to ensure compliance. The NIS2 Directive is a pivotal regulation aimed at enhancing cybersecurity within critical sectors across the European Union.

Cyber Risk 106

Cyber Risk Risk Cybersecurity 106

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. News articles. The details. Slashdot thread.

Firewall 349

Firewall Data breaches Malware Risk 349

Malwarebytes

NOVEMBER 1, 2024

For the users it’s not just the payment for an article they’ll never receive and the disappointment about not getting that sought-after article, but there is also the risk of providing cybercriminals with their payment card information. On a legitimate web shop this should work and warn visitors about invalid entries.

Phishing 119

Phishing Advertising Engineering Risk 119

Schneier on Security

AUGUST 2, 2023

There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Continuous assessment of the risk reduction activities should be elevated within an enterprise risk management framework and process.

Cybersecurity 245

Cybersecurity Risk Government Accountability 245

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” ” It’s pretty good.

Risk 358

Risk Cybersecurity 358

Security Boulevard

DECEMBER 4, 2023

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post The Top 7 Cyber Risk Management Trends for 2024 | Kovrr blog appeared first on Security Boulevard.

Cyber Risk 130

Cyber Risk Risk 130

SecureWorld News

NOVEMBER 25, 2024

It’s a chance to take a high-level look at how well your organization is managing information security risks, meeting objectives, and staying aligned with regulatory and business needs. Whether it’s a gap in controls, a missed objective, or an emerging risk, this is your chance to catch it early and take action. Look at Clause 9.3

Cybersecurity 106

Cybersecurity Risk Information Security Accountability 106

Security Boulevard

JULY 18, 2024

This Article Staying Safe on the Go: Insider Risk and Travel Security Tips was first published on Signpost Six. | While you’re busy planning your getaway, it’s essential to stay vigilant about insider risks and security.

Risk 111

Risk 111

Schneier on Security

SEPTEMBER 6, 2021

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones.

Wireless 329

Wireless Marketing Manufacturing Risk 329

Schneier on Security

JULY 1, 2021

It is important to remember that the primary purpose of cyber insurance is not to improve cyber security, but to transfer residual risk. As such, it should be one of many tools that governments and businesses can draw on to manage cyber risk more effectively. News article. Often, that’s paying the ransom.

Insurance 343

Insurance Cyber Insurance Ransomware Marketing 343

Schneier on Security

AUGUST 13, 2021

The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. Another news article. Combine it with voice and video synthesis, and you have some pretty scary scenarios. Defcon presentation and slides.

Phishing 354

Phishing Risk Social Engineering Artificial Intelligence 354

Schneier on Security

NOVEMBER 22, 2019

Introducing this capability into an enterprise enhances visibility within boundary security products, but introduces new risks. These risks, while not inconsequential, do have mitigations. [.]. To minimize the risks described above, breaking and inspecting TLS traffic should only be conducted once within the enterprise network.

Encryption 274

Encryption Risk 274

Malwarebytes

FEBRUARY 12, 2025

This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes. Browser Guard already blocks the domains in this article. As an online seller, youre already juggling product listings, customer service and marketingso the last thing you need is to be targeted by scammers.

Scams 128

Scams Accountability Marketing Account Security 128

Schneier on Security

JUNE 5, 2020

Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships.".

Risk 249

Risk Cybersecurity 249

Adam Levin

JUNE 4, 2021

Upon publication of this article, the Exagrid website still touted seven industry awards for work in the area of ransomware recovery solution, but this attack will harm its reputation, proving once again that no one is immune from the scourge of a well-targeted attack. We are in the midst of an ongoing ransomware epidemic.

Ransomware 289

Ransomware Backups Insurance Healthcare 289

Schneier on Security

DECEMBER 1, 2023

Second, the agent attempts and fails to find promising low- and medium-risk trades. More from the news article: Though wouldn’t it be funny if this was the limit of AI misalignment? First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter.

Marketing 339

Marketing Risk Artificial Intelligence 339

Duo's Security Blog

JUNE 15, 2023

Third party security risk is an issue that frequently comes up in my discussions with clients. Meanwhile, Prevalent noted that companies are currently big on exposure but small on preparation, with a staggering 45% still relying on manual spreadsheets to assess third party risk. Control the risk. How simple is the solution?

Risk 145

Risk Authentication Phishing Insurance 145

Schneier on Security

JUNE 12, 2020

This is a weird story : Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. Another article.

Surveillance 350

Surveillance Accountability Hacking Media 350

Schneier on Security

JANUARY 15, 2020

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. Ars Technica article. Wired article. EDITED TO ADD: Washington Post article. Assume that this vulnerability has already been weaponized, probably by criminals and certainly by major governments. CERT advisory.

Media 271

Media Government Software Risk 271

Schneier on Security

APRIL 18, 2019

that end a foreign web address -- putting all the traffic of every domain in multiple countries at risk. Another news article. In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like.co.uk Cisco's Craig Williams confirmed that Armenia's.am

DNS 279

DNS Internet Internet Risk 279

SecureWorld News

OCTOBER 16, 2024

Smart home users should stay vigilant, update device software regularly, and implement network security best practices to mitigate risks. A January 2024 blog on ToolingIdeas.com provides a comprehensive rundown of the risks of IoT devices, particularly robot vacuums.

IoT 116

IoT Hacking Risk Internet 116

IT Security Guru

NOVEMBER 1, 2024

This article will examine some of the most pressing threats to global national security today, with a particular emphasis on emerging digital and environmental concerns. The risk posed by these actors continues to grow as nations rely increasingly on interconnected digital infrastructure.

Technology 110

Technology Cyber Attacks Government Social Engineering 110

SecureWorld News

DECEMBER 8, 2024

It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors. This article explores these threats, expected timelines, and steps organizations can take to prepare for a future where quantum decryption becomes a reality.

Encryption 115

Encryption Firewall Education Firmware 115

SecureWorld News

DECEMBER 9, 2024

Stress and burnout are leading contributors, with 60% citing stress and 53% citing burnout as risks that could prompt them to leave. Reducing burnout Organizations are beginning to share cybersecurity responsibilities across leadership roles, such as involving Chief Risk Officers (CROs) and Chief Data Officers (CDOs).

CISO 96

CISO Cyber threats Risk Cybersecurity 96

eSecurity Planet

NOVEMBER 6, 2024

Don’t forget: You can read the full article on eSecurity Planet. Use Secure Cookie Flags Configure cookies with Secure and HttpOnly flags to ensure they’re transferred via HTTPS and inaccessible to client-side scripts, reducing the risk of theft via unencrypted connections or XSS attacks. In this video, we’ll show you how to stay safe.

Identity Theft 111

Identity Theft Passwords Phishing Accountability 111

Schneier on Security

APRIL 5, 2022

Another article claims that both Apple and Facebook (or Meta, or whatever they want to be called now) fell for this scam. We allude to this kind of risk in our 2015 “ Keys Under Doormats ” paper: Third, exceptional access would create concentrated targets that could attract bad actors.

Scams 323

Scams Engineering Encryption Technology 323

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure.

Surveillance 118

Surveillance Spyware Risk Hacking 118

Graham Cluley

FEBRUARY 8, 2024

Read more in my article on the Tripwire State of Security blog. New research shows a 704% increase in deepfake "face swap" attacks from the first to the second half of 2023.

Risk 128

Risk 128

Graham Cluley

FEBRUARY 12, 2024

Read more in my article on the Hot for Security blog. A simple-to-avoid security flaw allowed unauthorised parties to track the location of anyone wearing Livall ski and biking helmets, and listen to group conversations.

Risk 120

Risk IoT 120

Security Boulevard

MARCH 6, 2025

By Oleg Lypko, with Estelle Ruellan and Tammy Harper (Flare Research) This article has originally appeared on Cybercrime Diaries On February 20, 2025, the cybersecurity community received an unexpected stroke of luck as internal strife seemingly spread within the infamous Black Basta ransomware group.

Cyber threats 59

Cyber threats Cybercrime Ransomware Risk 59

Security Affairs

FEBRUARY 2, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 72

Malware Spyware Ransomware Hacking 72

SecureWorld News

JANUARY 16, 2025

This article delves deeper into the challenges faced by the oil and gas industry, highlighting practical strategies to safeguard critical infrastructure through cybersecurity, data analytics, and regulatory compliance. Regularly updating and patching systems, including antivirus software, firewalls, and SCADA networks, can mitigate this risk.

Energy and Utilities 107

Energy and Utilities IoT Artificial Intelligence Backups 107