Document and Risk - Cyber Security Informer

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

OCTOBER 31, 2024

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. Here is one big one: Do not use or rely on un-risk-ranked lists.

Cybersecurity

Cybersecurity Risk Authentication

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Malwarebytes

DECEMBER 3, 2024

But the way its solution is set up introduces an extra link in the chain in the flow of personally identifiable information (PII) from the customer to the company that deployed the chatbot, leaving an additional risk of exposure. If you do get a chance, don’t send sensitive data to a chatbot, but ask for a safe company email address instead.

Identity Theft

Identity Theft Education Risk Phishing

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Dropbox isn’t sharing all of your documents with OpenAI. We risk letting companies get away with real misconduct because we incorrectly believed in conspiracy theories. Here’s CNBC.

Government

Government Banking Risk Internet

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. So, how can you conduct a DLP risk assessment? What is a DLP Risk Assessment? Why Conduct a DLP Risk Assessment? Protecting sensitive data is what cybersecurity is all about.

Risk

Risk Cybersecurity Data breaches Cyber threats

AI Risks

Schneier on Security

OCTOBER 9, 2023

Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them. Some are concerned about far-future risks that sound like science fiction. AI could destroy humanity or pose a risk on par with nukes.

Risk

Risk Artificial Intelligence Technology Surveillance

Security Risks of Relying on a Single Smartphone

Schneier on Security

SEPTEMBER 8, 2021

Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. An employee stole the phone. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances. Using the data to steal money would have been much worse. Here’s a link to an archived version.

Risk

All Gmail users at risk from clever replay attack

Malwarebytes

APRIL 22, 2025

If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials. Protect yourand your family’spersonal information by using identity protection.

Risk

Risk Accountability Scams Phishing

Safety and Security in Automated Driving

Adam Shostack

JANUARY 2, 2025

Lets explore the risks associated with Automated Driving. I would find it more surprising if I were to look at a 150 page document and not find anything surprising.) One of the "minimal risk" maneuvers listed (table 4) is an emergency stop. Give specific threat information and mitigation strategies to component designers.

Risk

Risk Architecture Manufacturing Cybersecurity

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

SecureList

OCTOBER 29, 2024

The primary objective of these services is risk reduction. Policy violations by employees Most organizations focus on external threats; however, policy violations pose a major risk , with 51% of SMB incidents and 43% of enterprise incidents involving IT security policy violations caused by employees.

Risk

Risk Antivirus Accountability Malware

Threat Modeling the Genomic Data Sequencing Workflow (Threat Model Thursday)

Adam Shostack

FEBRUARY 12, 2025

This is a big, complex document. The apparent complexity is exacerbated by the intermingling of how to conduct with sample output and perhaps the document might be improved by breaking it into two: a how to guide and a sample output document or documents. What makes this level of detail right for this document?

Risk

Risk Manufacturing Encryption Surveillance

Opportunities and risks of AI coding assistants

BH Consulting

DECEMBER 6, 2024

This blog will explore the advantages and risks these AI tools bring, along with actionable steps to integrate them responsibly into business practices. Maintaining code standards is essential, and AI assistants help enforce consistent code formatting, documentation, and commenting which improves readability and collaboration across teams.

Risk

Risk Data privacy Information Security Software

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. If you bought or sold a property in the last two decades or so, chances are decent that you also gave loads of personal and financial documents to First American.

Insurance

Insurance Risk Financial Services CISO

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

With the help of these documents, even inexperienced operators with limited hacking skills can quickly acquire the necessary expertise to successfully forward counterfeit EDRs. These EDRs, representing the official cooperation channels between law enforcement agencies and social media platforms, are at risk of becoming a double-edged sword.

Cybercrime

Cybercrime Social Engineering Accountability Government

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Unisys, for instance, was found to have framed cyber risks hypothetically even though its systems had already been breached, exfiltrating gigabytes of data. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. Want to stay out of trouble?

CISO

CISO CSO Risk Cyber threats

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation.

Password Management

Password Management Architecture Threat Detection Cybersecurity

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Security Affairs

APRIL 16, 2025

-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. government funding for MITRE s CVE program , a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption.

Government

Government Risk Cybersecurity Media

PayPal scam abuses Docusign API to spread phishy emails

Malwarebytes

MARCH 4, 2025

Also, it seems weird that Docusign has been used to send a document that doesnt require a signature. I’ve you’ve received an email like this and want to verify if it’s genuine, go directly to Docusign.com, click ‘Access Documents’ (upper right-hand corner), and enter the security code displayed in the email.

Scams

Scams Accountability Phishing Banking

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. These sealed documents will not be uploaded to CM/ECF.

Computers and Electronics

Computers and Electronics Software Engineering Accountability

News alert: Bubba AI launches Comp AI to help 100,000 startups get SOC 2 compliant by 2032

The Last Watchdog

MARCH 3, 2025

is building a comprehensive solution for these organizations to easily integrate compliance workflows and build their own customized processes through an open-source alternative to existing GRC (Governance, Risk, and Compliance) automation platforms. Bubba AI, Inc.

Marketing

Marketing Risk Banking Media

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

Centraleyes

FEBRUARY 17, 2025

Policy management is the sturdy scaffolding that supports governance, risk, and compliance (GRC) objectives while shaping corporate culture and ensuring adherence to regulatory obligations. It anchors organizational goals, mitigates risks, and guides compliance. Tailored : No one-size-fits-all.

Architecture

Architecture Government Risk Technology

Identifying People Using Cell Phone Location Data

Schneier on Security

JANUARY 9, 2023

This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. He is based in a rural area, so he can’t risk making his ransom calls from that area.

Surveillance

Surveillance Internet Internet Risk

New SEC Rules around Cybersecurity Incident Disclosures

Schneier on Security

AUGUST 2, 2023

There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Continuous assessment of the risk reduction activities should be elevated within an enterprise risk management framework and process.

Cybersecurity

Cybersecurity Risk Government Accountability

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

From identity theft to greater oversight on risk management, internal IT teams will be taking the brunt of these incoming regulations. Regulatory overload Firms in the financial services industry are staring down the bottom of the regulatory barrel coming into 2024. The list goes on.

Cyber Risk

Cyber Risk Risk Financial Services Cyber threats

10 Benefits of Leading a Cybersecurity Management Review

SecureWorld News

NOVEMBER 25, 2024

It’s a chance to take a high-level look at how well your organization is managing information security risks, meeting objectives, and staying aligned with regulatory and business needs. Whether it’s a gap in controls, a missed objective, or an emerging risk, this is your chance to catch it early and take action.

Cybersecurity

Cybersecurity Risk Information Security Accountability

The Limits of Cyber Operations in Wartime

Schneier on Security

MAY 31, 2022

In theory, subversion provides a way to exert influence at lower risks than force because it is secret and indirect, exploiting systems to use them against adversaries. Qualitative analysis leverages original data from field interviews, leaked documents, forensic evidence, and local media.

Media

Media Technology Risk

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

But in a response filed today (PDF), prosecutors in Seattle said Wagenius was a flight risk, partly because prior to his arrest he was searching online for how to defect to countries that do not extradite to the United States. government military which country will not hand me over” -“U.S.

Hacking

Hacking Government Identity Theft Accountability

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

The Last Watchdog

JANUARY 27, 2022

Throughout this period, the risk level of the acquirer is much higher than the acquired company, creating a major cybersecurity gap as they merge their tech stack and security tools together. They can be divided into two categories: Pre-Close Risks. Lack of documented evidence. . Lack of documented evidence.

Marketing

Marketing Data privacy Risk Accountability

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Krebs on Security

JUNE 21, 2020

In a post on Twitter , DDoSecrets said the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”

Government

Government Accountability Cyber threats Cyber Attacks

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

Nothing showed evidence that a HIPAA-compliant risk analysis had ever been conducted (lists of usernames and passwords in plain text on the compromised server). Court documents also reveal that because Westend Dental did not conduct a forensic investigation, the exact number of people affected by the breach is unknown.

Data breaches

Data breaches Ransomware Passwords Insurance

7-Zip bug could allow a bypass of a Windows security feature. Update now

Malwarebytes

JANUARY 22, 2025

The MotW also makes sure that Office documents that are marked with the MotW will be opened in Protected View, which automatically enables read-only mode and means that all macros will be disabled until the user allows them. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline.

Internet

Internet Internet Malware Risk

New iMessage Security Features

Schneier on Security

JANUARY 29, 2021

Apple has added added security features to mitigate the risk of zero-click iMessage attacks.

Risk

Risk Hacking Cybersecurity

Threat Model Thursday: BIML Machine Learning Risk Framework

Adam Shostack

JANUARY 2, 2025

Risk Framework and Machine Learning The Berryville Institute of Machine Learning (BIML) has released " An Architectural Risk Analysis of Machine Learning Systems." BIML has released the work in two ways, an interactive risk framework contains a subset of the information in the PDF version. The first challenge is specificity.

Risk

Risk Engineering Architecture

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The content of the email was empty, and the message only included an attached document that was not visible in the email client. The researchers also published PoC exploit code for this vulnerability.

VPN

VPN Firewall Technology Passwords

QR codes sent in attachments are the new favorite for phishers

Malwarebytes

APRIL 3, 2025

The attackers can even embed the QR codes in professionally designed documents mimicking HR portals, payroll updates, tax reviews , or e-signature services (e.g. We dont just report on phone securitywe provide it Cybersecurity risks should never spread beyond a headline.

Phishing

Phishing Banking Mobile Accountability

UK Cybersecurity Weekly News Roundup – 31 March 2025

Security Boulevard

MARCH 30, 2025

A worrying 64% of public sector IT leaders said they are unsure about best practices, with legacy systems worsening the risk. The document urges critical infrastructure operators to begin preparations now, with system discovery and risk assessments expected by 2028. Full migration should be completed by 2035.

Cybersecurity

Cybersecurity Digital transformation Ransomware Healthcare

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

DECEMBER 18, 2024

The DPC fined Meta 251M for GDPR violations, citing insufficient breach notifications (8M), poor breach documentation (3M), design flaws (130M), and default data protection failures (110M). By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.

Data breaches

Data breaches Accountability Risk Advertising

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

This address was the subject of an investigation published in July by CTV National News and the Investigative Journalism Foundation (IJF) , which documented dozens of cases across Canada where multiple MSBs are incorporated at the same address, often without the knowledge or consent of the location’s actual occupant. in Vancouver, BC.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

News alert: Doppler announces integration with Datadog to streamline credential security

The Last Watchdog

JANUARY 31, 2025

Dopplers automated secrets storage and rotation, paired with Datadogs continuous monitoring, empowers teams to mitigate risks of secret sprawl and prevent unauthorized access in a scalable, automated fashion. Together, were helping teams protect their data while allowing them to stay focused on building great software.

Risk

Risk Data breaches Media Engineering

Europol takes down criminal data hub Manson Market in busy month for law enforcement

Malwarebytes

DECEMBER 6, 2024

Earlier this week the German police shut down the servers and arrested one of the administrators of the countrys largest German-speaking online marketplaces for illegal goods and services, including stolen data, drugs, and forged documents. Protect yourand your family’spersonal information by using identity protection.

Marketing

Marketing Banking Encryption Phishing

Types of Risk Assessment Methodologies: Choosing the Right Approach for Your Needs

Centraleyes

MARCH 17, 2025

Every organization faces risks that threaten its objectives, assets, and operations. A risk assessment is the foundation for identifying, analyzing, and prioritizing these risks. Understanding the basics of risk assessment is the first step in building a resilient and proactive strategy to mitigate risks and vulnerabilities.

Risk

Risk Insurance Small Business Cybersecurity

U.S. Lawmakers Push to Ban DeepSeek from Government Devices

SecureWorld News

FEBRUARY 6, 2025

The move comes amid growing concerns that DeepSeek's generative AI capabilities pose a national security risk due to its direct links to the Chinese Communist Party (CCP) and China Mobile, a Chinese government-owned entity already banned by the U.S. Federal Communications Commission (FCC) for security concerns. What's next?

Government

Government Artificial Intelligence Data privacy Mobile

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

The leak includes work logs, DevOps commands, API data, and network configs with hardcoded credentials, posing security risks to TopSec and its customers. Some documents detail the use of web content monitoring services to enforce censorship for public and private sector customers. ” reads the report published by SentinelLabs.

Government

Government Cybersecurity Hacking Internet

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

The Last Watchdog

MARCH 25, 2024

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. It seeks to establish and monitor your company’s cybersecurity risk management strategy, expectations, and policy. The CSF 2.0

Cybersecurity

Cybersecurity Artificial Intelligence Risk Government

FBI warns of malicious free online document converters spreading malware

Roger Grimes on Prioritizing Cybersecurity Advice

Webinars

Trending Sources

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Webinars

OpenAI Is Not Training on Your Dropbox Documents—Today

From Risk Assessment to Action: Improving Your DLP Response

AI Risks

Security Risks of Relying on a Single Smartphone

All Gmail users at risk from clever replay attack

Safety and Security in Automated Driving

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Threat Modeling the Genomic Data Sequencing Workflow (Threat Model Thursday)

Opportunities and risks of AI coding assistants

First American Financial Pays Farcical $500K Fine

EDR-as-a-Service makes the headlines in the cybercrime landscape

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

PayPal scam abuses Docusign API to spread phishy emails

Sealed U.S. Court Records Exposed in SolarWinds Breach

News alert: Bubba AI launches Comp AI to help 100,000 startups get SOC 2 compliant by 2032

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

Identifying People Using Cell Phone Location Data

New SEC Rules around Cybersecurity Incident Disclosures

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

10 Benefits of Leading a Cybersecurity Management Review

The Limits of Cyber Operations in Wartime

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Dental group lied through teeth about data breach, fined $350,000

7-Zip bug could allow a bypass of a Windows security feature. Update now

New iMessage Security Features

Threat Model Thursday: BIML Machine Learning Risk Framework

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

QR codes sent in attachments are the new favorite for phishers

UK Cybersecurity Weekly News Roundup – 31 March 2025

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

How Cryptocurrency Turns to Cash in Russian Banks

News alert: Doppler announces integration with Datadog to streamline credential security

Europol takes down criminal data hub Manson Market in busy month for law enforcement

Types of Risk Assessment Methodologies: Choosing the Right Approach for Your Needs

U.S. Lawmakers Push to Ban DeepSeek from Government Devices

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

Stay Connected