Schneier on Security

MARCH 1, 2024

The CSF’s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation. […] The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s

Cybersecurity 310

Cybersecurity Small Business Government Risk 310

Joseph Steinberg

JULY 8, 2021

Ironically, while many larger enterprises purchase insurance to protect themselves against catastrophic levels of hacker-inflicted damages, smaller businesses – whose cyber-risks are far greater than those of their larger counterparts – rarely have adequate (or even any) coverage.

Insurance 364

Insurance Cyber Insurance Cybersecurity Small Business 364

Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.

Data collection 290

Data collection Risk 290

Security Boulevard

DECEMBER 4, 2023

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post The Top 7 Cyber Risk Management Trends for 2024 | Kovrr blog appeared first on Security Boulevard.

Cyber Risk 130

Cyber Risk Risk 130

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. News articles. The details. Slashdot thread.

Firewall 328

Firewall Data breaches Malware Risk 328

Security Boulevard

JULY 18, 2024

This Article Staying Safe on the Go: Insider Risk and Travel Security Tips was first published on Signpost Six. | While you’re busy planning your getaway, it’s essential to stay vigilant about insider risks and security.

Risk 111

Risk 111

Schneier on Security

AUGUST 2, 2023

There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Continuous assessment of the risk reduction activities should be elevated within an enterprise risk management framework and process.

Cybersecurity 225

Cybersecurity Risk Government Accountability 225

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” ” It’s pretty good.

Risk 328

Risk Cybersecurity 328

Schneier on Security

AUGUST 13, 2021

The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. Another news article. Combine it with voice and video synthesis, and you have some pretty scary scenarios. Defcon presentation and slides.

Phishing 356

Phishing Risk Social Engineering Artificial Intelligence 356

Schneier on Security

SEPTEMBER 6, 2021

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones.

Wireless 290

Wireless Marketing Manufacturing Risk 290

Joseph Steinberg

DECEMBER 21, 2024

While there is little doubt that the elected officials hope to protect children with the aforementioned act, the reality is that – as Australia has already learned in a previous case described in the article – the new law is more likely to make children less safe than more safe.

Media 130

Media Artificial Intelligence Risk Government 130

Schneier on Security

JULY 1, 2021

It is important to remember that the primary purpose of cyber insurance is not to improve cyber security, but to transfer residual risk. As such, it should be one of many tools that governments and businesses can draw on to manage cyber risk more effectively. News article. Often, that’s paying the ransom.

Insurance 303

Insurance Cyber Insurance Ransomware Marketing 303

Adam Levin

JUNE 4, 2021

Upon publication of this article, the Exagrid website still touted seven industry awards for work in the area of ransomware recovery solution, but this attack will harm its reputation, proving once again that no one is immune from the scourge of a well-targeted attack. We are in the midst of an ongoing ransomware epidemic.

Ransomware 289

Ransomware Backups Insurance Healthcare 289

Schneier on Security

DECEMBER 1, 2023

Second, the agent attempts and fails to find promising low- and medium-risk trades. More from the news article: Though wouldn’t it be funny if this was the limit of AI misalignment? First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter.

Marketing 331

Marketing Risk Artificial Intelligence 331

Schneier on Security

NOVEMBER 22, 2019

Introducing this capability into an enterprise enhances visibility within boundary security products, but introduces new risks. These risks, while not inconsequential, do have mitigations. [.]. To minimize the risks described above, breaking and inspecting TLS traffic should only be conducted once within the enterprise network.

Encryption 249

Encryption Risk 249

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure.

Surveillance 128

Surveillance Spyware Risk Hacking 128

SecureWorld News

OCTOBER 16, 2024

Smart home users should stay vigilant, update device software regularly, and implement network security best practices to mitigate risks. A January 2024 blog on ToolingIdeas.com provides a comprehensive rundown of the risks of IoT devices, particularly robot vacuums.

IoT 116

IoT Risk Hacking Internet 116

Schneier on Security

JANUARY 15, 2020

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. Ars Technica article. Wired article. EDITED TO ADD: Washington Post article. Assume that this vulnerability has already been weaponized, probably by criminals and certainly by major governments. CERT advisory.

Media 269

Media Government Software Risk 269

Graham Cluley

FEBRUARY 8, 2024

Read more in my article on the Tripwire State of Security blog. New research shows a 704% increase in deepfake "face swap" attacks from the first to the second half of 2023.

Risk 128

Risk 128

Graham Cluley

FEBRUARY 12, 2024

Read more in my article on the Hot for Security blog. A simple-to-avoid security flaw allowed unauthorised parties to track the location of anyone wearing Livall ski and biking helmets, and listen to group conversations.

Risk 120

Risk IoT 120

Schneier on Security

JUNE 5, 2020

Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships.".

Risk 220

Risk Cybersecurity 220

Schneier on Security

APRIL 18, 2019

that end a foreign web address -- putting all the traffic of every domain in multiple countries at risk. Another news article. In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like.co.uk Cisco's Craig Williams confirmed that Armenia's.am

DNS 267

DNS Internet Internet Risk 267

Schneier on Security

APRIL 5, 2022

Another article claims that both Apple and Facebook (or Meta, or whatever they want to be called now) fell for this scam. We allude to this kind of risk in our 2015 “ Keys Under Doormats ” paper: Third, exceptional access would create concentrated targets that could attract bad actors.

Scams 320

Scams Engineering Encryption Technology 320

Schneier on Security

JUNE 12, 2020

This is a weird story : Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. Another article.

Surveillance 312

Surveillance Accountability Hacking Media 312

Schneier on Security

DECEMBER 19, 2023

Some articles are more nuanced , but there’s still a lot of confusion. We risk letting companies get away with real misconduct because we incorrectly believed in conspiracy theories. On a personal level we risk losing out on useful tools. Here’s CNBC. Here’s Boing Boing. It seems not to be true.

Government 310

Government Banking Risk Internet 310

SecureList

OCTOBER 29, 2024

The primary objective of these services is risk reduction. In this article, we delve into the root causes of real-world cases from our practice, where despite having numerous security controls in place, the organizations still found themselves compromised. This is where compromise assessment enters the game.

Risk 107

Risk Antivirus Accountability Malware 107

The Last Watchdog

MARCH 4, 2024

Assess risks. Creating a solid cybersecurity foundation begins with understanding the organization’s risks. A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. Keep software updated.

Social Engineering 213

Social Engineering Risk Cybersecurity Authentication 213

Krebs on Security

AUGUST 13, 2021

Come check out Antinalysis, the new address risk analyzer,” reads the service’s announcement, pointing to a link only accessible via ToR. If you use BTC->XMR->BTC method, you’ll still get flagged down by our services labelled as high risk exchange (not to mention LE and exchanges).

Cryptocurrency 340

Cryptocurrency Marketing Ransomware Financial Services 340

Schneier on Security

SEPTEMBER 11, 2023

It wasn’t until the American Society of Mechanical Engineers demanded risk analysis and transparency that dangers from these huge tanks of boiling water, once considered mystifying, were made easily understandable. and ISO 10218, emphasize inherent safe design, protective measures, and rigorous risk assessments for industrial robots.

Artificial Intelligence 343

Artificial Intelligence Technology Risk Government 343

Malwarebytes

SEPTEMBER 3, 2023

Although it is important to guard every aspect of your supply chain to avoid disruptions, for the scope of this article we will focus on the cybersecurity element of it. An organization's security posture is its readiness and ability to identify, respond to and recover from security threats and risks.

Risk 122

Risk Penetration Testing Software Technology 122

The Hacker News

JULY 5, 2024

A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you’ve clicked on this article, there’s a good chance you’re looking for solutions to manage this risk. In 2022, a new framework was coined by Gartner

Risk 131

Risk 131

SecureWorld News

OCTOBER 21, 2024

In contrast, more mature organizations quantify risk, comparing the original risk against the cost of the solution and the residual risk after deployment to decide whether to proceed with the purchase. This article appeared originally here.

Risk 99

Risk Cybersecurity Antivirus Authentication 99

The Last Watchdog

MAY 21, 2020

Kernel The privacy risks associated with online or browser fingerprinting today are real. Intrinsic risks Device fingerprinting does reveal a lot about who you are. While the practice is harmless from the outside, it is actually a series of serious privacy risks that must be mitigated.

Advertising 290

Advertising Internet Internet Accountability 290

The Hacker News

MARCH 26, 2024

Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality, player experience, and the game’s reputation. This article explains

DDOS 138

DDOS Risk 138

Security Boulevard

FEBRUARY 24, 2023

Earlier this month, Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security signaled a major shift in the federal government’s approach to cybersecurity risk and responsibility. The post Innovation at the Expense of Cybersecurity? No More!

Cybersecurity 144

Cybersecurity Risk CISO Security Awareness 144

Schneier on Security

JULY 24, 2019

But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products.

Encryption 273

Encryption Telecommunications Risk Government 273

Schneier on Security

AUGUST 12, 2022

Twitter’s blog post unhelpfully goes on to say: If you operate a pseudonymous Twitter account, we understand the risks an incident like this can introduce and deeply regret that this happened. Three news articles.

Accountability 254

Accountability Government Risk 254