Schneier on Security

APRIL 24, 2024

As to privacy, consent authorizes and legitimizes a wide range of data collection and processing. Rather than provide extensive legitimacy and power, murky consent should authorize only a very restricted and weak license to use data. There are generally two approaches to consent in privacy law.

Data collection 319

Data collection Risk 319

Schneier on Security

AUGUST 25, 2020

reproduce those results and extend the original work to detail the privacy risk posed by the aggregation of browsing histories. Our dataset consists of two weeks of browsing data from ~52,000 Firefox users. The original work demonstrated that browsing profiles are highly distinctive and stable.We

Data collection 258

Data collection Risk 258

The Last Watchdog

MARCH 14, 2019

So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant. Kneip also painted the wider context about why effective third-party cyber risk management is an essential ingredient to baking-in security at a foundational level. We take that away.

Cyber Risk 165

Cyber Risk Risk Digital transformation Accountability 165

Malwarebytes

JANUARY 20, 2025

This is nothing new, we’ve seen numerous times that insurance companies are very interested in our lifestyle and will happily charge more or even refuse to take us in as customers if they think were too much of a risk. Probably the most shocking thing is the type of information that could be involved.

Surveillance 117

Surveillance Artificial Intelligence Consumer Protection Retail 117

Schneier on Security

SEPTEMBER 15, 2023

Claude’s reply: Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World : Central Themes: Effective security requires realistic risk assessment, not fear-driven responses. Focus only on proportional responses.

Data collection 232

Data collection Risk Surveillance Manufacturing 232

CyberSecurity Insiders

DECEMBER 18, 2021

It’s never been more important to protect employees from cyber-attacks while also mitigating the risk they pose as trusted insiders. Dtex’s Workforce Cyber Intelligence Platform enables organizations better understand their workforce, protect their data and make human-centric operational investments.

Risk 134

Risk Social Engineering Surveillance Data collection 134

NetSpi Technical

NOVEMBER 14, 2024

It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk. The Results directory houses csv files containing all the computer, share, file, and permission data collected, including things like excessive privileges and stored secret samples.

Passwords 145

Passwords Risk Data collection Backups 145

Malwarebytes

JANUARY 24, 2025

In April of 2024, Texas Attorney General Ken Paxton sent civil investigative demands to Kia, General Motors, Subaru and Mitsubishi seeking details of their data collection and sharing practices. And in August, Paxton sued General Motors for selling customer driving data to third parties.

Manufacturing 107

Manufacturing Insurance Data collection Data privacy 107

Centraleyes

MARCH 25, 2024

Let’s discuss an acronym reshaping the business world: Vendor Risk Management , or VRM. With supply chains extending across multiple regions and involving numerous third-party vendors, organizations face unprecedented challenges in managing vendor risks effectively. What risks are you facing?

Risk 111

Risk Data collection Architecture Government 111

eSecurity Planet

NOVEMBER 29, 2022

In a recent study of 1,237 Chrome extensions with a minimum of 1,000 downloads, Incogni researchers found that nearly half ask for permissions that could potentially expose personally identifiable information (PII), distribute adware and malware , or even log everything users do online, including accessing passwords and financial data.

Risk 115

Risk Adware Data collection Passwords 115

Security Affairs

FEBRUARY 2, 2025

Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Last week, Italys data protection watchdog blocked Chinese artificial intelligence (AI) firm DeepSeek s chatbot service within the country, citing a lack of information on its use of users personal data.

Government 79

Government Artificial Intelligence Media Data collection 79

Schneier on Security

JANUARY 14, 2020

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable. What's more, U.S. Again, near-term self-interest has so far triumphed over society's long-term best interests.

Data collection 279

Data collection Software Marketing Government 279

The Last Watchdog

MAY 21, 2020

Kernel The privacy risks associated with online or browser fingerprinting today are real. Advertisers are amassing a huge amount of data and creating a comprehensive profile on you as an internet user. Intrinsic risks Device fingerprinting does reveal a lot about who you are.

Advertising 290

Advertising Internet Internet Accountability 290

Schneier on Security

SEPTEMBER 30, 2022

Users in countries not covered by data protection regulations, such as GDPR in the EU and the California Consumer Privacy Act in the U.S., are at higher privacy risk. One hundred and three apps have differences based on country in their privacy policies.

Mobile 341

Mobile Internet Internet VPN 341

CSO Magazine

AUGUST 15, 2022

have questioned its data collection practices and potential ties to the Chinese state. The concerns have deepened after Buzzfeed published a report saying that data of some American users had been repeatedly accessed from China. The short-video platform TikTok has come under fire in recent months.

Data collection 112

Data collection Risk Government 112

Schneier on Security

MARCH 12, 2019

Touted as useful management tools, they can augment biased and discriminatory practices in workplace evaluations and segment workforces into risk categories based on patterns of behavior. Gamification and algorithmic management of work activities through continuous data collection.

Surveillance 222

Surveillance Data collection Technology Risk 222

Security Affairs

MARCH 27, 2025

In January, Italys Data Protection Authority Garante asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data. ” concludes the alert.

Malware 68

Malware Data collection Advertising Media 68

Joseph Steinberg

APRIL 20, 2021

In some cases, Voice-over-IP numbers are not acceptable as cellphone numbers either – meaning that registrants must increase their cyber-risk by providing their actual cellphone numbers to a party that has offered no information about how that data will be protected. Provide as little information as possible to vaccinators.

Healthcare 233

Healthcare Insurance Computers and Electronics Data collection 233

Schneier on Security

DECEMBER 19, 2023

We risk letting companies get away with real misconduct because we incorrectly believed in conspiracy theories. More importantly, we need to be able to trust companies to honestly and clearly explain what they are doing with our data. On a personal level we risk losing out on useful tools.

Government 329

Government Banking Risk Internet 329

Adam Shostack

JANUARY 2, 2025

I recall "Computers at Risk," the National Cyber Leap Year report, and the Bellovin & Neumann editorial in IEEE S&P. In particular, what I'm looking for are calls like this one in Computers at Risk (National Academies Press, 1991): 3a. Build a repository of incident data. Oh, and "The New School of Information Security."

Data collection 130

Data collection Risk Information Security 130

Troy Hunt

NOVEMBER 25, 2020

The vulnerability Context Security discovered meant exposing the Wi-Fi credentials of the network the device was attached to, which is significant because it demonstrates that IoT vulnerabilities can put other devices on the network at risk as well. Are these examples actually risks in IoT?

IoT 362

IoT Firmware Risk Manufacturing 362

Schneier on Security

SEPTEMBER 26, 2019

There is definitely a national security risk in buying computer infrastructure from a country you don't trust. The risk of discovery is too great, and the payoff would be too low. But we need to make these decisions to protect ourselves deliberately and rationally, recognizing both the risks and the costs.

Surveillance 255

Surveillance Wireless Government Internet 255

Security Affairs

JANUARY 30, 2025

Italys data privacy regulator Garante has requested information from Chinese AI company DeepSeek regarding its data practices. Italys Data Protection Authority Garante has asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data.

Artificial Intelligence 73

Artificial Intelligence Data collection Data privacy DDOS 73

TrustArc

MARCH 3, 2022

Your Privacy Spreadsheets Might be Putting Your Organization at Risk Years ago, it was possible to manage a privacy program using spreadsheets. However, with the massive increase in data collection and new privacy regulations, those privacy spreadsheets are starting to add up. A […].

Data collection 116

Data collection Risk 116

The Last Watchdog

JULY 27, 2023

However, contrary to popular belief, data collected by the CrowdSec network indicates that VPNs and proxies play a far less significant role in cybercriminal activities. Low MD translates to a lower risk for a business to inherit a machine that has been flagged as malevolent.

VPN 246

VPN Data collection Cybersecurity Threat Detection 246

The Last Watchdog

JANUARY 9, 2023

A Data Privacy Impact Assessment, or DPIA , is a formal assessment of the privacy risks of your data processing activities. The purpose of conducting a DPIA is to identify and assess the potential impact of these risks on individuals’ rights and freedoms from your proposed processing operations.

Data privacy 210

Data privacy Small Business Data collection Cyber Risk 210

CSO Magazine

NOVEMBER 4, 2021

SIEM products and services combine log data collection and reporting with real-time analysis of security alerts generated by applications and network hardware. To read this article in full, please click here

Data collection 114

Data collection Software Risk 114

CyberSecurity Insiders

AUGUST 20, 2021

According to a media update released by the Cyberspace Administration of China (CAC) the new law called the Personal Information Protection Law(PIPL) will come into force from October 26th,2021 and will aim to standardize solutions pertaining to data security risks in automobile sector.

Manufacturing 142

Manufacturing Data collection Media Risk 142

Security Affairs

JUNE 16, 2020

On Friday, the Norwegian Data Protection Authority (Norwegian: Datatilsynet) issued a warning that it would stop the Norwegian Institute of Public Health from handling data collected via Smittestopp contact tracing app. Only 600,000 citizens out of Norway’s 5.4 million inhabitants had been using the contact tracing app.

Data collection 138

Data collection Advertising Government Technology 138

Security Affairs

DECEMBER 2, 2023

While WeMystic has since closed the database, researchers said that the data was accessible for at least five days. One of the data collections in the exposed instance, named “users,” contained a whopping 13.3 Do you want to know the risks faced by users whose data has been exposed? million records.

Data collection 141

Data collection Risk Hacking Information Security 141

Adam Levin

JUNE 24, 2020

269 gigabytes of potentially sensitive data collected from more than 200 police departments across the country were leaked online last week. Cybersecurity experts and law enforcement officials have expressed concern about the potentially sensitive nature of some of the data.

Data collection 189

Data collection VPN Accountability Risk 189

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Mobile 139

Mobile Government Data collection Antivirus 139

Security Affairs

OCTOBER 23, 2023

The Philippine defense warned of the risks of using AI-based applications to generate personal portraits and ordered its personnel to stop using them. The order remarks that these AI-based applications pose significant privacy and security risks. On October 14, Defense Secretary Gilberto Teodoro Jr. issued the order in an Oct.

Identity Theft 136

Identity Theft Social Engineering Data collection Risk 136

BH Consulting

MARCH 26, 2025

This rapid transformation creates a challenge for boards tasked with balancing emerging risks and strategic opportunities. It classifies AI systems by risk and imposes obligations accordingly, aiming to ensure safety, fundamental rights, and trustworthy innovation. How should boards approach digital risks?

Government 52

Government Artificial Intelligence Risk Digital transformation 52

Schneier on Security

APRIL 10, 2023

But while it’s an easy experiment to run, it misses the real risk of large language models (LLMs) writing scam emails. This is due not only to AI advances, but to the business model of the internet—surveillance capitalism—which produces troves of data about all of us, available for purchase from data brokers.

Phishing 338

Phishing Scams Internet Internet 338

The Last Watchdog

DECEMBER 7, 2021

A digital twin is a virtual duplicate of a physical entity or a process — created by extrapolating data collected from live settings. Digital twins enable simulations to be run without risking harm to the physical entity; they help inform efficiency gains made in factories and assure the reliability of jet engines, for instance.

Engineering 244

Engineering Data collection Artificial Intelligence Technology 244

Thales Cloud Protection & Licensing

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk 71

Risk Data collection Artificial Intelligence Accountability 71