Event and Risk - Cyber Security Informer

Another Event-Related Spyware App

Schneier on Security

NOVEMBER 15, 2022

This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Last month, we were warned not to install Qatar’s World Cup app because it was spyware.

Spyware

Spyware Technology Encryption Government

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

The Last Watchdog

JANUARY 15, 2025

15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. Silver Spring, MD, Jan. 28 and headlined by industry luminary Kevin Mandia. Users can visit aembit.io

Accountability

Accountability Software Risk Media

Risk Talk at JPL

Adam Shostack

JANUARY 2, 2025

The first part of the talk puts threat modeling in context for engineering secure systems, while the second part considers why we do what we do and asks some questions about how we think about risk. The biggest of those questions starts from the observation that many of the ways weve learned to use math in risk involve iteration.

Risk

Risk Insurance Engineering Marketing

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. Security Risk Advisors SCALR XDR is both a platform, built on Microsoft Azure and a 247 monitoring service with Microsoft Sentinel. Philadelphia, Pa., Philadelphia, Pa., To learn more: [link].

Risk

Risk Penetration Testing Marketing Technology

COVID-19 Risks of Flying

Schneier on Security

JUNE 24, 2020

This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying. There are no superspreader events involving airplanes. I think that most of the risk is pre-flight, in the airport: crowds at the security checkpoints, gates, and so on. That did happen with SARS.)

Risk

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Unisys, for instance, was found to have framed cyber risks hypothetically even though its systems had already been breached, exfiltrating gigabytes of data. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. Want to stay out of trouble?

CISO

CISO CSO Risk Cyber threats

GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risks

The Last Watchdog

JUNE 23, 2022

Securities and Exchange Commission (SEC) is taking steps to crack down on insufficient cyber risk reporting. Related : Making third-party risk audits actionable. The new rules urge companies to build more robust cyber risk management programs. Disclosing policies and procedures for risk management.

Cyber Risk

Cyber Risk Risk Cybersecurity Cyber threats

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

SecureList

OCTOBER 29, 2024

The primary objective of these services is risk reduction. Policy violations by employees Most organizations focus on external threats; however, policy violations pose a major risk , with 51% of SMB incidents and 43% of enterprise incidents involving IT security policy violations caused by employees.

Risk

Risk Antivirus Accountability Malware

Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published

Penetration Testing

APRIL 6, 2025

A security researcher has recently disclosed technical details and proof-of-concept (PoC) exploit code for a vulnerability in the Linux kernel’s Performance Events system component. indicating a high severity risk. This flaw, identified as CVE-2023-6931, carries a CVSS score of 7.8,

Risk

Risk Cybersecurity

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

Thales Introduces Data Risk Intelligence, Bringing Organizations Risk Profile Front and Center

Thales Cloud Protection & Licensing

DECEMBER 3, 2024

Thales Introduces Data Risk Intelligence, Bringing Organizations Risk Profile Front and Center madhav Tue, 12/03/2024 - 09:32 When Thales finalized the acquisition of Imperva in January 2024, our aim was clear: to empower organizations to protect data and secure all paths to it. Want to dive deeper?

Risk

Risk Digital transformation Encryption Software

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

The Last Watchdog

OCTOBER 3, 2024

The extensions are capable of hooking into login events to redirect users to a page disguised as a password manager login. Ramachandran Vivek Ramachandran , Founder & CEO of SquareX , warned about the mounting risks: “Browser extensions are a blind spot for EDR/XDR and SWGs have no way to infer their presence. Singapore, Oct.

Risk

Risk Password Management Malware Media

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

“The SEC’s order against Unisys finds that the company described its risks from cybersecurity events as hypothetical despite knowing that it had experienced two SolarWinds-related intrusions involving exfiltration of gigabytes of data. ” reads the press release published by SEC.

Hacking

Hacking Risk Cybersecurity Government

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

The Last Watchdog

APRIL 17, 2023

Here are a few of the top security weaknesses that threaten organizations today: Poor risk management. A lack of a risk management program or support from senior management is a glaring weakness in your cybersecurity strategy. Logging events is the first step in understanding which services or systems are used within an organization.

Risk

Risk Cybersecurity Data breaches Cyber Attacks

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. INE Security recommends establishing a routine for updating and patching software, which can significantly reduce the risk of a breach. Cary, NC, Oct.

Small Business

Small Business Data breaches Backups Passwords

Upcoming Speaking Engagements

Schneier on Security

SEPTEMBER 14, 2021

This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live —an all-online event—September 15-16, 2021. I’m speaking at the fourth annual Managing Cyber Risk from the C-Suite conference—a virtual event conducted through Webex—on October 5, 2021. Details to come.

Data privacy

Data privacy Cyber Risk Risk Cybersecurity

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk

Risk Threat Detection Technology Phishing

Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks

Security Boulevard

JULY 12, 2024

We're primed to face another Y2K-like event: Q-Day, the point at which quantum computers become capable of breaking traditional encryption, totally upending security as we know it. The post Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks appeared first on Security Boulevard.

Risk

Risk Encryption Security Awareness Government

Best Practices for Hospitals To Manage Risks To CyberSecurity Created By Medical Technology And Information Systems: A Webinar With The CIA’s Former CyberSecurity Director And The Top CyberSecurity Columnist

Joseph Steinberg

OCTOBER 12, 2022

Join Bonnie Stith, former Director of the CIA’s Center for Cyber Intelligence , and and Joseph Steinberg, renowned cybersecurity expert witness and columnist , for a special, free educational webinar, Best Practices for Asset Risk Management in Hospitals. The discussion will cover: * How IT asset risks have evolved.

Cybersecurity

Cybersecurity Technology Risk Artificial Intelligence

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

From identity theft to greater oversight on risk management, internal IT teams will be taking the brunt of these incoming regulations. Other tactics firms can employ include the adoption of new tools such as security incident and event monitoring (SIEM), real-time vulnerability scanning, endpoint detection and response (EDR) and many others.

Cyber Risk

Cyber Risk Risk Financial Services Cyber threats

How Outsourcing Cybersecurity Crashed the World’s IT: A Webinar With Columbia University Faculty

Joseph Steinberg

JULY 23, 2024

During this webinar, you will learn how this global outage happened, what other security risks may be on the horizon, what lessons we can all learn from recent events, and what individuals, businesses, and governments can do to avoid similar disasters in the future.

Artificial Intelligence

Artificial Intelligence Cybersecurity Government Technology

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

The Last Watchdog

JANUARY 3, 2023

Even events like the World Cup are being used by cyber criminals to target unsuspecting victims through things like fake streaming sites designed to steal private information. With more and more people working remotely, unsecured home or public WiFi networks represent a security risk not only to individuals but to their companies as well.

Risk

Risk Cybersecurity Antivirus Phishing

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

Joseph Steinberg

JULY 8, 2021

Ironically, while many larger enterprises purchase insurance to protect themselves against catastrophic levels of hacker-inflicted damages, smaller businesses – whose cyber-risks are far greater than those of their larger counterparts – rarely have adequate (or even any) coverage.

Insurance

Insurance Cyber Insurance Cybersecurity Small Business

White House Announces AI Cybersecurity Challenge

Schneier on Security

AUGUST 21, 2023

Interested would-be competitors can now submit their proposals to the Small Business Innovation Research program for evaluation and, eventually, selected teams will participate in a 2024 “qualifying event.” In other words: the government wants software that is capable of identifying and mitigating risks by itself.

Cybersecurity

Cybersecurity Small Business Government Software

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

Troy Hunt

MARCH 15, 2020

That sucks for you because you end up both missing out on events and sooner or later, suffering from cabin fever (I've always found that difficult across many years of remote work). It also sucks for companies like NDC Conferences whose entire livelihood is running the very events that people are now avoiding at all costs. Crisitunity!

Hacking

Hacking Technology Software Risk

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

The Last Watchdog

JULY 25, 2024

Implementing zero trust across the entirety of the technology stack would go a long way toward increasing resilience against events like this. This event, more than any other, is precisely why companies need a defense in depth strategy. Learning from this event can be critical to reducing the recovery time from major outages to come.

Technology

Technology Ransomware Software Cyber Attacks

Weekly Update 209

Troy Hunt

SEPTEMBER 18, 2020

helps you quickly secure your AD passwords and reduce the risk of Credential Stuffing. The headline figure out of that post IMHO is that only 2.3% of websites are forcing all connections to be secure courtesy of HSTS preload and the fact that browsers still default to the insecure scheme. More on that (and much more) in this week's update.

VPN

VPN IoT Passwords Ransomware

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Proactive monitoring of Windows event logs, specifically from the “Microsoft-Windows-BitLocker-API/Management” source, can help organizations detect early stages of BitLocker attacks, such as when attackers test encryption capabilities. ” concludes the report.

Ransomware

Ransomware Encryption Passwords Backups

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Adam Levin

JUNE 4, 2021

Practice the 3Ms: Minimize your risk of exposure: Don’t take unnecessary risks and invest in cyber defenses and education. Manage the damage: Plan ahead in the event of a successful cyberattack and have a cyber liability insurance plan to help offset the costs. . We are in the midst of an ongoing ransomware epidemic.

Ransomware

Ransomware Backups Insurance Healthcare

Defending against Identity-Based Threats using the Shared Signals Framework

Duo's Security Blog

FEBRUARY 13, 2025

Most recently, in December of 2024, we attended the Gartner IAM conference interoperability event, where we demonstrated the power of Shared Signals in detecting and preventing session theft, a top security concern for our customers. With Cisco Secure Access, Shared Signals can help Duo communicate risk to cut off access to the network.

Authentication

Authentication Accountability Passwords Risk

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

MAY 16, 2022

This complexity can be compounded by the effects of world events like COVID-19 or a war, resulting in manufacturing slowdowns and lockdowns. Such events have led to parts shortages that force the use of older and less-secure replacement parts to meet schedules, which emphasizes the need for innovation and for additional suppliers.

Cyber Attacks

Cyber Attacks Firmware Artificial Intelligence Manufacturing

DEF CON 32 – How State Laws Meant to Protect Children Raise Other Risks

Security Boulevard

DECEMBER 29, 2024

Originating from the conferences events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – How State Laws Meant to Protect Children Raise Other Risks appeared first on Security Boulevard.

Risk

Risk Education Cybersecurity

News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed

The Last Watchdog

APRIL 7, 2025

Organizations need to take a layered approach to close the gaps before attacks progress deeper into their environments, resulting in events like ransomware and account takeover. Fleury When a malware infection goes undetected, the consequences can be catastrophic, said Damon Fleury, Chief Product Officer at SpyCloud.

Antivirus

Antivirus Malware Cybercrime Identity Theft

Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections

Security Affairs

JULY 25, 2024

According to the latest risk assessment published by Resecurity, terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks, as well as to conduct recruitment and establish anonymous communication channels (using apps like Session and their alternatives).

Risk

Risk Financial Services Education Banking

Shifting from Business Continuity to Continuous Business in Cyber

Jane Frankland

OCTOBER 25, 2024

Attending their annual global event series, SHIFT , in London recently, he redefined the future of business resilience in his keynote address and positioned the concept of continuous business—a ground-breaking state of perpetual availability and robustness which revolves around four pivotal elements: 1.

Cyber Risk

Cyber Risk CISO Cyber threats Risk

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Last Watchdog

FEBRUARY 21, 2022

The risks are real, and the impact of cybersecurity events continues to grow. A cyber catastrophe may seem inevitable, but there are basic practices and actionable steps any healthcare organization can take to begin reducing the clear and present risk of being impacted by a cybersecurity event. Evaluate data inventory.

Healthcare

Healthcare Cyber Attacks Education Social Engineering

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

SecureWorld News

OCTOBER 16, 2024

All kidding aside, in a bizarre turn of events, owners of robot vacuums across the U.S. Smart home users should stay vigilant, update device software regularly, and implement network security best practices to mitigate risks. What did the robot vacuum say to its homeowner? have reported that their devices have been hacked.

IoT

IoT Hacking Risk Internet

Ransomware Attack Ends a 150 Year Company

Security Boulevard

MARCH 5, 2025

This terribly unfortunate event is a good example of how cybersecurity matters to every company that depends on digital technology - even if it is to run your books or manage your logistics. It is a dynamic adversarial endeavor where risk must be continually managed. It is not just a technical problem that can be solved!

Ransomware

Ransomware Cybersecurity Risk Technology

Critical Actions Post Data Breach

SecureWorld News

DECEMBER 30, 2024

While this article focuses on handling data breaches, a comprehensive Business Continuity Plan (BCP) encompasses a broad spectrum of risks, including pandemics, natural disasters, financial instability, and human errors. These instructions ensure that every team understands their role in mitigating risks and expediting recovery.

Data breaches

Data breaches Social Engineering Passwords Accountability

What are the key Threats to Global National Security?

IT Security Guru

NOVEMBER 1, 2024

The risk posed by these actors continues to grow as nations rely increasingly on interconnected digital infrastructure. The effects of rising temperatures, extreme weather events, and resource shortages contribute to instability worldwide. Conclusion The scope of national security threats today is broader and more complex than ever.

Technology

Technology Cyber Attacks Government Social Engineering

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

ZAGG announced the implementation of security measures to minimize the risk of a similar event occurring in the future. “If you believe there was fraudulent use of your information as a result of this event and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent. .

Data breaches

Data breaches Computers and Electronics Hacking Wireless

Pwned or Bot

Troy Hunt

JANUARY 19, 2023

Tickets to entertainment events is one example of sniping, the same thing happens when other products launch with insufficient supply to meet demand, for example Nike shoes. The best illustration I can give is how Stripe defines risk by assessing a multitude of fraud factors.

Data breaches

Data breaches Risk Identity Theft Accountability

Hidden Costs of Cybersecurity: Balancing Risk, Complexity & Efficiency

SecureWorld News

OCTOBER 21, 2024

In contrast, more mature organizations quantify risk, comparing the original risk against the cost of the solution and the residual risk after deployment to decide whether to proceed with the purchase. Some focus on the solution's problem-solving capabilities, suitability, and efficacy.

Risk

Risk Cybersecurity Antivirus Authentication

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

The Last Watchdog

JANUARY 27, 2022

The FBI recently issued a warning that ransomware gangs are targeting companies during “time-sensitive financial events”, such as mergers and acquisitions. So what are some of the specific security risks and challenges that organizations face and best practices to help close the cybersecurity gap in each stage? Post-Close Risks.

Marketing

Marketing Data privacy Risk Accountability

Another Event-Related Spyware App

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

Trending Sources

Risk Talk at JPL

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

COVID-19 Risks of Flying

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risks

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Thales Introduces Data Risk Intelligence, Bringing Organizations Risk Profile Front and Center

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Upcoming Speaking Engagements

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks

Best Practices for Hospitals To Manage Risks To CyberSecurity Created By Medical Technology And Information Systems: A Webinar With The CIA’s Former CyberSecurity Director And The Top CyberSecurity Columnist

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

How Outsourcing Cybersecurity Crashed the World’s IT: A Webinar With Columbia University Faculty

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

White House Announces AI Cybersecurity Challenge

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

Weekly Update 209

Bitdefender released a decryptor for the ShrinkLocker ransomware

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Defending against Identity-Based Threats using the Shared Signals Framework

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

DEF CON 32 – How State Laws Meant to Protect Children Raise Other Risks

News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed

Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections

Shifting from Business Continuity to Continuous Business in Cyber

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

Ransomware Attack Ends a 150 Year Company

Critical Actions Post Data Breach

What are the key Threats to Global National Security?

ZAGG disclosed a data breach that exposed its customers’ credit card data

Pwned or Bot

Hidden Costs of Cybersecurity: Balancing Risk, Complexity & Efficiency

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

Stay Connected