Data collection, Presentation and Risk - Cyber Security Informer

Dan Solove on Privacy Regulation

Schneier on Security

APRIL 24, 2024

As to privacy, consent authorizes and legitimizes a wide range of data collection and processing. Rather than provide extensive legitimacy and power, murky consent should authorize only a very restricted and weak license to use data. There are generally two approaches to consent in privacy law.

Data collection

Data collection Risk

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

OCTOBER 10, 2022

To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. In a follow-up work, called “ MetaGuard ,” we present a promising solution to our VR data privacy woes. But until recently, the VR privacy threat has remained entirely theoretical.

Risk

Risk Data privacy Data collection Technology

The Greatest Asset Becomes the Biggest Risk

CyberSecurity Insiders

DECEMBER 18, 2021

It’s never been more important to protect employees from cyber-attacks while also mitigating the risk they pose as trusted insiders. Dtex’s Workforce Cyber Intelligence Platform enables organizations better understand their workforce, protect their data and make human-centric operational investments.

Risk

Risk Social Engineering Surveillance Data collection

Amazon Alexa Skills Present Security Risks

eSecurity Planet

APRIL 8, 2021

Researchers now believe that the rapid adoption of these skills could have implications for information security as they could open Alexa users up to phishing or invasive data collection. The post Amazon Alexa Skills Present Security Risks appeared first on eSecurityPlanet. What is an Amazon Alexa Skill?

Risk

Risk Phishing Data collection Cyber threats

Introducing continuous remote worker visibility and expanded data collection with Secure Network Analytics Release 7.3.2

Cisco Security

JUNE 1, 2021

It’s no secret that last year’s abrupt exodus away from corporate offices presented organizations with novel challenges related to monitoring and securing their newly remote workforce. To summarize, visibility evaporated, and meanwhile, organizational risk levels spiked parabolically. With release 7.3.2, Has anyone “gone rogue”?

Data collection

Data collection Firewall VPN Threat Detection

Introducing continuous remote worker visibility and expanded data collection with Secure Network Analytics Release 7.3.2

Cisco Security

JUNE 1, 2021

It’s no secret that last year’s abrupt exodus away from corporate offices presented organizations with novel challenges related to monitoring and securing their newly remote workforce. To summarize, visibility evaporated, and meanwhile, organizational risk levels spiked parabolically. With release 7.3.2, Has anyone “gone rogue”?

Data collection

Data collection Firewall VPN Threat Detection

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

The vulnerability Context Security discovered meant exposing the Wi-Fi credentials of the network the device was attached to, which is significant because it demonstrates that IoT vulnerabilities can put other devices on the network at risk as well. Are these examples actually risks in IoT?

IoT

IoT Firmware Risk Encryption

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Mobile

Mobile Government Data collection Antivirus

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Malwarebytes

AUGUST 20, 2024

The AG accuses GM of installing technology that allegedly improves the safety, functionality, and operability of its vehicles, but at the same time this technology gathers driving data about the vehicle’s usage. The driving data collected and sold by GM included trip details like speed, seatbelt status, and driven distance.

Insurance

Insurance Accountability Data collection Surveillance

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. As such, analysts are hit with a deluge of low-quality alerts, increasing the risk of missing genuine threats.

Artificial Intelligence

Artificial Intelligence Data collection Cybersecurity Risk

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Security Affairs

NOVEMBER 6, 2024

The government is taking action to address the specific national security risks related to ByteDance Ltd.’s The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners.”

Government

Government Mobile Media Technology

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities that expose buildings to cyber attacks. Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities in management and access control systems from four major vendors.

Hacking

Hacking Advertising Surveillance Data collection

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Security Affairs

SEPTEMBER 17, 2024

The report provides insights into factors influencing user consent for data collection and usage and reasons for consumer disengagement. Consumers want detailed control over their information and the flexibility to adjust their consent based on various factors, such as the context of the interaction or perceived risks of data misuse.

Data collection

Data collection Data privacy B2B Digital transformation

US sued TikTok and ByteDance for violating children’s privacy laws

Security Affairs

AUGUST 3, 2024

“According to the complaint, from 2019 to the present, TikTok knowingly permitted children to create regular TikTok accounts and to create, view, and share short-form videos and messages with adults and others on the regular TikTok platform. In 2019, the government sued TikTok’s predecessor, Musical.ly, for COPPA violations.

Accountability

Accountability Data collection Risk Hacking

How AI Could Write Our Laws

Schneier on Security

MARCH 14, 2023

Consider, for example, a 2013 Massachusetts bill that tried to restrict the commercial use of data collected from K-12 students using services accessed via the internet. Economists are skilled at building risk models like this, and companies are already required to formulate and disclose regulatory compliance risk factors to investors.

Energy and Utilities

Energy and Utilities Artificial Intelligence Technology Government

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

JUNE 19, 2021

“The name of the VPN server vendor was redacted in documents presented to South Korean press today at a KAERI press conference.” ” reported the Reuters. ” reported The Record. Early this month, researchers from Malwarebytes published a report on the Kimsuky APT’s operations aimed at South Korean government.

Hacking

Hacking VPN Internet Internet

Why Application Security is Important to Vulnerability Management

Veracode Security

SEPTEMBER 11, 2020

We were notified of a zero-day vulnerability, and our CISO requested a report on the location of the risk within the enterprise. t just want to know what vulnerabilities are present within your servers, containers, applications, and libraries. Just before it was time to leave for the day, and the holiday break, the phone rang.

CISO

CISO Risk Data collection Software

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

NOVEMBER 14, 2024

It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk. For those interested in the previous PowerHuntShares release, here is the blog and presentation. Risk Scoring “Be honest, how bad is it?” Let the pseudo-TLDR/release notes begin!

Passwords

Passwords Risk Data collection Backups

Halliburton Confirms Network Disruption After Suspected Cyber Attack

SecureWorld News

AUGUST 23, 2024

A successful attack on a company like Halliburton could have cascading effects, potentially leading to operational delays, financial losses, and increased risk of environmental incidents if systems controlling safety mechanisms are affected. Risk mitigation options are more difficult with OT."

Cyber Attacks

Cyber Attacks Energy and Utilities Risk Technology

IBM experts warn of malicious abuses of Apple Siri Shortcuts

Security Affairs

FEBRUARY 2, 2019

“But accessing the phone from Siri Shortcuts also presents some potential security risks that were discovered by X-Force IRIS and reported to Apple’s security team.” The shortcuts can be presented by developers on the lock screen or in ‘search’ field, based on time, location and context.

Social Engineering

Social Engineering Advertising Hacking Data collection

Canada is going to ban TikTok on government mobile devices

Security Affairs

MARCH 1, 2023

The app “presents an unacceptable level of risk to privacy and security,” explained Canada’s chief information officer. TikTok is also under the scrutiny of Canadian privacy regulators that are investigating whether the company obtains valid and meaningful consent from users when collecting their personal information.

Mobile

Mobile Government Data collection Data privacy

6 Business functions that will benefit from cybersecurity automation

CyberSecurity Insiders

OCTOBER 28, 2021

The upcoming holiday season presents a unique cybersecurity threat for businesses in addition to individual consumers. This increased traffic presents an opportunity for hackers and fraudsters to slip under the radar and execute devastating cyberattacks. Data privacy. Tips for implementing cybersecurity automation.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

Control Across Your Hybrid Environments Using Cisco Secure Workload 3.6

Cisco Security

SEPTEMBER 28, 2021

Managing security control configurations for on-premises, cloud, hybrid and multicloud environments quickly becomes complex, expensive, and burdensome, And the oldest cyber security challenge is still present in the middle of this cloud transformation journey: How to better secure applications and data without compromising agility?

Firewall

Firewall Data collection Architecture Cyber threats

Consent to gather data is a "misguided" solution, study reveals

Malwarebytes

FEBRUARY 13, 2023

The notices were "meaningless," he said, as most people ignore them, were written in a vague and legalistic language that very few people understand, and "fail to present meaningful opportunities for individual choice." We don't just report on threats—we remove them Cybersecurity risks should never spread beyond a headline.

Data collection

Data collection Insurance Technology Risk

How your business can benefit from Cybersecurity automation

CyberSecurity Insiders

NOVEMBER 24, 2021

The upcoming holiday season presents a unique cybersecurity threat for businesses in addition to individual consumers. This increased traffic presents an opportunity for hackers and fraudsters to slip under the radar and execute devastating cyberattacks. Data privacy. Tips for implementing cybersecurity automation.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

Ransomware Attacks: The Constant and Evolving Cybersecurity Threat

Thales Cloud Protection & Licensing

MARCH 12, 2024

Ransomware Attacks: The Constant and Evolving Cybersecurity Threat madhav Tue, 03/12/2024 - 13:00 Enterprise data collection is skyrocketing, driven by factors like connected devices, cloud computing, personal data collection and digital transactions. It accounts for 25% of all data breaches.

Ransomware

Ransomware Cybersecurity Encryption Data collection

Vehicle Identification Numbers reveal driver data via telematics

Malwarebytes

DECEMBER 6, 2022

There are many ways that data collection, and data availability, make less sense as the years pass by. The VIN (or chassis number) is a unique marker on all vehicles put to use after 1981, originally designed to present you with an easy way to browse a vehicle’s history. What say you, car manufacturers?

Manufacturing

Manufacturing Wireless Risk Data collection

Access Management is Essential for Strengthening OT Security

Thales Cloud Protection & Licensing

MAY 23, 2022

These systems are connected to and managed from the cloud to fine-tune performance, provide data analytics, and ensure the integrity of critical infrastructure across all sectors. Attacking OT systems presents a major threat not only to business disruption, but also to national economy and security.

Healthcare

Healthcare Ransomware Authentication Threat Reports

Explaining User and Entity Behavior Analytics: Enhanced Cybersecurity Through UEBA

CyberSecurity Insiders

APRIL 27, 2022

However, ML tech can take some time to fine-tune correctly, due to the risk of returning false positives of suspicious behavior. As UEBA scales across your network, this data may be compared to the findings from existing security systems, creating a robust overall defense structure. Data Presentation. Conclusion.

Cybersecurity

Cybersecurity Threat Detection Marketing B2B

Web tracking report: who monitored users’ online activities in 2023–2024 the most

SecureList

SEPTEMBER 24, 2024

Whether we’re browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwide. Web tracking is the practice of collecting, storing, and analyzing data about users’ online behavior.

Advertising

Advertising Technology Marketing Media

HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine

Malwarebytes

MARCH 4, 2022

The attack can be divided into several phases: Preparation, including: Installation of the additional driver (EaseUS) Disabling system features that may help in recovery, or in noticing of the attack Data collection: walking through NTFS structure, collecting sectors and files that are going to be overwritten. Data collection.

Malware

Malware Data collection Backups Ransomware

5,200 Data Breaches Analyzed in Annual Verizon Report

SecureWorld News

JUNE 15, 2023

Verizon has released its 2023 Data Breach Investigations Report (DBIR), the 16th annual publication providing an analysis of real-world data breaches and security incidents. The report often includes recommendations and best practices to mitigate the risks identified in the data.

Data breaches

Data breaches Social Engineering Engineering Cryptocurrency

Europe Makes First Move Toward Regulating AI with EU AI Act

SecureWorld News

JUNE 16, 2023

The EU is attempting to provide guardrails on a technology that is still not well understood but does present a lot of concerns from a legal perspective," said Jordan Fischer, cyber attorney and partner at Constangy, who recently moderated a panel discussion on "The Future of Privacy and Cyber: AI, Quantum and Mind Readers" at SecureWorld Chicago.

Artificial Intelligence

Artificial Intelligence Technology CISO Government

Rapid7 InsightIDR Review: Features & Benefits

eSecurity Planet

SEPTEMBER 24, 2021

Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? Rapid7: Company Background.

DNS

DNS Technology Cybersecurity Data collection

Understanding the Different Types of Audit Evidence

Centraleyes

APRIL 18, 2024

Evidence in auditing transforms the abstract notion of security into a tangible reality that can be confidently presented to the world. Risk Management Assessment: Through evidence collection, auditors assess an organization’s risk management processes, ensuring they are proactive, comprehensive, and aligned with its risk appetite.

Risk

Risk Penetration Testing Encryption Cybersecurity

7 Steps to Measure ERM Performance

Centraleyes

FEBRUARY 19, 2024

The distinction between enterprise risk management (ERM) and traditional risk management is more than semantics. The simplest way to explain their core differences is that traditional risk management operates within confined departmental boundaries.

Risk

Risk Marketing Manufacturing Data collection

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

Data Collection Should be Minimised, Not Maximisation. Other people's data collected without their knowledge and sold to other companies the data owners had never heard of. And again, it's data collected without consent albeit entirely legally. Let's go back to the cat forum scenario again.

Data breaches

Data breaches Data collection B2B Mobile

New streaming ad technology plays hide-and-seek with gamers

Malwarebytes

OCTOBER 27, 2022

Even so, it seems more varied types of ad presentations were required to lower the risk of turning people away from streaming or watching altogether. Viewers complain about what they feel are too many ads in a short space of time , and streamers worry that ads can end up making your channel annoying or even reducing subscriber count.

Technology

Technology Advertising Marketing Retail

Top Threat Intelligence Platforms for 2021

eSecurity Planet

SEPTEMBER 13, 2021

What sets FireEye apart from the competition is how its platform tailors strategic intelligence to an organization’s corporate risk management and business goals by providing highly-contextual data so users can align security strategies to respond to the most likely threats taking aim at an organization. Collections repository.

Threat Detection

Threat Detection Risk Cybersecurity Firewall

G Suite Security: Top 6 Risks to Avoid

Spinone

JULY 16, 2019

But when it comes to data threats, no one is untouchable. The risks are especially true for cloud services where everything is connected. Our clients face security risks every day, but they know how to prevent them. If some app or extension is not developed by Google, it may present some threat to your data.

Risk

Risk Ransomware Phishing Passwords

Generative AI, Confidential Computing, and Post-Quantum Cryptography, Among Interesting Topics at Google Cloud NEXT

Security Boulevard

JUNE 5, 2024

Generative AI When it comes to Artificial Intelligence (AI), more than half of security experts revealed that they are concerned about data leakage and lack of control due to vulnerabilities when implementing AI, according to Gartner. Click the session name below to see presentation materials and videos where available.

Encryption

Encryption Artificial Intelligence Technology Data collection

Agent-Based vs. Agentless Security: Key Differences, Benefits, and Best Use Cases

Centraleyes

NOVEMBER 27, 2024

This blog explores these aspects in detail to help you make an informed decision for your organization’s cloud security risk management. This agent continuously collects data and monitors the resource for potential threats. Data Collection: The agents provide detailed, real-time data directly from the monitored resources.

Risk

Risk Data collection Software Healthcare

Clarifying CAASM vs EASM and Related Security Solutions

NetSpi Executives

NOVEMBER 6, 2024

It’s an aggregator of data – collecting, ingesting, and deduplicating it to deliver a single comprehensive view about assets and their contextual relationships. This data is then used to identify potential exposures and coverage gaps across the entire asset landscape, including risks that relate to their interconnection.

Risk

Risk Technology Penetration Testing Cyber threats

Vision and?Visibility: the intersection between the adversary and defender?

SC Magazine

JUNE 9, 2021

Cloud adoption has risen to an all-time high as organizations have largely accepted the risks associated with the journey from their traditional data centers and to the cloud. What sorts of expectations exist around the use, storage, sharing and retrieval of data? Detections tell the story ?.

Risk

Risk Data collection Architecture Threat Detection

Dan Solove on Privacy Regulation

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

Trending Sources

The Greatest Asset Becomes the Biggest Risk

Amazon Alexa Skills Present Security Risks

Introducing continuous remote worker visibility and expanded data collection with Secure Network Analytics Release 7.3.2

Introducing continuous remote worker visibility and expanded data collection with Secure Network Analytics Release 7.3.2

IoT Unravelled Part 3: Security

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Over 100 flaws in management and access control systems expose buildings to hack

Taking Control Online: Ensuring Awareness of Data Usage and Consent

US sued TikTok and ByteDance for violating children’s privacy laws

How AI Could Write Our Laws

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Why Application Security is Important to Vulnerability Management

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

Halliburton Confirms Network Disruption After Suspected Cyber Attack

IBM experts warn of malicious abuses of Apple Siri Shortcuts

Canada is going to ban TikTok on government mobile devices

6 Business functions that will benefit from cybersecurity automation

Control Across Your Hybrid Environments Using Cisco Secure Workload 3.6

Consent to gather data is a "misguided" solution, study reveals

How your business can benefit from Cybersecurity automation

Ransomware Attacks: The Constant and Evolving Cybersecurity Threat

Vehicle Identification Numbers reveal driver data via telematics

Access Management is Essential for Strengthening OT Security

Explaining User and Entity Behavior Analytics: Enhanced Cybersecurity Through UEBA

Web tracking report: who monitored users’ online activities in 2023–2024 the most

HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine

5,200 Data Breaches Analyzed in Annual Verizon Report

Europe Makes First Move Toward Regulating AI with EU AI Act

Rapid7 InsightIDR Review: Features & Benefits

Understanding the Different Types of Audit Evidence

7 Steps to Measure ERM Performance

Fixing Data Breaches Part 2: Data Ownership & Minimisation

New streaming ad technology plays hide-and-seek with gamers

Top Threat Intelligence Platforms for 2021

G Suite Security: Top 6 Risks to Avoid

Generative AI, Confidential Computing, and Post-Quantum Cryptography, Among Interesting Topics at Google Cloud NEXT

Agent-Based vs. Agentless Security: Key Differences, Benefits, and Best Use Cases

Clarifying CAASM vs EASM and Related Security Solutions

Vision and?Visibility: the intersection between the adversary and defender?

Stay Connected