Encryption, InfoSec and Technology - Cyber Security Informer

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

For example, mine was just one of many tens of thousands of Pfizer email addresses, and that sort of thing is going to raise the ire of some folks in corporate infosec capacities.

Data breaches

Data breaches Passwords B2B Technology

Thinking About the Future of InfoSec (v2022)

Daniel Miessler

MARCH 20, 2022

The ideas will cover multiple aspects of InfoSec, from organizational structure to technology. Technology. At the highest level, I think the big change to InfoSec will be a loss of magic compared to now. Technology. HT to Jeremiah Grossman to also being very early to seeing the role of insurance in InfoSec.

InfoSec

InfoSec Insurance Technology Engineering

Secure Communications: Relevant or a Nice to Have?

Jane Frankland

FEBRUARY 7, 2025

The report explores major findings and this year it put a spotlight on the complexity of the cybersecurity landscape, which is intensified by geopolitical tensions, emerging technologies, supply chain interdependencies, and cybercrime sophistication. Nation-states and geopolitical tensions are increasingly fuelling modern cyber threats.

Cyber Risk

Cyber Risk CISO Risk Encryption

CTO of Center for Internet Security Expounds on Transforming InfoSec

SecureWorld News

NOVEMBER 9, 2022

At the same time, we also have changes at every layer of the protocol stack and this is driven by an increased push for encryption—not just encryption, strong encryption.". We're responsible for the CIS benchmarks and the CIS controls.

InfoSec

InfoSec Internet Internet Encryption

The CPRA: What You Should Know as an InfoSec Professional

SecureWorld News

DECEMBER 1, 2022

Endpoint encryption for all laptops. Deploy technologies and tools that help you scale data management in a manageable way. Describing the dual-enforcement aspect of the CPRA and CCPA, with the California Attorney General and California Consumer Protection Agency having oversight and enforcement power. Privacy training, specifically.

InfoSec

InfoSec Cyber Insurance Consumer Protection Insurance

CSTA Turns 400 – Proof That Technology Integrations Is Exactly What You Are Looking For

Cisco Security

AUGUST 26, 2021

We constantly see new threats, and threat vectors, come and go; which puts a tremendous strain on the InfoSec teams that have to protect organizations and businesses from these threats. With the addition of Kenna Security into our program we now have over 250 technology partners and over 400 integrations for our mutual customers to utilize.

Technology

Technology Firewall VPN Authentication

Kingston Technology Wins Coveted Global InfoSec Awards During RSA Conference 2021

CyberSecurity Insiders

MAY 22, 2021

the flash memory affiliate of Kingston Technology Company, Inc., Encryption Market Leader. Kingston’s encrypted drives are an important tool for the government and military, as well as organizations that adhere to strict regulations, including FIPS, HIPAA, Sarbanes-Oxley, GDPR and CCPA. “We About CDM InfoSec Awards.

InfoSec

InfoSec Technology Encryption Marketing

The Clock To Q-Day Is Ticking: InfoSec Global and Thales Provide Collaborative Path to Quantum Readiness

Thales Cloud Protection & Licensing

FEBRUARY 19, 2024

To counter HNDL, migrating critical systems to Post-Quantum Cryptography (PQC) provides encryption and authentication methods resistant to an attack from a cryptographically relevant quantum computer (CRQC). The National Institute of Standards and Technology (NIST) has long played an active role in shaping cybersecurity best practices.

InfoSec

InfoSec Encryption Risk Marketing

The Importance of Technology Integration to the Value of an InfoSec product

NopSec

DECEMBER 4, 2015

The sync is bi-directional and credentials are encrypted with a customer’s unique encryption key. The post The Importance of Technology Integration to the Value of an InfoSec product appeared first on NopSec. Since our 3.4.7

InfoSec

InfoSec Technology Encryption Data breaches

UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking

Security Boulevard

FEBRUARY 16, 2025

In this episode, we discuss the UK governments demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy.

Backups

Backups Encryption Government Technology

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Telegram is NOT an Encrypted Messaging App, Must-See Documentaries

Security Boulevard

SEPTEMBER 1, 2024

In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app’s encryption claims. Is Telegram truly an encrypted messaging app? The post Telegram is NOT an Encrypted Messaging App, Must-See Documentaries appeared first on Security Boulevard.

Encryption

Encryption Media Data privacy InfoSec

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Hackers could trigger ‘fake earthquakes,’ affecting emergency and economic responses to a seismic event, and generate mistrust in seismic technology among the population, the researchers say. Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns.

IoT

IoT InfoSec Data collection Encryption

Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training

Security Boulevard

SEPTEMBER 29, 2024

In episode 348, Tom and Scott discuss Discord’s new end-to-end encryption for audio and video calls, involving the DAVE Protocol, third-party vetting by Trail of Bits, and its impact on users. The post Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training appeared first on Security Boulevard.

Encryption

Encryption Data privacy Cyber threats InfoSec

Quantum Computing: A Looming Threat to Organizations and Nation States

SecureWorld News

SEPTEMBER 7, 2023

Quantum computing poses a potential threat to current cybersecurity practices, which are based on encryption algorithms that can be broken by quantum computers. Director of Information Security, State of Colorado Governor's Office of Information Technology; and Toby Zimmerer, Sr. Demand and Delivery Director, Optiv.

Encryption

Encryption Technology Risk Architecture

Authentication is Outdated: A New Approach to Identification

CyberSecurity Insiders

JULY 3, 2021

As any infosec manager will tell you, no matter how secure your infrastructure, anyone with the right credentials can walk through the front door. Distributed ledger technology, similar to that used as the foundation for blockchain, presents new possibilities to securely manage digital identity. Adopting a Digital Trust Ecosystem.

Authentication

Authentication Identity Theft Technology InfoSec

Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma

Security Boulevard

MAY 21, 2023

Next, we discuss Google Domains’ introduction of new top-level domains (TLDs) like.zip and […] The post Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma appeared first on Shared Security Podcast.

Encryption

Encryption Passwords Accountability Data privacy

Play Ransomware Gang Behind Oakland Cyberattack

SecureWorld News

MARCH 3, 2023

It adds the extension.play to the encrypted files and leaves a note with the word PLAY and an email address for contact, according to cybersecurity firm Avertium. The cyber gang uses a combination of encryption algorithms to lock the files, making them impossible to recover without the decryption key.

Ransomware

Ransomware Encryption InfoSec Manufacturing

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

Security Boulevard

DECEMBER 19, 2021

This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to steal cars, and a FBI training document describes what data can be obtained by encrypted messaging apps. ** Links mentioned on the show […].

Encryption

Encryption InfoSec Technology Information Security

The Rise of Data Sovereignty and a Privacy Era

SecureWorld News

JUNE 24, 2024

In addition, the risks of monetary and operational damage render it mission critical for enterprises to envision and enact the appropriate People, Process, and Technology safeguards to assure data protection and privacy. Traditionally, InfoSec lies within the IT organization, and Privacy is housed inside the Legal department.

IoT

IoT InfoSec Artificial Intelligence Risk

Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption

Security Boulevard

DECEMBER 15, 2024

Additionally, Scott discusses the massive Salt Typhoon hacking [] The post Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption appeared first on Shared Security Podcast. The post Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption appeared first on Security Boulevard.

Encryption

Encryption Government Hacking Risk

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

FEBRUARY 4, 2024

” This one, as far as infosec stories go, had me leaning and muttering like never before. Online security, technology and “The Cloud” Australian.", Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! Microsoft Regional Director. Pluralsight author.

Passwords

Passwords Accountability Backups Data breaches

The New Zoom Controversy About Privacy and Police Access

SecureWorld News

JUNE 4, 2020

Zoom admitted the end-to-end encryption it claimed to offer was quite different from the cybersecurity community's definition of the privacy feature. New Zoom controversy over encryption and working with police. It's true that Zoom is not giving free users full end-to-end encryption. But the company itself can investigate abuse.

Encryption

Encryption CSO InfoSec Cybersecurity

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Security Boulevard

FEBRUARY 14, 2025

Cybersecurity News) How to mitigate buffer overflow vulnerabilities (Infosec Institute) How to prevent buffer overflow attacks (TechTarget) VIDEOS What is a Buffer Overflow Attack? For more information about the threat from quantum computing: Is Quantum Computing a Cybersecurity Threat? Kirsten Gillibrand (D-N.Y.)

Banking

Banking Cybercrime Cybersecurity Ransomware

Keeper Security Acquires Glyptodon to Provide Zero-Trust Remote Access for IT Admins, SREs and DevOps Teams

CyberSecurity Insiders

FEBRUARY 3, 2022

It includes integration of Glyptodon Enterprise into Keeper Security’s zero-trust and zero-knowledge security and encryption architecture, resulting in a highly-secure, agentless remote access platform, without the need of a virtual private network (VPN). “In Keeper is SOC-2, FIPS 140-2 and ISO 27001 Certified.

Password Management

Password Management Passwords Encryption Data breaches

The Top 5 Reasons to Use an API Management Platform

Security Affairs

NOVEMBER 20, 2023

The Importance of API management In the midst of all the technologies present (sometimes, it can be a chaotic array!), Many of these are just like any other technology vulnerabilities and dangers, such as web apps, business risks, virtual environments. organizations need to govern and control the API ecosystem.

Authentication

Authentication Government Technology Risk

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations

Security Boulevard

AUGUST 15, 2024

These include the newly developed CRYSTALS-Kyber (general encryption) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (digital signatures) algorithms pending finalizations by NIST. The report also cites several leading Technology and Consulting companies with PQC-relevant solutions.

Encryption

Encryption Digital transformation Technology InfoSec

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Healthcare Data Privacy Laws. Health data and patient data in the U.S.

Data privacy

Data privacy Encryption Data breaches Insurance

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

In the spirit of National Cyber Security Awareness Month (NCSAM), my colleague Ashvin Kamaraju wrote about how organizations can use fundamental controls to secure their information technology. Infosec personnel should also help employees store those passwords safely such as via the use of a password manager. Employ Device Encryption.

Security Awareness

Security Awareness InfoSec Passwords Accountability

CloudWizard APT: the bad magic story goes on

SecureList

MAY 19, 2023

Over the years, the infosec community has discovered multiple APTs operating in the Russo-Ukrainian conflict region – Gamaredon, CloudAtlas , BlackEnergy and many others. Encryption and communication As we have mentioned above, two modules (Crypton.dll and Internet.dll) are bundled with every installation of the CloudWizard framework.

Encryption

Encryption Malware Internet Internet

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations

Thales Cloud Protection & Licensing

AUGUST 15, 2024

These include the newly developed CRYSTALS-Kyber (general encryption) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (digital signatures) algorithms pending finalizations by NIST. The report also cites several leading Technology and Consulting companies with PQC-relevant solutions.

Encryption

Encryption Digital transformation Technology InfoSec

Real threats for real people - What has the pandemic taught us?

Thales Cloud Protection & Licensing

NOVEMBER 5, 2020

Todd is the head of encryption products at Thales, and Rick is the principal and trusted advisor at Goldbug Technology Consulting. How can an InfoSec team make sure that the networks of their remote workforce are secure? Encryption. My guests for this episode were Todd Moore and Rick Robinson. Data security.

InfoSec

InfoSec Encryption CISO Technology

2020 Hindsight – Top 10 Highlights from McAfee

McAfee

DECEMBER 4, 2020

Our MDR service with DXC Technology provides 24/7 critical alert monitoring, managed threat hunting, advanced investigations, and threat disruption 365 days a year. government.GOV validation and HTTPS encryption among county election websites in 13 states. Cloud Risk & Adoption Report: Work-from-Home Edition. Ahead of the 2020 U.S.

Cyber threats

Cyber threats InfoSec Big data Architecture

ANOM FBI Global Crime Sting, Colonial Pipeline Updates, Password Leak Research

Security Boulevard

JUNE 13, 2021

Details about the “ANOM” global crime sting where the FBI created a fake encrypted mobile phone for criminals that promised secure communications, new details about how the Colonial Pipeline ransomware attack started, and some really bad security research about stolen user credentials. ** Links mentioned on the show ** Only the following devices have (..)

Passwords

Passwords Mobile Encryption Ransomware

The bad old days

Javvad Malik

NOVEMBER 12, 2021

We only had Infosec Europe and the most we got out of there was some free USB sticks… If we were lucky they would be 500 megs. It’s so easy to manipulate anyone that works in infosec. Yeah, infosec is full of characters. Then I think back to what we had as our privileged password piece of high tech technology.

Passwords

Passwords InfoSec Accountability Encryption

Was This the World's First Fatal Cyberattack?

SecureWorld News

SEPTEMBER 21, 2020

These may have been compromised before the Citrix security updates were installed and can therefore still allow attackers to access internal networks and other activities, such as the diversion or encryption of sensitive data or the manipulation or shutdown of systems, business processes and operating procedures.

Ransomware

Ransomware Marketing VPN Healthcare

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

McAfee

OCTOBER 31, 2021

In the past, fake social profiles were relatively easy to spot, however in the case of DPRK, the cybercriminals spent time to setting up a profile, get hooked up into the infosec scene, gain followers and connections through LinkedIn, making it more difficult than before to detect a fraudulent account. Techniques & Tactics. Prevention.

Cybercrime

Cybercrime Government Malware Media

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Within six hours, the attacker began encrypting the organization’s systems. This concealed their attack until the environment was encrypted and backups were sabotaged. Infosec teams may have a false sense of security when critical servers are equipped with EDR technology and redundant logging.

Social Engineering

Social Engineering Engineering Accountability Backups

Harnessing The Benefits of The Thales and Imperva Partner Ecosystem

Thales Cloud Protection & Licensing

SEPTEMBER 25, 2024

Thales provides Double Key Encryption for Microsoft 365 and Client-Side Encryption for Google Workspace. Accenture enables customer migration to Oracle Cloud Infrastructure (OCI) by leveraging Thales CipherTrust Cloud Key Management to maintain complete HYOK control of the encryption keys securing their sensitive data.

Encryption

Encryption Financial Services Digital transformation Software

Spotlight Podcast: RSA CTO Zulfikar Ramzan on confronting Digital Transformation’s Dark Side

The Security Ledger

NOVEMBER 15, 2019

In this Spotlight Edition of the podcast we're speaking with RSA Chief Technology Officer Zulfikar Ramzan about how his company is adapting to help its customers confront the dark side of digital transformation initiatives: increased digital risk, including from cloud, artificial intelligence and the Internet of Things. The post Spotlight.

Digital transformation

Digital transformation Artificial Intelligence Internet Internet

Gootkit: Unveiling the Hidden Link with AZORult

Security Affairs

FEBRUARY 12, 2019

Figure 3: Encrypted communication with driverconnectsearch[.]info The Gootkit implant counts several modules written on top of NodeJS technology embedded into the PE file, revealing part of the implant code. Figure 2: Classic Brushaloader sample (left) along with the recent Javascript stager (right). info server. Conclusion.

Malware

Malware Advertising InfoSec Passwords

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

Further evolution of cyberthreats as a response to infosec tools and measures. Of the many industrial companies out there, APTs are likely to focus on: The military-industrial complex and aerospace industry — most likely for military and technological espionage purposes. Threats to OT. P stands for perseverance.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

ProtonMail IP Address Logging Controversy, Fake Bot Disinformation, Correctional Facility Robot Overlords

Security Boulevard

SEPTEMBER 12, 2021

Details on the controversy over encrypted email service ProtonMail handing over a user’s IP address to the Swiss police, how a fake bot disinformation campaign went viral on Twitter, and are we ready to welcome our correctional facility robot overlords? ** Links mentioned on the show ** ProtonMail deletes ‘we don’t log your IP’ boast […].

Encryption

Encryption InfoSec Technology Cybersecurity

Application Security for builders and creators

Security Boulevard

MARCH 13, 2021

Tech: What is the application and cloud technology stack? The team agrees that the data would always be encrypted both at rest and in transit. In summary, always encrypt, don’t log but audit. Claire knows quite well that both Alice and Bob would stick to their words and always use encryption for data and obfuscation for logs.

Architecture

Architecture Encryption Healthcare Mobile

Inside the DemandScience by Pure Incubation Data Breach

Thinking About the Future of InfoSec (v2022)

Trending Sources

Secure Communications: Relevant or a Nice to Have?

CTO of Center for Internet Security Expounds on Transforming InfoSec

The CPRA: What You Should Know as an InfoSec Professional

CSTA Turns 400 – Proof That Technology Integrations Is Exactly What You Are Looking For

Kingston Technology Wins Coveted Global InfoSec Awards During RSA Conference 2021

The Clock To Q-Day Is Ticking: InfoSec Global and Thales Provide Collaborative Path to Quantum Readiness

The Importance of Technology Integration to the Value of an InfoSec product

UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking

Happy 13th Birthday, KrebsOnSecurity!

Telegram is NOT an Encrypted Messaging App, Must-See Documentaries

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training

Quantum Computing: A Looming Threat to Organizations and Nation States

Authentication is Outdated: A New Approach to Identification

Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma

Play Ransomware Gang Behind Oakland Cyberattack

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

The Rise of Data Sovereignty and a Privacy Era

Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

The New Zoom Controversy About Privacy and Police Access

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Keeper Security Acquires Glyptodon to Provide Zero-Trust Remote Access for IT Admins, SREs and DevOps Teams

The Top 5 Reasons to Use an API Management Platform

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations

Security Compliance & Data Privacy Regulations

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

CloudWizard APT: the bad magic story goes on

Thales PQC Partner Ecosystem Facilitates and Accelerates Quantum-Safe Migrations

Real threats for real people - What has the pandemic taught us?

2020 Hindsight – Top 10 Highlights from McAfee

ANOM FBI Global Crime Sting, Colonial Pipeline Updates, Password Leak Research

The bad old days

Was This the World's First Fatal Cyberattack?

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

Scattered Spider x RansomHub: A New Partnership

Harnessing The Benefits of The Thales and Imperva Partner Ecosystem

Spotlight Podcast: RSA CTO Zulfikar Ramzan on confronting Digital Transformation’s Dark Side

Gootkit: Unveiling the Hidden Link with AZORult

Threats to ICS and industrial enterprises in 2022

ProtonMail IP Address Logging Controversy, Fake Bot Disinformation, Correctional Facility Robot Overlords

Application Security for builders and creators

Stay Connected