The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software 264

Software Risk Artificial Intelligence Cyber Attacks 264

Schneier on Security

NOVEMBER 16, 2020

While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures.Online voting may seem appealing: voting from a computer or smart phone may seem convenient and accessible.

Computers and Electronics 362

Computers and Electronics Internet Internet Risk 362

Schneier on Security

APRIL 12, 2023

How much of a risk is this, really? News article. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports. Carry your own charger and USB cord and use an electrical outlet instead.

Malware 348

Malware Software Risk 348

Schneier on Security

APRIL 24, 2024

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” ” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious.

Data collection 319

Data collection Risk 319

Schneier on Security

MARCH 1, 2024

The CSF’s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation. […] The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s

Cybersecurity 334

Cybersecurity Small Business Government Risk 334

Heimadal Security

JANUARY 16, 2025

With its stringent requirements for managing cyber risks, securing supply chains, and reporting incidents, its essential for organizations to ensure compliance. The NIS2 Directive is a pivotal regulation aimed at enhancing cybersecurity within critical sectors across the European Union.

Cyber Risk 111

Cyber Risk Risk Cybersecurity 111

Joseph Steinberg

JULY 8, 2021

Ironically, while many larger enterprises purchase insurance to protect themselves against catastrophic levels of hacker-inflicted damages, smaller businesses – whose cyber-risks are far greater than those of their larger counterparts – rarely have adequate (or even any) coverage.

Insurance 364

Insurance Cyber Insurance Cybersecurity Small Business 364

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. News articles. The details. Slashdot thread.

Firewall 348

Firewall Data breaches Malware Risk 348

Schneier on Security

AUGUST 2, 2023

There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Continuous assessment of the risk reduction activities should be elevated within an enterprise risk management framework and process.

Cybersecurity 244

Cybersecurity Risk Government Accountability 244

Schneier on Security

NOVEMBER 11, 2021

ArsTechnica’s Sean Gallagher has a two – part article on “securing your digital life.” ” It’s pretty good.

Risk 356

Risk Cybersecurity 356

SecureWorld News

NOVEMBER 25, 2024

It’s a chance to take a high-level look at how well your organization is managing information security risks, meeting objectives, and staying aligned with regulatory and business needs. Whether it’s a gap in controls, a missed objective, or an emerging risk, this is your chance to catch it early and take action. Look at Clause 9.3

Cybersecurity 108

Cybersecurity Risk Information Security Accountability 108

Security Affairs

DECEMBER 18, 2024

Below are the findings of infringement of the GDPR reported by DPC: Decision 1 Article 33(3) GDPR – By not including in its breach notification all the information required by that provision that it could and should have included. ” said DPC Deputy Commissioner Graham Doyle.

Data breaches 106

Data breaches Accountability Risk Advertising 106

Malwarebytes

NOVEMBER 1, 2024

For the users it’s not just the payment for an article they’ll never receive and the disappointment about not getting that sought-after article, but there is also the risk of providing cybercriminals with their payment card information. On a legitimate web shop this should work and warn visitors about invalid entries.

Phishing 113

Phishing Advertising Engineering Risk 113

Security Boulevard

JULY 18, 2024

This Article Staying Safe on the Go: Insider Risk and Travel Security Tips was first published on Signpost Six. | While you’re busy planning your getaway, it’s essential to stay vigilant about insider risks and security.

Risk 111

Risk 111

Schneier on Security

SEPTEMBER 6, 2021

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones.

Wireless 324

Wireless Marketing Manufacturing Risk 324

Schneier on Security

JULY 1, 2021

It is important to remember that the primary purpose of cyber insurance is not to improve cyber security, but to transfer residual risk. As such, it should be one of many tools that governments and businesses can draw on to manage cyber risk more effectively. News article. Often, that’s paying the ransom.

Insurance 338

Insurance Cyber Insurance Ransomware Marketing 338

Schneier on Security

AUGUST 13, 2021

The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. Another news article. Combine it with voice and video synthesis, and you have some pretty scary scenarios. Defcon presentation and slides.

Phishing 354

Phishing Risk Social Engineering Artificial Intelligence 354

Schneier on Security

NOVEMBER 22, 2019

Introducing this capability into an enterprise enhances visibility within boundary security products, but introduces new risks. These risks, while not inconsequential, do have mitigations. [.]. To minimize the risks described above, breaking and inspecting TLS traffic should only be conducted once within the enterprise network.

Encryption 272

Encryption Risk 272

SecureWorld News

FEBRUARY 17, 2025

We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks. This led to a reactive approach where organizations were more focused on regulatory adherence than on actual security risk management.

Government 86

Government Cybersecurity Risk CISO 86

Adam Levin

JUNE 4, 2021

Upon publication of this article, the Exagrid website still touted seven industry awards for work in the area of ransomware recovery solution, but this attack will harm its reputation, proving once again that no one is immune from the scourge of a well-targeted attack. We are in the midst of an ongoing ransomware epidemic.

Ransomware 289

Ransomware Backups Insurance Healthcare 289

Schneier on Security

DECEMBER 1, 2023

Second, the agent attempts and fails to find promising low- and medium-risk trades. More from the news article: Though wouldn’t it be funny if this was the limit of AI misalignment? First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter.

Marketing 339

Marketing Risk Artificial Intelligence 339

Security Affairs

FEBRUARY 28, 2025

Hackers reveal security flaws in smart solar systems, exposing risks to national power grids as global reliance on solar energy grows. DW investigated the risks of cyber attacks exploiting vulnerabilities in smart solar systems while the demand for solar energy grows. ” reads the article published by DW.

Hacking 101

Hacking Passwords Risk Cyber threats 101

Schneier on Security

JUNE 5, 2020

Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships.".

Risk 245

Risk Cybersecurity 245

Security Affairs

JANUARY 17, 2025

The privacy non-profit organization requested the immediate suspension of data transfers to China due to the risk that the government of Beijing could access data of EU citizens. While some admit these transfers, others list “third countries,” raising concerns about compliance with EU data protection laws.

Surveillance 110

Surveillance Government Hacking Risk 110

Malwarebytes

FEBRUARY 12, 2025

This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes. Browser Guard already blocks the domains in this article. As an online seller, youre already juggling product listings, customer service and marketingso the last thing you need is to be targeted by scammers.

Scams 123

Scams Accountability Marketing Account Security 123

Joseph Steinberg

DECEMBER 5, 2021

Additionally, humanity’s leveraging of AI-systems in general is already starting to generate many new, significant cybersecurity risks. To read the full interview, please see the article Q&A with Joseph Steinberg.

Artificial Intelligence 337

Artificial Intelligence Cybersecurity Media Risk 337

SecureWorld News

DECEMBER 9, 2024

Stress and burnout are leading contributors, with 60% citing stress and 53% citing burnout as risks that could prompt them to leave. Reducing burnout Organizations are beginning to share cybersecurity responsibilities across leadership roles, such as involving Chief Risk Officers (CROs) and Chief Data Officers (CDOs).

CISO 103

CISO Cyber threats Risk Cybersecurity 103

Schneier on Security

JUNE 12, 2020

This is a weird story : Hernandez was able to evade capture for so long because he used Tails, a version of Linux designed for users at high risk of surveillance and which routes all inbound and outbound connections through the open-source Tor network to anonymize it. Another article.

Surveillance 346

Surveillance Accountability Hacking Media 346

Schneier on Security

JANUARY 15, 2020

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. Ars Technica article. Wired article. EDITED TO ADD: Washington Post article. Assume that this vulnerability has already been weaponized, probably by criminals and certainly by major governments. CERT advisory.

Media 271

Media Government Software Risk 271

SecureWorld News

OCTOBER 16, 2024

Smart home users should stay vigilant, update device software regularly, and implement network security best practices to mitigate risks. A January 2024 blog on ToolingIdeas.com provides a comprehensive rundown of the risks of IoT devices, particularly robot vacuums.

IoT 116

IoT Hacking Risk Internet 116

SecureWorld News

DECEMBER 8, 2024

It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors. This article explores these threats, expected timelines, and steps organizations can take to prepare for a future where quantum decryption becomes a reality.

Encryption 118

Encryption Firewall Education Firmware 118

IT Security Guru

NOVEMBER 1, 2024

This article will examine some of the most pressing threats to global national security today, with a particular emphasis on emerging digital and environmental concerns. The risk posed by these actors continues to grow as nations rely increasingly on interconnected digital infrastructure.

Technology 109

Technology Cyber Attacks Government Social Engineering 109

Schneier on Security

DECEMBER 19, 2023

Some articles are more nuanced , but there’s still a lot of confusion. We risk letting companies get away with real misconduct because we incorrectly believed in conspiracy theories. On a personal level we risk losing out on useful tools. Here’s CNBC. Here’s Boing Boing. It seems not to be true.

Government 329

Government Banking Risk Internet 329

Malwarebytes

APRIL 3, 2025

The Entity List identifies entities that the US believes pose a risk to its national security. The island city has come under increasingly strict Chinese control lately with the passage a year ago of Article 23 , a bill applying strict penalties for a broad array of activities deemed anti-Chinese.

VPN 133

VPN Mobile Government Technology 133

Security Affairs

SEPTEMBER 16, 2024

Apple drops its lawsuit against commercial spyware vendor NSO Group, due to the risk of “threat intelligence” information exposure. Apple is seeking to drop its lawsuit against Israeli spyware company NSO Group , citing the risk of “threat intelligence” information exposure.

Surveillance 120

Surveillance Spyware Risk Hacking 120

Schneier on Security

APRIL 5, 2022

Another article claims that both Apple and Facebook (or Meta, or whatever they want to be called now) fell for this scam. We allude to this kind of risk in our 2015 “ Keys Under Doormats ” paper: Third, exceptional access would create concentrated targets that could attract bad actors.

Scams 323

Scams Engineering Encryption Technology 323

eSecurity Planet

NOVEMBER 6, 2024

Don’t forget: You can read the full article on eSecurity Planet. Use Secure Cookie Flags Configure cookies with Secure and HttpOnly flags to ensure they’re transferred via HTTPS and inaccessible to client-side scripts, reducing the risk of theft via unencrypted connections or XSS attacks. In this video, we’ll show you how to stay safe.

Identity Theft 110

Identity Theft Passwords Phishing Accountability 110