Blog, Encryption and Risk - Cyber Security Informer

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Troy Hunt

SEPTEMBER 3, 2020

The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. Isn't the whole point of encryption that it protects data when exposed to unintended parties? This entire blog post hashed with Md5 is still 32 characters long. But you should change it anyway. With bcrypt.

Passwords

Passwords Encryption Data breaches Risk

Security Risks of Client-Side Scanning

Schneier on Security

OCTOBER 15, 2021

The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s It means I don’t have to.)

Risk

Risk Encryption

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

JANUARY 10, 2022

Related: The dangers of normalizing encryption for government use. It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This de-risks personal data that does not fit in a separate security contour. Encryption.

Risk

Risk Encryption Data privacy CISO

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Security Risks of Outdated Encryption

GlobalSign

DECEMBER 11, 2023

In this blog we will discuss how outdated encryption methods can be detrimental to businesses and explore proactive solutions.

Encryption

Encryption Risk

PCI DSS Tokenization vs Encryption: Key Differences to Protect Payment Data

Centraleyes

APRIL 10, 2025

The most commonly used methods for securing cardholder data are tokenization and encryption. This blog will explore the differences between PCI DSS tokenization vs. encryption, how each method fits into PCI compliance, and the associated PCI DSS encryption requirements and tokenization practices. What Is Encryption?

Encryption

Encryption Data breaches Risk Retail

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software

Software Risk Artificial Intelligence Cyber Attacks

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

Automation and Encryption: A Perfect Match

GlobalSign

FEBRUARY 14, 2024

In this blog, we review why automation and encryption are important in improving time efficiency and mitigating risks in digital certificate management workflows.

Encryption

Encryption Risk

Three Keys to Modernizing Data Security: DSPM, AI, and Encryption

Thales Cloud Protection & Licensing

JANUARY 21, 2025

Three Keys to Modernizing Data Security: DSPM, AI, and Encryption andrew.gertz@t Tue, 01/21/2025 - 14:56 Discover how DSPM, AI, and encryption are transforming data security strategies, reducing vulnerabilities, and improving compliance. A DSPM moves the needle with integrated capabilities and comprehensive encryption.

Encryption

Encryption Unstructured Data Cyber threats Data privacy

How encryption can help address Cloud misconfiguration

Thales Cloud Protection & Licensing

NOVEMBER 15, 2021

How encryption can help address Cloud misconfiguration. So, whichever way you go, there is, across time, a very high likelihood that a CSP's encryption, tokenization, or key management scheme will be misconfigured either by the CSP itself or by the CSP user. Bring your own encryption (BYOE). Tue, 11/16/2021 - 06:15.

Encryption

Encryption Data privacy Technology Marketing

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. Best practices.

Ransomware

Ransomware Risk Internet Internet

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

DECEMBER 16, 2024

Tools like ChatGPT and Bard, powered by large language models, showcase how generative AI transforms business processesbut they also pose new risks. In a recent survey, 93% of respondents admitted to knowingly increasing their companys cybersecurity risks. The challenge? Securing these AI models and the data they generate.

Cybersecurity

Cybersecurity Insurance Cyber Insurance Technology

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail

Retail Cyber Risk Risk DDOS

Android happy to check your nudes before you forward them

Malwarebytes

FEBRUARY 26, 2025

It wasnt until a few weeks later, when a Google security blog titled 5 new protections on Google Messages to help keep you safe revealed that one of the new protections was designed to introduce Sensitive Content Warnings for Google Messages. I use end-to-end-encrypted (E2EE) messaging for a reason.

Artificial Intelligence

Artificial Intelligence Encryption Manufacturing Risk

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Security Boulevard

MARCH 21, 2025

Check out key findings and insights from the Tenable Cloud AI Risk Report 2025. 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments? 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments?

Risk

Risk IoT Cybersecurity Manufacturing

Inside the Massive Alleged AT&T Data Breach

Troy Hunt

MARCH 18, 2024

I linked to the story from the beginning of this blog post and got a handful of willing respondents for whom I sent their data and asked two simple questions: Does this data look accurate? The above example simply didn't have plain text entries for the encrypted data.

Data breaches

Data breaches Encryption Identity Theft InfoSec

Secure Communications: Relevant or a Nice to Have?

Jane Frankland

FEBRUARY 7, 2025

But as a CISO or cyber risk owner, it’s not just about locking down sensitive informationits about doing it without slowing down your people. This is where the real opportunity lies, and what Im exploring in this blog. For CISOs and cyber risk owners, this isnt just a riskits a gamble no one can afford to take.

Cyber Risk

Cyber Risk CISO Risk Encryption

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

With the rise of online scams and privacy risks, virtual private networks (VPNs) are becoming more popular for day-to-day use. The five core components of a VPN are: Encryption : The conversion of information into a coded format that can only be read by someone who has the decryption key. appeared first on Webroot Blog.

VPN

VPN Antivirus Internet Internet

The Rise of Non-Ransomware Attacks on AWS S3 Data

Thales Cloud Protection & Licensing

FEBRUARY 12, 2025

The Rise of Non-Ransomware Attacks on AWS S3 Data madhav Thu, 02/13/2025 - 04:39 A sophisticated ransomware gang, Codefinger, has a cunning new technique for encrypting data stored in AWS S3 buckets without traditional ransomware tools. Entities should implement robust security measures to mitigate the risk of this type of attack.

Ransomware

Ransomware Encryption Digital transformation Risk

Is Your Chip Card Secure? Much Depends on Where You Bank

Krebs on Security

JULY 30, 2020

Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip. The technology causes a unique encryption key — referred to as a token or “cryptogram” — to be generated each time the chip card interacts with a chip-capable payment terminal. .

Banking

Banking Malware Encryption Accountability

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Security Boulevard

APRIL 18, 2025

Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Both frameworks have a Core section, which outlines detailed activities and outcomes aimed at helping organizations discuss risk management. blog) Know Your Exposure: Is Your Cloud Data Secure in the Age of AI? (on-demand

Risk

Risk Cybersecurity Data privacy Software

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy. This means secure file transfer solutions, so you don’t waste time with slow encrypting protocols. This leads to revenue gains and positive customer outcomes.

Risk

Risk Cybersecurity Technology CISO

Quantum computing brings new security risks: How to protect yourself

CyberSecurity Insiders

FEBRUARY 1, 2022

This blog was written by an independent guest blogger. With quantum computing looming in the not-so-distant future, the way that we think about encryption will need to evolve. However, the complex math behind creating encryption keys is no match for the power of quantum computers. What are the security risks?

Risk

Risk Social Engineering Threat Detection Encryption

Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

Anton on Security

JULY 7, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 ). cloud ransomware isn’t really ‘a ware’, but a RansomOp where humans?—?not

Cybersecurity

Cybersecurity Cryptocurrency Ransomware Education

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

The vulnerability Context Security discovered meant exposing the Wi-Fi credentials of the network the device was attached to, which is significant because it demonstrates that IoT vulnerabilities can put other devices on the network at risk as well. Are these examples actually risks in IoT?

IoT

IoT Firmware Risk Encryption

Command-and-Control Servers Explained. Techniques and DNS Security Risks

Heimadal Security

MARCH 29, 2023

Hackers can use C&C or C2 servers to create botnets and launch DDoS attacks, steal, delete, and/or encrypt data. Techniques and DNS Security Risks appeared first on Heimdal Security Blog. Basically, a […] The post Command-and-Control Servers Explained.

DNS

DNS Risk DDOS Encryption

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Unleashing the Power of AI with Caution: Understanding Cybersecurity Risks

CyberSecurity Insiders

MAY 28, 2023

However, as AI continues to advance, it brings with it a new set of cybersecurity risks and challenges. In this blog, we will delve into the potential risks associated with AI and the importance of implementing robust cybersecurity measures to safeguard against these threats.

Risk

Risk Cybersecurity Artificial Intelligence Accountability

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

In this blog post, we take a look at how criminals are abusing Bing and stay under the radar at the same time while also bypassing advanced security features such as two-factor authentication. The idea is about creating content that looks real, like a blog, but with malicious intent (monetization or other). com info-blog-news[.]com

Engineering

Engineering Phishing Banking Authentication

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

All the encryption , firewalls , cryptography, SCADA systems , and other IT security measures would be useless if that were to occur. Related: The case for quantifying cyber risks The most important factor that should be taken into account is a security risk assessment.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

Microsoft Announces Security Update with Windows Resiliency Initiative

eSecurity Planet

DECEMBER 4, 2024

David Weston, VP of enterprise and OS security, said in a blog post , “We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers.” The new “Smart App Control” feature will reduce the risk of malicious software infiltrating systems by ensuring only verified apps can run on the PC.

Encryption

Encryption Phishing Passwords Authentication

5 Encrypted Attack Predictions for 2025

Security Boulevard

JANUARY 31, 2025

The cyberthreat landscape of 2024 was rife with increasingly sophisticated threats, and encryption played a pivotal rolea staggering 87.2% billion attempted encrypted attacks, a clear demonstration of the growing risk posed by cybercriminals leveraging encryption to evade detection. The Zscaler cloud blocked 32.1

Encryption

Encryption Architecture Risk Artificial Intelligence

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “ talk pages ” that help its many contributors collaborate. Make sure the CMS platform uses a robust web application firewall (WAF), conducts continuous automated and manual security tests and uses state of the art encryption technology.

Data breaches

Data breaches Encryption Mobile Technology

Krispy Kreme Cyber Attack a Wake-Up Call for the Food Industry

SecureWorld News

MARCH 17, 2025

To make sure you don't become the next headline on a cybersecurity blog, you should consider the following layered cybersecurity measures. Comprehensive risk assessments To ensure your digital transformation doesn't outpace your cybersecurity, you need to conduct rigorous risk assessments and system audits.

Cyber Attacks

Cyber Attacks Digital transformation Threat Detection Penetration Testing

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

The Last Watchdog

FEBRUARY 27, 2023

The best all-around metric for SASE/ZT testing is QoE, as it reflects multiple underlying factors, including performance, error detection, encryption variability, overall transaction latency, and (for ZT) concurrent authentication rate. And since malware and vulnerabilities constantly change, threat models must continually evolve too.

Risk

Risk Architecture Firewall Telecommunications

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

The Last Watchdog

MARCH 21, 2022

Evolving privacy regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) mean ongoing headaches for cybersecurity, compliance and risk management teams. Conduct risk analysis. Some regulations require a proactive approach to identifying and mitigating data risk.

Encryption

Encryption Data privacy Cloud Migration Risk

Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape

Thales Cloud Protection & Licensing

JANUARY 16, 2025

It emphasizes the need for encryption, data governance, and secure information-sharing practices to prevent and mitigate cyber threats. Compliance with the GBLA requires prioritizing data encryption and robust access controls to protect sensitive consumer information throughout its lifecycle.

Financial Services

Financial Services Encryption Insurance Government

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

The Difference Between Threats and Risks. The problem we have as humans is that opportunity is usually coupled with risk, so the question is one of which opportunities should you take and which should you pass on. And If you want to take a certain risk, which controls should you put in place to keep the risk at an acceptable level?

VPN

VPN Risk Hacking Encryption

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

The Last Watchdog

APRIL 28, 2022

From the moment companies let their employees create their own passwords, they transfer their network command and control, financial risks and liabilities to their employees. When a new hire starts a new job, he or she receives encrypted passwords, stored in a digital fortress that only that user can access after multiple levels of security.

Passwords

Passwords Encryption Phishing Social Engineering

Threat Spotlight: Inside the World’s Fastest Rising Ransomware Operator — BlackLock

Digital Shadows

FEBRUARY 17, 2025

At first glance, BlackLocks advertisements on ransomware forums may seem similar to other big players, boasting multi-platform support and advanced encryption. Our analysts work closely with customer teams to contain threats and provide tailored risk mitigation strategiesensuring businesses can recover quickly and effectively.

Ransomware

Ransomware Malware Risk Accountability

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

29, roughly the same time Pyle published a blog post about his findings , ConnectWise issued an advisory warning users to be on guard against a new round email phishing attempts that mimic legitimate email alerts the company sends when it detects unusual activity on a customer account. build and the then-canary 22.9

Phishing

Phishing Architecture Passwords Accountability

Shadow AI: The Hidden Threat Lurking in Your Cloud Subscriptions—and How to Fight It

Responsible Cyber

MARCH 2, 2025

It works like magicuntil you discover the tool wasnt approved by IT, lacks encryption, and just exposed sensitive customer data to a third party. Its a subset of Shadow ITunapproved software or servicesbut with unique risks tied to AIs capabilities, like data processing, automation, and decision-making.

Encryption

Encryption Risk Data breaches Marketing

World Backup Day: Pledge to protect your digital life

Webroot

MARCH 12, 2025

Backing up your data simply means creating copies of your important files and storing them in secure, encrypted locations. Despite all the risks, 20% of people rarely or never back up their data, leaving them vulnerable to irreversible loss. Ensures that your valuable data is encrypted, secure, and accessible when you need it.

Backups

Backups Encryption Antivirus Data preservation

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running.

Ransomware

Ransomware Accountability Cybercrime Backups

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Security Risks of Client-Side Scanning

Webinars

Trending Sources

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

Webinars

Security Risks of Outdated Encryption

PCI DSS Tokenization vs Encryption: Key Differences to Protect Payment Data

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Automation and Encryption: A Perfect Match

Three Keys to Modernizing Data Security: DSPM, AI, and Encryption

How encryption can help address Cloud misconfiguration

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Top Cybersecurity Trends to Watch Out For in 2025

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Android happy to check your nudes before you forward them

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Inside the Massive Alleged AT&T Data Breach

Secure Communications: Relevant or a Nice to Have?

Do you actually need a VPN? Your guide to staying safe online!

The Rise of Non-Ransomware Attacks on AWS S3 Data

Is Your Chip Card Secure? Much Depends on Where You Bank

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

Quantum computing brings new security risks: How to protect yourself

Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

IoT Unravelled Part 3: Security

Command-and-Control Servers Explained. Techniques and DNS Security Risks

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Unleashing the Power of AI with Caution: Understanding Cybersecurity Risks

Crooks bank on Microsoft’s search engine to phish customers

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

Microsoft Announces Security Update with Windows Resiliency Initiative

5 Encrypted Attack Predictions for 2025

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Krispy Kreme Cyber Attack a Wake-Up Call for the Food Industry

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape

Everyday Threat Modeling

GUEST ESSAY: Why automating distribution of strong passwords to employees is wise to do

Threat Spotlight: Inside the World’s Fastest Rising Ransomware Operator — BlackLock

ConnectWise Quietly Patches Flaw That Helps Phishers

Shadow AI: The Hidden Threat Lurking in Your Cloud Subscriptions—and How to Fight It

World Backup Day: Pledge to protect your digital life

A Closer Look at the Snatch Data Ransom Group

Stay Connected