The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software 264

Software Risk Artificial Intelligence Cyber Attacks 264

Schneier on Security

NOVEMBER 16, 2020

While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures.Online voting may seem appealing: voting from a computer or smart phone may seem convenient and accessible.

Computers and Electronics 361

Computers and Electronics Internet Internet Risk 361

Schneier on Security

APRIL 12, 2023

How much of a risk is this, really? News article. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports. Carry your own charger and USB cord and use an electrical outlet instead.

Malware 349

Malware Software Risk 349

Schneier on Security

MARCH 1, 2024

The CSF’s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation. […] The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s

Cybersecurity 334

Cybersecurity Small Business Government Risk 334

Heimadal Security

JANUARY 16, 2025

With its stringent requirements for managing cyber risks, securing supply chains, and reporting incidents, its essential for organizations to ensure compliance. The NIS2 Directive is a pivotal regulation aimed at enhancing cybersecurity within critical sectors across the European Union.

Cyber Risk 111

Cyber Risk Risk Cybersecurity 111

Joseph Steinberg

JULY 8, 2021

Ironically, while many larger enterprises purchase insurance to protect themselves against catastrophic levels of hacker-inflicted damages, smaller businesses – whose cyber-risks are far greater than those of their larger counterparts – rarely have adequate (or even any) coverage.

Insurance 364

Insurance Cyber Insurance Cybersecurity Small Business 364

Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.

Data collection 318

Data collection Risk 318

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. News articles. The details. Slashdot thread.

Firewall 348

Firewall Data breaches Malware Risk 348

Malwarebytes

NOVEMBER 1, 2024

For the users it’s not just the payment for an article they’ll never receive and the disappointment about not getting that sought-after article, but there is also the risk of providing cybercriminals with their payment card information. On a legitimate web shop this should work and warn visitors about invalid entries.

Phishing 120

Phishing Advertising Engineering Risk 120

Schneier on Security

AUGUST 2, 2023

There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Continuous assessment of the risk reduction activities should be elevated within an enterprise risk management framework and process.

Cybersecurity 244

Cybersecurity Risk Government Accountability 244

SecureWorld News

NOVEMBER 25, 2024

It’s a chance to take a high-level look at how well your organization is managing information security risks, meeting objectives, and staying aligned with regulatory and business needs. Whether it’s a gap in controls, a missed objective, or an emerging risk, this is your chance to catch it early and take action. Look at Clause 9.3

Cybersecurity 109

Cybersecurity Risk Information Security Accountability 109

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” ” It’s pretty good.

Risk 354

Risk Cybersecurity 354

Security Affairs

DECEMBER 18, 2024

Below are the findings of infringement of the GDPR reported by DPC: Decision 1 Article 33(3) GDPR – By not including in its breach notification all the information required by that provision that it could and should have included. ” said DPC Deputy Commissioner Graham Doyle.

Data breaches 105

Data breaches Accountability Risk Advertising 105

Security Boulevard

JULY 18, 2024

This Article Staying Safe on the Go: Insider Risk and Travel Security Tips was first published on Signpost Six. | While you’re busy planning your getaway, it’s essential to stay vigilant about insider risks and security.

Risk 111

Risk 111

Schneier on Security

SEPTEMBER 6, 2021

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones.

Wireless 321

Wireless Marketing Manufacturing Risk 321

Schneier on Security

JULY 1, 2021

It is important to remember that the primary purpose of cyber insurance is not to improve cyber security, but to transfer residual risk. As such, it should be one of many tools that governments and businesses can draw on to manage cyber risk more effectively. News article. Often, that’s paying the ransom.

Insurance 336

Insurance Cyber Insurance Ransomware Marketing 336

Schneier on Security

AUGUST 13, 2021

The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. Another news article. Combine it with voice and video synthesis, and you have some pretty scary scenarios. Defcon presentation and slides.

Phishing 355

Phishing Risk Social Engineering Artificial Intelligence 355

SecureWorld News

FEBRUARY 17, 2025

We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks. This led to a reactive approach where organizations were more focused on regulatory adherence than on actual security risk management.

Government 88

Government Cybersecurity Risk CISO 88

Schneier on Security

NOVEMBER 22, 2019

Introducing this capability into an enterprise enhances visibility within boundary security products, but introduces new risks. These risks, while not inconsequential, do have mitigations. [.]. To minimize the risks described above, breaking and inspecting TLS traffic should only be conducted once within the enterprise network.

Encryption 271

Encryption Risk 271

Malwarebytes

FEBRUARY 12, 2025

This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes. Browser Guard already blocks the domains in this article. As an online seller, youre already juggling product listings, customer service and marketingso the last thing you need is to be targeted by scammers.

Scams 129

Scams Accountability Marketing Account Security 129

Adam Levin

JUNE 4, 2021

Upon publication of this article, the Exagrid website still touted seven industry awards for work in the area of ransomware recovery solution, but this attack will harm its reputation, proving once again that no one is immune from the scourge of a well-targeted attack. We are in the midst of an ongoing ransomware epidemic.

Ransomware 289

Ransomware Backups Insurance Healthcare 289

Schneier on Security

DECEMBER 1, 2023

Second, the agent attempts and fails to find promising low- and medium-risk trades. More from the news article: Though wouldn’t it be funny if this was the limit of AI misalignment? First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter.

Marketing 340

Marketing Risk Artificial Intelligence 340

Security Affairs

JANUARY 17, 2025

The privacy non-profit organization requested the immediate suspension of data transfers to China due to the risk that the government of Beijing could access data of EU citizens. While some admit these transfers, others list “third countries,” raising concerns about compliance with EU data protection laws.

Surveillance 110

Surveillance Government Hacking Risk 110

Security Affairs

FEBRUARY 28, 2025

Hackers reveal security flaws in smart solar systems, exposing risks to national power grids as global reliance on solar energy grows. DW investigated the risks of cyber attacks exploiting vulnerabilities in smart solar systems while the demand for solar energy grows. ” reads the article published by DW.

Hacking 99

Hacking Passwords Risk Cyber threats 99

SecureWorld News

DECEMBER 9, 2024

Stress and burnout are leading contributors, with 60% citing stress and 53% citing burnout as risks that could prompt them to leave. Reducing burnout Organizations are beginning to share cybersecurity responsibilities across leadership roles, such as involving Chief Risk Officers (CROs) and Chief Data Officers (CDOs).

CISO 104

CISO Cyber threats Risk Cybersecurity 104

Joseph Steinberg

DECEMBER 5, 2021

Additionally, humanity’s leveraging of AI-systems in general is already starting to generate many new, significant cybersecurity risks. To read the full interview, please see the article Q&A with Joseph Steinberg.

Artificial Intelligence 337

Artificial Intelligence Cybersecurity Media Risk 337

Schneier on Security

JANUARY 15, 2020

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. Ars Technica article. Wired article. EDITED TO ADD: Washington Post article. Assume that this vulnerability has already been weaponized, probably by criminals and certainly by major governments. CERT advisory.

Media 272

Media Government Software Risk 272

SecureWorld News

OCTOBER 16, 2024

Smart home users should stay vigilant, update device software regularly, and implement network security best practices to mitigate risks. A January 2024 blog on ToolingIdeas.com provides a comprehensive rundown of the risks of IoT devices, particularly robot vacuums.

IoT 117

IoT Hacking Risk Internet 117

Schneier on Security

JUNE 12, 2020

This is a weird story : Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. Another article.

Surveillance 344

Surveillance Accountability Hacking Media 344

SecureWorld News

DECEMBER 8, 2024

It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors. This article explores these threats, expected timelines, and steps organizations can take to prepare for a future where quantum decryption becomes a reality.

Encryption 119

Encryption Firewall Education Firmware 119

IT Security Guru

NOVEMBER 1, 2024

This article will examine some of the most pressing threats to global national security today, with a particular emphasis on emerging digital and environmental concerns. The risk posed by these actors continues to grow as nations rely increasingly on interconnected digital infrastructure.

Technology 110

Technology Cyber Attacks Government Social Engineering 110

Schneier on Security

DECEMBER 19, 2023

Some articles are more nuanced , but there’s still a lot of confusion. We risk letting companies get away with real misconduct because we incorrectly believed in conspiracy theories. On a personal level we risk losing out on useful tools. Here’s CNBC. Here’s Boing Boing. It seems not to be true.

Government 329

Government Banking Risk Internet 329

Malwarebytes

APRIL 3, 2025

The Entity List identifies entities that the US believes pose a risk to its national security. The island city has come under increasingly strict Chinese control lately with the passage a year ago of Article 23 , a bill applying strict penalties for a broad array of activities deemed anti-Chinese.

VPN 138

VPN Mobile Government Technology 138

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure.

Surveillance 119

Surveillance Spyware Risk Hacking 119

eSecurity Planet

NOVEMBER 6, 2024

Don’t forget: You can read the full article on eSecurity Planet. Use Secure Cookie Flags Configure cookies with Secure and HttpOnly flags to ensure they’re transferred via HTTPS and inaccessible to client-side scripts, reducing the risk of theft via unencrypted connections or XSS attacks. In this video, we’ll show you how to stay safe.

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

Graham Cluley

FEBRUARY 8, 2024

Read more in my article on the Tripwire State of Security blog. New research shows a 704% increase in deepfake "face swap" attacks from the first to the second half of 2023.

Risk 128

Risk 128

SecureWorld News

JANUARY 16, 2025

This article delves deeper into the challenges faced by the oil and gas industry, highlighting practical strategies to safeguard critical infrastructure through cybersecurity, data analytics, and regulatory compliance. Regularly updating and patching systems, including antivirus software, firewalls, and SCADA networks, can mitigate this risk.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109