Blog, Data collection and Risk - Cyber Security Informer

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

OCTOBER 10, 2022

To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. Instead, it is a first step towards solving a dangerous technological disparity: despite posing an unprecedented degree of privacy risk, VR currently lacks even the most basic privacy tools.

Risk

Risk Data privacy Data collection Technology

The Best 10 Vendor Risk Management Tools

Centraleyes

MARCH 25, 2024

Let’s discuss an acronym reshaping the business world: Vendor Risk Management , or VRM. With supply chains extending across multiple regions and involving numerous third-party vendors, organizations face unprecedented challenges in managing vendor risks effectively. What risks are you facing?

Risk

Risk Data collection Architecture Government

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

Simon Willison nails it in a tweet: “OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.” On a personal level we risk losing out on useful tools.

Government

Government Banking Risk Internet

Almost Half of All Chrome Extensions Are Potentially High-Risk

eSecurity Planet

NOVEMBER 29, 2022

percent) of all Chrome extensions have a High or Very High risk impact due to permissions required at installation, according to Incogni, and over a quarter (27 percent) collect user data. These are the highest Risk Impact extensions.” ” Accessing Sensitive Data. Much of that data is highly sensitive.

Risk

Risk Adware Data collection Passwords

On Surveillance in the Workplace

Schneier on Security

MARCH 12, 2019

Touted as useful management tools, they can augment biased and discriminatory practices in workplace evaluations and segment workforces into risk categories based on patterns of behavior. Gamification and algorithmic management of work activities through continuous data collection.

Surveillance

Surveillance Data collection Technology Risk

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

MAY 21, 2020

Kernel The privacy risks associated with online or browser fingerprinting today are real. Advertisers are amassing a huge amount of data and creating a comprehensive profile on you as an internet user. Intrinsic risks Device fingerprinting does reveal a lot about who you are.

Advertising

Advertising Internet Internet Accountability

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

The vulnerability Context Security discovered meant exposing the Wi-Fi credentials of the network the device was attached to, which is significant because it demonstrates that IoT vulnerabilities can put other devices on the network at risk as well. Are these examples actually risks in IoT?

IoT

IoT Firmware Risk Manufacturing

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

A Data Privacy Impact Assessment, or DPIA , is a formal assessment of the privacy risks of your data processing activities. The purpose of conducting a DPIA is to identify and assess the potential impact of these risks on individuals’ rights and freedoms from your proposed processing operations.

Data privacy

Data privacy Small Business Data collection Cyber Risk

UnFAIR: The Limitations of FAIR’s Risk Model

Security Boulevard

MARCH 2, 2023

This is blog 2 of 3 in our FAIR model series. The limitations of FAIR’s data collection process are discussed in part 1 of this blog series. Building a lego design and quantifying cyber risk have essential characteristics in common.

Risk

Risk Cyber Risk Data collection

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

The Last Watchdog

MAY 20, 2022

Keeping up with new risks, resolving them as soon as they occur, and recovering from incidents identified too late may, as you can certainly imagine, take up valuable resources and cause businesses to lose time, money, and the trust of their clients/partners. But, you may be wondering, what about the hazards of outsourcing cybersecurity?

Marketing

Marketing Digital transformation Technology Cybersecurity

A Pandora's Box: Unpacking 5 Risks in Generative AI

Thales Cloud Protection & Licensing

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk

Risk Data collection Artificial Intelligence Accountability

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Security Boulevard

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk

Risk Data collection Artificial Intelligence Accountability

BloodHound Enterprise Learns Some New Tricks

Security Boulevard

AUGUST 3, 2023

Summary The BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE): Cypher search, including pre-built queries for AD and Azure Built-in support for offline data collection (i.e., Up next in our release blog series is the one everyone has been waiting for.

Data collection

Data collection Engineering Risk

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

NOVEMBER 14, 2024

It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk. For those interested in the previous PowerHuntShares release, here is the blog and presentation. Risk Scoring “Be honest, how bad is it?” Let the pseudo-TLDR/release notes begin!

Passwords

Passwords Risk Data collection Backups

Chinese threat actors extract big data and sell it on the dark web

SC Magazine

APRIL 19, 2021

Researchers on Monday reported that cybercriminals are taking advantage of China’s push to become a leader in big data by extracting legitimate big data sources and selling the stolen data on the Chinese-language dark web. The stolen data ranges from lottery and stock data to commercial databases of Canadian and U.S.

Big data

Big data Data collection Mobile Risk

Fixing Data Breaches Part 1: Education

Troy Hunt

DECEMBER 17, 2017

Before I left DC, I promised the folks there that I'd come back with recommendations on how we can address the root causes of data breaches. I'm going to do that in a five-part, public blog series over the course of this week. For example: I've written before about vBulletin being plagued by SQL injection flaws over the years.

Data breaches

Data breaches Education Passwords Penetration Testing

Reinventing Asset Management for Cybersecurity Professionals

IT Security Guru

MAY 24, 2021

Understanding the risk context of every asset helps them decide what requires immediate action, and what can be done incrementally or mitigated with other changes or ignored as too low risk. They need automation when they want it, so that action is taken automatically based on the security risk policies they have put in place.

Cybersecurity

Cybersecurity Risk Software Data collection

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Last Watchdog

NOVEMBER 21, 2018

International regulations have also played a significant role in the privacy discussion, specifically following enforcement of the GDPR (General Data Privacy Regulation) in the European Union (EU). He has over 10 years of experience with Information Security, Cyber Security, and Risk Management. . If the U.S.

Data privacy

Data privacy Data collection Big data Government

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

To provide even further insight into the data safety and privacy practices of app developers, researchers at Incogni conducted a study of the top 500 paid and top 500 free Google Play Store apps. percent) of the apps share user data with third parties. Greediest data harvesters. percent share approximate location history.

Data privacy

Data privacy Media Data collection Data breaches

Purpose Limitation Compliance with OpenAI | Cyera Blog

Security Boulevard

JUNE 20, 2023

NIST Privacy Framework - organizations must identify the purposes for collecting and using PII. Federal Trade Commission (FTC) Act, Section 5 - organizations must disclose their data collection practices, including the purposes for which they collect and use PII.

Data collection

Data collection IoT Marketing Data privacy

Manual vs Automated Risk Management: What You Need to Know

Centraleyes

MAY 5, 2024

Murphy’s Law in Modern Risk Management Murphy’s Law is a timeless reminder of life’s unpredictability. In today’s digital age, where cyber attacks are a matter of when rather than if, assessing potential risks and their likelihood of occurrence is only getting more critical.

Risk

Risk Data collection Cyber Risk Cybersecurity

Report Finds Over 50% of Security Practitioners Are Unhappy With Current SIEM Vendor

CyberSecurity Insiders

SEPTEMBER 11, 2021

Security industry blogs, magazines, and websites frequently report that many security teams are frustrated by the limitations of their SIEM tool. Analysts find dealing with data collected from numerous hosts within an enterprise to be a daunting task. In that case, additional risk must be assumed by the organization.

Threat Detection

Threat Detection Data collection Software Engineering

Fixing Data Breaches Part 3: The Ease of Disclosure

Troy Hunt

DECEMBER 20, 2017

All I know at this point is that a website is leaking customer data that puts both the customers and the site owners themselves at risk. Or how about CloudPets who exposed a Mongo DB of data collected from teddy bears with microphones in them (yes, you read that right). That has to change.

Data breaches

Data breaches Risk Accountability Data collection

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

OCTOBER 13, 2021

Check out the examples below from Forrester’s blog. First-party” data is different from zero-party data. First-party data is based on inference collected from either implicit or explicit events that are collected internally. Data collection red flags. All of this leads us to “third-party” data.

eCommerce

eCommerce Data collection Consumer Protection Advertising

Best 11 Third-party Risk Management Software in 2024

Centraleyes

MAY 28, 2024

Every link in your supply chain and each third-party relationship carries inherent risks. While eliminating all third-party risks is impractical, you can focus on identifying, managing, and mitigating them. Third-party risk management is critical in today’s interconnected business environment.

Risk

Risk Software Government Cyber Risk

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Cisco Security

JULY 5, 2021

IDENTIFY – Risk Assessment (vulnerabilities identified; threat intelligence received; threats identified; threats, vulnerabilities and impacts to determine risk). This enables quick transition from analysing a threat in Malware Analytics to searching for hosts that is at risk in the environment. 3 and ID.RA-5] 2 and ID.RA-3]

Malware

Malware Risk Mobile Technology

Top VAPT Testing Companies

Security Boulevard

JANUARY 6, 2023

Introduction By reducing information risks and vulnerabilities, a process called information security, also referred to as infosec, protects electronic data. Data collection, organization, processing, and deletion are all included in the definition of data management. InfoSec […].

Computers and Electronics

Computers and Electronics InfoSec Data collection Mobile

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication.

IoT

IoT Manufacturing Energy and Utilities Data collection

Emerging security challenges for Europe’s emerging technologies

Thales Cloud Protection & Licensing

SEPTEMBER 5, 2019

The report found that for IoT in Europe, the primary data security threats lie with attacks on IoT devices, loss or theft of IoT devices, and more broadly a lack of established security frameworks for IoT – all of which ranked higher in Europe than in our global sample. Overall, these track closely to the global sample. Blockchain.

Technology

Technology Digital transformation IoT Big data

Preparing for IT/OT convergence: Best practices

CyberSecurity Insiders

SEPTEMBER 21, 2021

This blog was written by a colleague from Tenable. Many organizations have opted to converge their IT and OT environments, which can yield many benefits such as efficiency and more elegant architecture; at the same time, these decisions are not without risk. What is OT vs. IT? For organizations that have implemented an Industry 4.0

Energy and Utilities

Energy and Utilities Threat Detection Manufacturing Technology

The end looms for Meta's behavioural advertising in Europe

Malwarebytes

AUGUST 4, 2023

From the Meta blog: We will share further information over the months ahead, because it will take time for us to continue to constructively engage with regulators to ensure that any proposed solution addresses regulatory obligations in the EU, including GDPR and the upcoming DMA.

Advertising

Advertising Data breaches Data collection Marketing

6 Business functions that will benefit from cybersecurity automation

CyberSecurity Insiders

OCTOBER 28, 2021

This blog was written by an independent guest blogger. Many security professionals spend hours each day manually administering tools to protect enterprise data. For many organizations, spending so much time collecting data is not conducive to innovation and growth. Data privacy. Implement zero trust protocols.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

Mapping Secure Network Analytics (and Cognitive) to NIST CSF Categories and Sub-Categories

Cisco Security

JUNE 30, 2021

Secure Network Analytics uses flow telemetry such as NetFlow, jFlow, sFlow, IPFIX, and packet-level data and helps in reducing the risk to an organisation. This helps in improving regulatory compliance, reducing operational risk, and reducing operating costs by improving operational efficiency. How much data was exchanged? [NB:

Threat Detection

Threat Detection Risk Data collection Internet

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

The Last Watchdog

JULY 30, 2018

Security analysts need the ability to view attacks as they unfold by enriching data collected from across the business with contextual and behavioral insights. Security analysts will build on the work of AI, machine learning, and behavioral analytics by making the data more consumable and understanding risk thresholds based on context.

CISO

CISO Cyber Attacks Data collection Cybersecurity

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

But making the IoT work requires trust in the devices and the data they collect. In this blog, and in one by my colleague Julie Lassabliere from Safelayer Secure Communications , we explore the need for trusted device identification and data integrity in the IoT.

IoT

IoT Data collection Encryption eCommerce

Agent-Based vs. Agentless Security: Key Differences, Benefits, and Best Use Cases

Centraleyes

NOVEMBER 27, 2024

This blog explores these aspects in detail to help you make an informed decision for your organization’s cloud security risk management. This agent continuously collects data and monitors the resource for potential threats. Two major strategies in this domain are agent-based and agentless security.

Risk

Risk Data collection Software Healthcare

How your business can benefit from Cybersecurity automation

CyberSecurity Insiders

NOVEMBER 24, 2021

This blog was written by an independent guest blogger. Many security professionals spend hours each day manually administering tools to protect enterprise data. For many organizations, spending so much time collecting data is not conducive to innovation and growth. Data privacy. Implement zero trust protocols.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

5 Actions to Comply with NCSC’s New BYOD Rules

Duo's Security Blog

MARCH 18, 2022

We recently explored in the blog the National Cyber Security Center’s (NCSC) newly revised Cyber Essentials scheme , and how its specific post-pandemic “Bring Your Own Device” policies have led to some publications labeling the change “BYOD 2.0.” You can learn more about this topic in Duo’s Two-Factor Authentication Evaluation Guide.

Authentication

Authentication Mobile VPN Risk

How to Automate GDPR Compliance

Centraleyes

OCTOBER 10, 2024

Automating GDPR compliance can help organizations streamline processes, reduce risks, and ensure continuous adherence to the regulation. This blog will explore the key steps to automate GDPR compliance, best practices, and the tools available to facilitate this automation. Why Automate GDPR Compliance?

Data collection

Data collection Data breaches Data privacy Risk

Five ways to protect against software supply-chain attacks

SC Magazine

APRIL 9, 2021

Developers often never know when the author of a malicious module has copied the blog of a well-meaning author, changed the code in the blog to import a typosquatted malicious module, and then used some SEO tactics to ensure their malicious tutorial gets ranked higher in searches.

Software

Software Data collection Malware Risk

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

Apple released a security update to protect users against FruitFly, Malwarebytes published a blog post with technical details about the malware, and the FBI knocked on the door of the house linked to the IP address used by the malware. The IP address was linked to the malware using data collected by CWRU, Malwarebytes, and AT&T.)

Malware

Malware Passwords Identity Theft Data collection

Navigating GDPR Compliance with CIAM: A Quick Guide

Thales Cloud Protection & Licensing

MAY 22, 2024

The GDPR's new requirements necessitated a fundamental overhaul of CIAM approaches, a relevance that persists today: Key GDPR principles reshaping CIAM Explicit Consent : Before collecting data, businesses should obtain clear and affirmative consent from users.

Data collection

Data collection Data privacy Encryption Authentication

More SRE Lessons for SOC: Simplicity Helps Security

Anton on Security

NOVEMBER 17, 2022

Phil’s 8 megatrends blog reminds us about this by calling one of his cloud megatrends “Simplicity: Cloud as an abstraction machine.” Think well-implemented zero trust , that helps users, simplifies IT and reduces risk. Metrics and associated data collection? 10X fun assured! This means we need simplicity even more.

Engineering

Engineering Software Data collection Architecture

Regional privacy but global clouds. How to manage this complexity?

Thales Cloud Protection & Licensing

MAY 31, 2022

Data controllers are accountable to the persons (consumers, citizens) or other organisations (customers) they serve as part of their purpose. Whilst Cloud service providers, as data processors, are responsible for actions they are contracted to deliver by controllers (data collection, modification, storage, transmission, deletion etc).

Data privacy

Data privacy Digital transformation Accountability Data collection

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Best 10 Vendor Risk Management Tools

Trending Sources

OpenAI Is Not Training on Your Dropbox Documents—Today

Almost Half of All Chrome Extensions Are Potentially High-Risk

On Surveillance in the Workplace

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

IoT Unravelled Part 3: Security

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

UnFAIR: The Limitations of FAIR’s Risk Model

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

A Pandora's Box: Unpacking 5 Risks in Generative AI

A Pandora’s Box: Unpacking 5 Risks in Generative AI

BloodHound Enterprise Learns Some New Tricks

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

Chinese threat actors extract big data and sell it on the dark web

Fixing Data Breaches Part 1: Education

Reinventing Asset Management for Cybersecurity Professionals

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

Purpose Limitation Compliance with OpenAI | Cyera Blog

Manual vs Automated Risk Management: What You Need to Know

Report Finds Over 50% of Security Practitioners Are Unhappy With Current SIEM Vendor

Fixing Data Breaches Part 3: The Ease of Disclosure

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

Best 11 Third-party Risk Management Software in 2024

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Top VAPT Testing Companies

Critical Success Factors to Widespread Deployment of IoT

Emerging security challenges for Europe’s emerging technologies

Preparing for IT/OT convergence: Best practices

The end looms for Meta's behavioural advertising in Europe

6 Business functions that will benefit from cybersecurity automation

Mapping Secure Network Analytics (and Cognitive) to NIST CSF Categories and Sub-Categories

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Agent-Based vs. Agentless Security: Key Differences, Benefits, and Best Use Cases

How your business can benefit from Cybersecurity automation

5 Actions to Comply with NCSC’s New BYOD Rules

How to Automate GDPR Compliance

Five ways to protect against software supply-chain attacks

Alleged FruitFly malware creator ruled incompetent to stand trial

Navigating GDPR Compliance with CIAM: A Quick Guide

More SRE Lessons for SOC: Simplicity Helps Security

Regional privacy but global clouds. How to manage this complexity?

Stay Connected