Blog and Risk - Cyber Security Informer

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

The Last Watchdog

FEBRUARY 25, 2025

Related: Weaponizing Microsoft’s co-pilot Until now, lackluster enterprise search capabilities kept many security risks in checkemployees simply couldnt find much of the data they were authorized to access. Over-provisioned access The risks of excessive access are nothing new.

Risk

Risk CISO Engineering

On Risk-Based Authentication

Schneier on Security

OCTOBER 5, 2020

A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. I’ve blogged about risk-based authentication before. Paper’s website.

Authentication

Authentication Risk Passwords

On Generative AI Security

Schneier on Security

FEBRUARY 5, 2025

” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful: Understand what the system can do and where it is applied. Automation can help cover more of the risk landscape. LLMs amplify existing security risks and introduce new ones.

Risk

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

AI Risks

Schneier on Security

OCTOBER 9, 2023

Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them. Some are concerned about far-future risks that sound like science fiction. AI could destroy humanity or pose a risk on par with nukes.

Risk

Risk Artificial Intelligence Technology Surveillance

NCSC Guidance on “Advanced Cryptography”

Schneier on Security

MAY 2, 2025

However, there are a number of factors to consider before deploying a solution based on Advanced Cryptography, including the relative immaturity of the techniques and their implementations, significant computational burdens and slow response times, and the risk of opening up additional cyber attack vectors. NCSC blog entry.

Encryption

Encryption Cyber Attacks Authentication Risk

Security Risks of AI

Schneier on Security

APRIL 27, 2023

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Many AI products are deployed without institutions fully understanding the security risks they pose.

Risk

Risk Government Cybersecurity Engineering

Security Risks of Client-Side Scanning

Schneier on Security

OCTOBER 15, 2021

I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s Ross Anderson wrote a great blog post on the paper. (It’s It’s not a cryptographic backdoor, but it’s still a backdoor — and brings with it all the insecurities of a backdoor.

Risk

Risk Encryption

AI Security Risk Assessment Tool

Schneier on Security

MAY 11, 2021

” Details on their blog. Microsoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.”

Risk

Risk Artificial Intelligence

DORA Compliance: A Practical Guide to Effective Third-Party Risk Management

Responsible Cyber

NOVEMBER 25, 2024

Effective from January 2025, DORA mandates that financial institutions implement robust measures to manage Information and Communication Technology (ICT) risks, with a significant emphasis on Third-Party Risk Management (TPRM). Contracts must clearly outline service expectations, security requirements, and compliance obligations.

Risk

Risk Cyber threats Technology Software

Apple AirPlay SDK devices at risk of takeover—make sure you update

Malwarebytes

MAY 1, 2025

Researchers found a set of vulnerabilities in Apples AirPlay SDK that put billions of users at risk of their devices being taking over. On top of that, these vulnerabilities may allow unauthorized access to sensitive data and local files, making them a serious risk that demands immediate attention.

Risk

Risk Wireless Software Mobile

Opportunities and risks of AI coding assistants

BH Consulting

DECEMBER 6, 2024

This blog will explore the advantages and risks these AI tools bring, along with actionable steps to integrate them responsibly into business practices. Key security and privacy risks Despite these benefits, there are inherent risks in relying on AI coding assistants. Establish an AI usage policy.

Risk

Risk Data privacy Information Security Software

Third-Party Risk Management: Gartner’s Best Practices for CCEOs

Responsible Cyber

NOVEMBER 23, 2024

However, with every partnership comes potential risk. As networks expand to include third, fourth, and even fifth parties, the complexities of managing these risks multiply. For CCEOs and senior leaders, effective third-party risk management (TPRM) is not just a necessity—it’s a strategic imperative.

Risk

Risk Government Education Technology

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

The top reason, chosen from a proved list of ten, was ‘increased cyber security risks’, followed by the related concern, ‘new and/or increased data privacy regulations’. Context of risk. The Ukraine-Russia war is a grim example of geopolitical risk intersecting with cyber security risk. Cyber in a silo?

Cyber Risk

Cyber Risk Risk Marketing Data privacy

Sharing Information with AI and Understanding the Risks

ZoneAlarm

JANUARY 30, 2025

But as AI grows, so do the risks of sharing information with it. A new AI system called DeepSeek, developed in China, has raised fresh concerns about how information is … The post Sharing Information with AI and Understanding the Risks appeared first on ZoneAlarm Security Blog.

Artificial Intelligence

Artificial Intelligence Risk Data privacy

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software

Software Risk Artificial Intelligence Cyber Attacks

On Chinese-Owned Technology Platforms

Schneier on Security

FEBRUARY 25, 2021

” From a blog post : The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses.

Technology

Technology Risk

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

Irius Risk & Gary McGraw

Adam Shostack

JANUARY 2, 2025

Gary McGraw joins the IriusRisk Technical Advisory Board I'm very excited that Gary McGraw is joining the Irius Risk Technical Advisory Board as board chair. Gary's a pioneer in software security, and his work in machine learning was my choice to kick off blogging 2020.

Risk

Risk Software

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Security Boulevard

MARCH 31, 2025

This blog will explore why these vulnerabilities are so difficult to detect, the limitations of current security tools, and the implications for businesses relying on API-driven applications. The post Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk appeared first on Wallarm.

Risk

Risk Authentication

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail

Retail Cyber Risk Risk DDOS

ISACA impressions: AI, risk and resilience feature at the 2025 conference

BH Consulting

APRIL 16, 2025

Dr. Ng emphasised the balancing act between innovation and risk. Cloud calls for cooperation in a changed risk landscape Has computing really changed with the cloud? Although the core architecture hasnt shifted drastically, he said the risk landscape has.

Risk

Risk Government Ransomware Retail

AI avalanche: Taming software risk with True Scale Application Security

Security Boulevard

APRIL 28, 2025

The post AI avalanche: Taming software risk with True Scale Application Security appeared first on Blog. The post AI avalanche: Taming software risk with True Scale Application Security appeared first on Security Boulevard.

Software

Software Risk Network Security

Choosing the Right Cyber Risk Management Solution: RFI vs. RFP and Beyond

Security Boulevard

DECEMBER 27, 2024

Selecting a cyber risk management solution is a critical decision for any organization. The post Choosing the Right Cyber Risk Management Solution: RFI vs. RFP and Beyond appeared first on Security Boulevard.

Cyber Risk

Cyber Risk Risk

Taxonomy of Generative AI Misuse

Schneier on Security

AUGUST 12, 2024

Interesting paper: “ Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data “: Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. image, text, audio, video) in the wild.

Artificial Intelligence

Artificial Intelligence Risk

What Rebels Teach us About Stronger Cyber Defence

Jane Frankland

APRIL 25, 2025

While this progress is impressive and efficient, it comes with substantial risks. We need cybersecurity leadersCISOs, cyber risk owners, and IT decision makerswho are willing to challenge the norm, think critically, and make ethical decisions to protect our organisations, and world. Thats essentially the position were in today.

Technology

Technology Cyber threats Risk Cybersecurity

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

NOVEMBER 14, 2024

It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk. For those interested in the previous PowerHuntShares release, here is the blog and presentation. Risk Scoring “Be honest, how bad is it?” Let the pseudo-TLDR/release notes begin!

Passwords

Passwords Risk Data collection Backups

Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights

Heimadal Security

JANUARY 16, 2025

With its stringent requirements for managing cyber risks, securing supply chains, and reporting incidents, its essential for organizations to ensure compliance.

Cyber Risk

Cyber Risk Risk Cybersecurity

GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape

The Last Watchdog

JANUARY 2, 2024

In today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Here are some of the key challenges that organizations encounter in their efforts to mitigate cyber risks in the current environment. Improve overall security posture and reduce cyber risks.

Cyber Risk

Cyber Risk Risk Education Security Awareness

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Security Boulevard

MARCH 21, 2025

Check out key findings and insights from the Tenable Cloud AI Risk Report 2025. 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments? 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments?

Risk

Risk IoT Cybersecurity Manufacturing

MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain

The Last Watchdog

APRIL 16, 2025

The system that underpins vulnerability disclosurethe nervous system of cybersecurity risk managementis showing signs of structural fatigue. The CVE program isnt just a list of numbersits a Rosetta Stone that security teams rely on to identify, prioritize, and communicate risk. Far from it. Cipollones response?

Architecture

Architecture Risk Cybersecurity Internet

Introducing User Trust Levels: Calculating Identity Risk to Improve Security Outcomes

Duo's Security Blog

MARCH 25, 2025

This innovative approach helps organizations manage user-related risks more efficiently by assigning trust levels based on a comprehensive evaluation of user behavior and context. The User Trust Level is a dynamic assessment of risk associated with each user in your organization. The algorithm first sets out a framework of risk types.

Risk

Risk Accountability Threat Detection Firewall

Why the 2025 PyPI Attack Signals a New Era in Cloud Risk

Security Boulevard

APRIL 16, 2025

The post Why the 2025 PyPI Attack Signals a New Era in Cloud Risk appeared first on Security Boulevard. The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats.

Risk

Risk Cyber Attacks Cybersecurity

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

From identity theft to greater oversight on risk management, internal IT teams will be taking the brunt of these incoming regulations. Regulatory overload Firms in the financial services industry are staring down the bottom of the regulatory barrel coming into 2024.

Cyber Risk

Cyber Risk Risk Financial Services Cyber threats

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Security Boulevard

APRIL 18, 2025

Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Both frameworks have a Core section, which outlines detailed activities and outcomes aimed at helping organizations discuss risk management. blog) Know Your Exposure: Is Your Cloud Data Secure in the Age of AI? (on-demand

Risk

Risk Cybersecurity Data privacy Software

Threat Model Thursday: BIML Machine Learning Risk Framework

Adam Shostack

JANUARY 2, 2025

Risk Framework and Machine Learning The Berryville Institute of Machine Learning (BIML) has released " An Architectural Risk Analysis of Machine Learning Systems." BIML has released the work in two ways, an interactive risk framework contains a subset of the information in the PDF version. The first challenge is specificity.

Risk

Risk Engineering Architecture

AI and the Future of Cybersecurity: Opportunities and Risks

Security Boulevard

APRIL 1, 2025

But as this software garners more attention, we must separate the hype from the Continue reading AI and the Future of Cybersecurity: Opportunities and Risks The post AI and the Future of Cybersecurity: Opportunities and Risks appeared first on Assura, Inc.

Risk

Risk Cybersecurity Software

Smart Home Data Breach Exposes 2.7 Billion Records

ZoneAlarm

FEBRUARY 23, 2025

This breach has raised serious concerns about the security of internet-connected devices and the potential risks for consumers. Billion Records appeared first on ZoneAlarm Security Blog. Smart home devices, including security cameras, smart locks, and voice assistants, … The post Smart Home Data Breach Exposes 2.7

Data breaches

Data breaches IoT Internet Internet

Microsoft’s April Security Update of High-Risk Vulnerabilities in Multiple Products

Security Boulevard

APRIL 11, 2025

This includes high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in [] The post Microsofts April Security Update of High-Risk Vulnerabilities in Multiple Products appeared first on NSFOCUS, Inc.,

Risk

Risk Cyber Attacks

Cybersecurity as a Business Imperative: Embracing a Risk Management Approach

Security Boulevard

FEBRUARY 17, 2025

Its now a critical business imperative that requires a strategic risk management approach. By integrating cybersecurity into broader risk management frameworks, you can proactively address threats, improve resilience, and align your security efforts with your core business objectives.

Risk

Risk Cybersecurity

Rethinking Executive Security in the Age of Human Risk

Security Boulevard

MAY 8, 2025

Nisos Rethinking Executive Security in the Age of Human Risk Employment fraud is no longer just an HR issue - its an enterprise-wide risk that threatens financial stability, regulatory compliance, and corporate reputation.

Risk

Types of Risk Assessment Methodologies: Choosing the Right Approach for Your Needs

Centraleyes

MARCH 17, 2025

Every organization faces risks that threaten its objectives, assets, and operations. A risk assessment is the foundation for identifying, analyzing, and prioritizing these risks. Understanding the basics of risk assessment is the first step in building a resilient and proactive strategy to mitigate risks and vulnerabilities.

Risk

Risk Insurance Small Business Cybersecurity

Shifting from Business Continuity to Continuous Business in Cyber

Jane Frankland

OCTOBER 25, 2024

As ITDMs, CISOs and cyber risk owners this is our dream scenario, and he got me thinking. It’s a subtle shift in focus, and requires a fundamental change in how we, as ITDMs, CISOs and cyber risk owners view and action resilience—not as a one-time project, but as an ongoing programme that provides strategic advantage.

Cyber Risk

Cyber Risk CISO Cyber threats Risk

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks. “Read the GreyNoise Labs blog for technical analysis and deeper insight into how Sift helped discover these zero-day vulnerabilities.” ” concludes the report.

Firmware

Firmware Manufacturing IoT Healthcare

Understanding Cyber Threats During the Holiday Season

Security Boulevard

DECEMBER 22, 2024

Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period.

Cyber threats

Cyber threats Data privacy Risk Cybersecurity

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

On Risk-Based Authentication

Webinars

Trending Sources

On Generative AI Security

Webinars

AI Risks

NCSC Guidance on “Advanced Cryptography”

Security Risks of AI

Security Risks of Client-Side Scanning

AI Security Risk Assessment Tool

DORA Compliance: A Practical Guide to Effective Third-Party Risk Management

Apple AirPlay SDK devices at risk of takeover—make sure you update

Opportunities and risks of AI coding assistants

Third-Party Risk Management: Gartner’s Best Practices for CCEOs

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

Sharing Information with AI and Understanding the Risks

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

On Chinese-Owned Technology Platforms

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Irius Risk & Gary McGraw

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

ISACA impressions: AI, risk and resilience feature at the 2025 conference

AI avalanche: Taming software risk with True Scale Application Security

Choosing the Right Cyber Risk Management Solution: RFI vs. RFP and Beyond

Taxonomy of Generative AI Misuse

What Rebels Teach us About Stronger Cyber Defence

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights

GUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscape

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain

Introducing User Trust Levels: Calculating Identity Risk to Improve Security Outcomes

Why the 2025 PyPI Attack Signals a New Era in Cloud Risk

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Threat Model Thursday: BIML Machine Learning Risk Framework

AI and the Future of Cybersecurity: Opportunities and Risks

Smart Home Data Breach Exposes 2.7 Billion Records

Microsoft’s April Security Update of High-Risk Vulnerabilities in Multiple Products

Cybersecurity as a Business Imperative: Embracing a Risk Management Approach

Rethinking Executive Security in the Age of Human Risk

Types of Risk Assessment Methodologies: Choosing the Right Approach for Your Needs

Shifting from Business Continuity to Continuous Business in Cyber

PTZOptics cameras zero-days actively exploited in the wild

Understanding Cyber Threats During the Holiday Season

Stay Connected