Blog, Data collection and Risk - Cyber Security Informer

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

NOVEMBER 14, 2024

It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk. For those interested in the previous PowerHuntShares release, here is the blog and presentation. Risk Scoring “Be honest, how bad is it?” Let the pseudo-TLDR/release notes begin!

Passwords

Passwords Risk Data collection Backups

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

OCTOBER 10, 2022

To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. Instead, it is a first step towards solving a dangerous technological disparity: despite posing an unprecedented degree of privacy risk, VR currently lacks even the most basic privacy tools.

Risk

Risk Data privacy Data collection Technology

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

Simon Willison nails it in a tweet: “OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.” On a personal level we risk losing out on useful tools.

Government

Government Banking Risk Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

On Surveillance in the Workplace

Schneier on Security

MARCH 12, 2019

Touted as useful management tools, they can augment biased and discriminatory practices in workplace evaluations and segment workforces into risk categories based on patterns of behavior. Gamification and algorithmic management of work activities through continuous data collection.

Surveillance

Surveillance Data collection Technology Risk

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

MAY 18, 2022

for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. ” But several days after a Jan.

Government

Government Accountability Surveillance Data collection

Almost Half of All Chrome Extensions Are Potentially High-Risk

eSecurity Planet

NOVEMBER 29, 2022

percent) of all Chrome extensions have a High or Very High risk impact due to permissions required at installation, according to Incogni, and over a quarter (27 percent) collect user data. These are the highest Risk Impact extensions.” ” Accessing Sensitive Data. Much of that data is highly sensitive.

Risk

Risk Adware Data collection Passwords

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

The vulnerability Context Security discovered meant exposing the Wi-Fi credentials of the network the device was attached to, which is significant because it demonstrates that IoT vulnerabilities can put other devices on the network at risk as well. Are these examples actually risks in IoT?

IoT

IoT Firmware Risk Encryption

The Best 10 Vendor Risk Management Tools

Centraleyes

MARCH 25, 2024

Let’s discuss an acronym reshaping the business world: Vendor Risk Management , or VRM. With supply chains extending across multiple regions and involving numerous third-party vendors, organizations face unprecedented challenges in managing vendor risks effectively. What risks are you facing?

Risk

Risk Data collection Architecture Government

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

MAY 21, 2020

Kernel The privacy risks associated with online or browser fingerprinting today are real. Advertisers are amassing a huge amount of data and creating a comprehensive profile on you as an internet user. Intrinsic risks Device fingerprinting does reveal a lot about who you are.

Advertising

Advertising Internet Internet Accountability

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

A Data Privacy Impact Assessment, or DPIA , is a formal assessment of the privacy risks of your data processing activities. The purpose of conducting a DPIA is to identify and assess the potential impact of these risks on individuals’ rights and freedoms from your proposed processing operations.

Data privacy

Data privacy Small Business Data collection Cyber Risk

Wiz’s Security GraphDB vs. DeepTempo’s LogLM

Security Boulevard

APRIL 1, 2025

Wizs meteoric rise has been powered by a fresh approach: an agentless, graph-based view of risk context across the cloud stack that supplanted a number of point solutions and created the Cloud-Native Application Protection Platform category (CNAPP). How can a friendly Eye of Sauron help theWizards? Cloud security is evolving beyond silos.

Risk

Risk Internet Internet Cybersecurity

UnFAIR: The Limitations of FAIR’s Risk Model

Security Boulevard

MARCH 2, 2023

This is blog 2 of 3 in our FAIR model series. The limitations of FAIR’s data collection process are discussed in part 1 of this blog series. Building a lego design and quantifying cyber risk have essential characteristics in common.

Risk

Risk Cyber Risk Data collection

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

The Last Watchdog

MAY 20, 2022

Keeping up with new risks, resolving them as soon as they occur, and recovering from incidents identified too late may, as you can certainly imagine, take up valuable resources and cause businesses to lose time, money, and the trust of their clients/partners. But, you may be wondering, what about the hazards of outsourcing cybersecurity?

Marketing

Marketing Digital transformation Technology Cybersecurity

Fixing Data Breaches Part 1: Education

Troy Hunt

DECEMBER 17, 2017

Before I left DC, I promised the folks there that I'd come back with recommendations on how we can address the root causes of data breaches. I'm going to do that in a five-part, public blog series over the course of this week. For example: I've written before about vBulletin being plagued by SQL injection flaws over the years.

Data breaches

Data breaches Education Passwords Penetration Testing

BloodHound Enterprise Learns Some New Tricks

Security Boulevard

AUGUST 3, 2023

Summary The BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE): Cypher search, including pre-built queries for AD and Azure Built-in support for offline data collection (i.e., Up next in our release blog series is the one everyone has been waiting for.

Data collection

Data collection Engineering Risk

A Pandora's Box: Unpacking 5 Risks in Generative AI

Thales Cloud Protection & Licensing

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk

Risk Data collection Artificial Intelligence Accountability

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Security Boulevard

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk

Risk Data collection Artificial Intelligence Accountability

Reinventing Asset Management for Cybersecurity Professionals

IT Security Guru

MAY 24, 2021

Understanding the risk context of every asset helps them decide what requires immediate action, and what can be done incrementally or mitigated with other changes or ignored as too low risk. They need automation when they want it, so that action is taken automatically based on the security risk policies they have put in place.

Cybersecurity

Cybersecurity Software Risk Data collection

Chinese threat actors extract big data and sell it on the dark web

SC Magazine

APRIL 19, 2021

Researchers on Monday reported that cybercriminals are taking advantage of China’s push to become a leader in big data by extracting legitimate big data sources and selling the stolen data on the Chinese-language dark web. The stolen data ranges from lottery and stock data to commercial databases of Canadian and U.S.

Big data

Big data Data collection Mobile Risk

ICFR Best Practices: How to Design and Maintain Strong Financial Controls

Centraleyes

APRIL 17, 2025

For example, requiring managerial approval for large transactions or implementing strict system access restrictions ensures that risks are mitigated at the outset. If controls are applied haphazardly, poorly monitored, or lack standardization, financial reporting risks still persist. Where Does COSO Fit In?

Risk

Risk Technology Accountability Cybersecurity

How boards can manage digital governance in the age of AI

BH Consulting

MARCH 26, 2025

This rapid transformation creates a challenge for boards tasked with balancing emerging risks and strategic opportunities. It classifies AI systems by risk and imposes obligations accordingly, aiming to ensure safety, fundamental rights, and trustworthy innovation. How should boards approach digital risks?

Government

Government Artificial Intelligence Risk Digital transformation

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

Privacy and Cybersecurity Law

JUNE 29, 2020

The experience made clear that no smart city can proceed without social license and that there is no social license without addressing privacy risks. Risk #1: Surveillance both from the State and surveillance capitalism. Digital solutions generally create the risk of law enforcement access to the data they collect.

Surveillance

Surveillance Data collection Risk Data breaches

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Last Watchdog

NOVEMBER 21, 2018

International regulations have also played a significant role in the privacy discussion, specifically following enforcement of the GDPR (General Data Privacy Regulation) in the European Union (EU). He has over 10 years of experience with Information Security, Cyber Security, and Risk Management. . If the U.S.

Data privacy

Data privacy Data collection Big data Government

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

Thales Cloud Protection & Licensing

JULY 11, 2019

The GDPR applies to businesses that collect and use personal information from citizens of the EU, regardless of where the business itself is located. The GDPR mandates that a business must inform EU DPAs very quickly (within 72 hours) and thoroughly of any security data breach involving European citizens. Data Mapping Analysis.

Risk

Risk Encryption Accountability Government

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

To provide even further insight into the data safety and privacy practices of app developers, researchers at Incogni conducted a study of the top 500 paid and top 500 free Google Play Store apps. percent) of the apps share user data with third parties. Greediest data harvesters. percent share approximate location history.

Data privacy

Data privacy Media Data collection Data breaches

Purpose Limitation Compliance with OpenAI | Cyera Blog

Security Boulevard

JUNE 20, 2023

NIST Privacy Framework - organizations must identify the purposes for collecting and using PII. Federal Trade Commission (FTC) Act, Section 5 - organizations must disclose their data collection practices, including the purposes for which they collect and use PII.

Data collection

Data collection IoT Marketing Data privacy

Manual vs Automated Risk Management: What You Need to Know

Centraleyes

MAY 5, 2024

Murphy’s Law in Modern Risk Management Murphy’s Law is a timeless reminder of life’s unpredictability. In today’s digital age, where cyber attacks are a matter of when rather than if, assessing potential risks and their likelihood of occurrence is only getting more critical.

Risk

Risk Data collection Cyber Risk Cybersecurity

Fixing Data Breaches Part 3: The Ease of Disclosure

Troy Hunt

DECEMBER 20, 2017

All I know at this point is that a website is leaking customer data that puts both the customers and the site owners themselves at risk. Or how about CloudPets who exposed a Mongo DB of data collected from teddy bears with microphones in them (yes, you read that right). That has to change.

Data breaches

Data breaches Risk Accountability Data collection

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Cisco Security

JULY 5, 2021

IDENTIFY – Risk Assessment (vulnerabilities identified; threat intelligence received; threats identified; threats, vulnerabilities and impacts to determine risk). This enables quick transition from analysing a threat in Malware Analytics to searching for hosts that is at risk in the environment. 3 and ID.RA-5] 2 and ID.RA-3]

Malware

Malware Risk Mobile Technology

Report Finds Over 50% of Security Practitioners Are Unhappy With Current SIEM Vendor

CyberSecurity Insiders

SEPTEMBER 11, 2021

Security industry blogs, magazines, and websites frequently report that many security teams are frustrated by the limitations of their SIEM tool. Analysts find dealing with data collected from numerous hosts within an enterprise to be a daunting task. In that case, additional risk must be assumed by the organization.

Threat Detection

Threat Detection Data collection Software Engineering

Best 5 Third-Party Risk Assessment Platforms

Centraleyes

FEBRUARY 19, 2025

As organizations lean more heavily on external vendors for essential services, managing third-party risk assessment has become a vital part of any cybersecurity strategy. The stats are alarming: 60% of data breaches are linked to third-party vendors , and the average time to identify and contain such breaches is 280 days.

Risk

Risk Marketing Data collection Software

The Best 15 Enterprise Compliance Solutions Tools of 2024

Centraleyes

DECEMBER 1, 2024

The Shift Toward Revenue-Positive Compliance A 2023 study by Todd Haugh and Suneal Bedi from Indiana University’s Kelley School of Business offers groundbreaking insights into how compliance can create positive value beyond traditional risk management. Ensure Multi-Industry Compliance Compliance isn’t a one-size-fits-all situation.

Risk

Risk B2B Data privacy B2C

Mapping Secure Network Analytics (and Cognitive) to NIST CSF Categories and Sub-Categories

Cisco Security

JUNE 30, 2021

Secure Network Analytics uses flow telemetry such as NetFlow, jFlow, sFlow, IPFIX, and packet-level data and helps in reducing the risk to an organisation. This helps in improving regulatory compliance, reducing operational risk, and reducing operating costs by improving operational efficiency. How much data was exchanged? [NB:

Threat Detection

Threat Detection Risk Internet Internet

5 Best Practices for Data Privacy Compliance

Centraleyes

OCTOBER 28, 2024

Data Mapping: Identify and catalog all data assets, their sources, and how they flow through your organization. Risk Assessment: Conduct periodic risk assessments to identify potential vulnerabilities and assess compliance with data protection laws. Is our data accurate, complete, and well-managed?

Data privacy

Data privacy Encryption Risk Data breaches

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

OCTOBER 13, 2021

Check out the examples below from Forrester’s blog. First-party” data is different from zero-party data. First-party data is based on inference collected from either implicit or explicit events that are collected internally. Data collection red flags. All of this leads us to “third-party” data.

eCommerce

eCommerce Data collection Advertising Consumer Protection

Best 11 Third-party Risk Management Software in 2024

Centraleyes

MAY 28, 2024

Every link in your supply chain and each third-party relationship carries inherent risks. While eliminating all third-party risks is impractical, you can focus on identifying, managing, and mitigating them. Third-party risk management is critical in today’s interconnected business environment.

Risk

Risk Software Government Cyber Risk

5 Actions to Comply with NCSC’s New BYOD Rules

Duo's Security Blog

MARCH 18, 2022

We recently explored in the blog the National Cyber Security Center’s (NCSC) newly revised Cyber Essentials scheme , and how its specific post-pandemic “Bring Your Own Device” policies have led to some publications labeling the change “BYOD 2.0.” You can learn more about this topic in Duo’s Two-Factor Authentication Evaluation Guide.

Authentication

Authentication Mobile VPN Risk

Top VAPT Testing Companies

Security Boulevard

JANUARY 6, 2023

Introduction By reducing information risks and vulnerabilities, a process called information security, also referred to as infosec, protects electronic data. Data collection, organization, processing, and deletion are all included in the definition of data management. InfoSec […].

Computers and Electronics

Computers and Electronics InfoSec Data collection Mobile

Agentic AI vs Generative AI: SecOps Automation and the Era of Multi-AI-Agent Systems

Digital Shadows

MARCH 5, 2025

In this blog, well break down the key differences between agentic AI and generative AI, explore the role of multi-AI-agent systems in security, and examine how agentic AI frameworks are driving advancements in security operations. To mitigate these risks, its essential to implement rigorous validation and verification processes.

Artificial Intelligence

Artificial Intelligence Threat Detection Risk Architecture

PRIVACY ISSUES IN SMART CITIES – LESSSONS LEARNED FROM THE WATERFRONT TORONTO – SIDEWALKS PROJECT

Privacy and Cybersecurity Law

JUNE 29, 2020

The experience made clear that no smart city can proceed without social license and that there is no social license without addressing privacy risks. . Risk #1: Surveillance both from the State and surveillance capitalism. Digital solutions generally create the risk of law enforcement access to the data they collect.

Surveillance

Surveillance Data collection Risk Data breaches

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication.

IoT

IoT Manufacturing Energy and Utilities Data collection

Emerging security challenges for Europe’s emerging technologies

Thales Cloud Protection & Licensing

SEPTEMBER 5, 2019

The report found that for IoT in Europe, the primary data security threats lie with attacks on IoT devices, loss or theft of IoT devices, and more broadly a lack of established security frameworks for IoT – all of which ranked higher in Europe than in our global sample. Overall, these track closely to the global sample. Blockchain.

Technology

Technology Digital transformation IoT Big data

Preparing for IT/OT convergence: Best practices

CyberSecurity Insiders

SEPTEMBER 21, 2021

This blog was written by a colleague from Tenable. Many organizations have opted to converge their IT and OT environments, which can yield many benefits such as efficiency and more elegant architecture; at the same time, these decisions are not without risk. What is OT vs. IT? For organizations that have implemented an Industry 4.0

Energy and Utilities

Energy and Utilities Threat Detection Manufacturing Technology

The end looms for Meta's behavioural advertising in Europe

Malwarebytes

AUGUST 4, 2023

From the Meta blog: We will share further information over the months ahead, because it will take time for us to continue to constructively engage with regulators to ensure that any proposed solution addresses regulatory obligations in the EU, including GDPR and the upcoming DMA.

Advertising

Advertising Data breaches Data collection Marketing

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

Webinars

Trending Sources

OpenAI Is Not Training on Your Dropbox Documents—Today

Webinars

On Surveillance in the Workplace

Senators Urge FTC to Probe ID.me Over Selfie Data

Almost Half of All Chrome Extensions Are Potentially High-Risk

IoT Unravelled Part 3: Security

The Best 10 Vendor Risk Management Tools

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

Wiz’s Security GraphDB vs. DeepTempo’s LogLM

UnFAIR: The Limitations of FAIR’s Risk Model

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

Fixing Data Breaches Part 1: Education

BloodHound Enterprise Learns Some New Tricks

A Pandora's Box: Unpacking 5 Risks in Generative AI

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Reinventing Asset Management for Cybersecurity Professionals

Chinese threat actors extract big data and sell it on the dark web

ICFR Best Practices: How to Design and Maintain Strong Financial Controls

How boards can manage digital governance in the age of AI

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

Purpose Limitation Compliance with OpenAI | Cyera Blog

Manual vs Automated Risk Management: What You Need to Know

Fixing Data Breaches Part 3: The Ease of Disclosure

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Report Finds Over 50% of Security Practitioners Are Unhappy With Current SIEM Vendor

Best 5 Third-Party Risk Assessment Platforms

The Best 15 Enterprise Compliance Solutions Tools of 2024

Mapping Secure Network Analytics (and Cognitive) to NIST CSF Categories and Sub-Categories

5 Best Practices for Data Privacy Compliance

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

Best 11 Third-party Risk Management Software in 2024

5 Actions to Comply with NCSC’s New BYOD Rules

Top VAPT Testing Companies

Agentic AI vs Generative AI: SecOps Automation and the Era of Multi-AI-Agent Systems

PRIVACY ISSUES IN SMART CITIES – LESSSONS LEARNED FROM THE WATERFRONT TORONTO – SIDEWALKS PROJECT

Critical Success Factors to Widespread Deployment of IoT

Emerging security challenges for Europe’s emerging technologies

Preparing for IT/OT convergence: Best practices

The end looms for Meta's behavioural advertising in Europe

Stay Connected