Information - Cyber Security Informer

New NSA Information from (and About) Snowden

Schneier on Security

OCTOBER 26, 2023

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018.

Surveillance

Surveillance Government Marketing

How to Become a Chief Information Officer: CIO Cheat Sheet

Tech Republic Security

NOVEMBER 5, 2024

If you want to pursue a path toward becoming a CIO, here's your guide to salaries, job markets, skills and common interview questions.

Marketing

Marketing Big data Technology

Surveillance by the New Microsoft Outlook App

Schneier on Security

APRIL 4, 2024

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users.

Surveillance

Surveillance Advertising Data collection

Data Exfiltration Using Indirect Prompt Injection

Schneier on Security

DECEMBER 22, 2023

In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Criminals Exploiting FBI Emergency Data Requests

Schneier on Security

NOVEMBER 12, 2024

In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would “suffer greatly or die” unless the company in question returns the requested information.

Encryption

Encryption Accountability Cybersecurity

Juniper Support Portal Exposed Customer Device Info

Krebs on Security

FEBRUARY 9, 2024

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Update, 11:01 a.m. Department of Defense.

Artificial Intelligence

Artificial Intelligence Healthcare Accountability Banking

CEO of data privacy company Onerep.com founded dozens of people-search firms

Krebs on Security

MARCH 14, 2024

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and…

Data privacy

People-Search Site Removal Services Largely Ineffective

Schneier on Security

AUGUST 9, 2024

Private information about each participant on the people-search sites decreased after using the people-search removal services. But, without exception, information about each participant still appeared on some of the 13 people-search sites at the one-week, one-month, and four-month intervals.

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization. It is the tangents of this data that are vital to a successful change management process.

Risk

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

AI-Generated Steganography

Schneier on Security

JUNE 12, 2023

New research suggests that AIs can produce perfectly secure steganographic images: Abstract: Steganography is the practice of encoding secret information into innocuous content in such a manner that an adversarial third party would not realize that there is hidden meaning. News article.

Artificial Intelligence

Artificial Intelligence Encryption

Spying through Push Notifications

Schneier on Security

DECEMBER 7, 2023

. “In this case, the federal government prohibited us from sharing any information,” the company said in a statement. ” Google said that it shared Wyden’s “commitment to keeping users informed about these requests.”

Surveillance

Surveillance Government Accountability Spyware

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Krebs on Security

APRIL 29, 2024

Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent.

Wireless

Wireless Mobile Technology

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers.

Healthcare

What Graykey Can and Can’t Unlock

Schneier on Security

NOVEMBER 26, 2024

The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, More information : Meanwhile, Graykey’s performance with Android phones varies, largely due to the diversity of devices and manufacturers. which was released on October 28.

Media

Media Manufacturing Mobile Hacking

A Close Up Look at the Consumer Data Broker Radaris

Krebs on Security

MARCH 8, 2024

Such information could be useful if you were trying to determine the maiden name of someone’s mother, or successfully answer a range of other knowledge-based authentication questions. The reports also list address and phone records for the target’s known relatives and associates. Radaris has not responded to requests for comment.

Media

Media Data privacy Advertising Government

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series.

Password Management

Password Management Passwords Encryption Backups

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. city administrators that at least five different public DC Health websites were leaking sensitive information.

Banking

Banking Government Information Security Authentication

The Importance of User Roles and Permissions in Cybersecurity Software

You should restrict access to sensitive information and systems the same way you restrict access to your house. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing. The same principle should apply to your most precious data assets.

Cybersecurity

US Federal Court Rules Against Geofence Warrants

Schneier on Security

AUGUST 26, 2024

A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional. This is a big deal. The decision seems obvious to me, but you can’t take anything for granted.

Data privacy

Apple to Add Manual Authentication to iMessage

Schneier on Security

NOVEMBER 22, 2023

Instead of relying on Apple to verify the other person’s identity using information stored securely on Apple’s servers, you and the other party read a short verification code to each other, either in person or on a phone call.

Authentication

Authentication Encryption Accountability

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

AUGUST 15, 2024

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. billion rows of records — they claimed was taken from nationalpublicdata.com. .”

Hacking

Hacking Data breaches Identity Theft Accountability

Is Your Phone Spying On You? How to Check and What to Do

Lohrman on Security

NOVEMBER 24, 2024

Are your apps gleaning information from your conversations? Has your smartphone become a listening device? How can you check and what can you do to regain more privacy? Let’s explore.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists. million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! It’s mindboggling, but right now for 49% of respondents, cybersecurity is their primary business concern.

Ransomware

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

MARCH 14, 2024

Some drivers may not realize that, if they turn on these features, the car companies then give information about how they drive to data brokers like LexisNexis [who then sell it to insurance companies]. In recent years, automakers, including G.M.,

Insurance

Insurance Internet Internet Surveillance

ChatGPT Is Ingesting Corporate Secrets

Schneier on Security

FEBRUARY 16, 2023

. […] “This is important because your inputs may be used as training data for a further iteration of ChatGPT,” the lawyer wrote in the Slack messages viewed by Insider, “and we wouldn’t want its output to include or resemble our confidential information.”

Hacking ChatGPT by Planting False Memories into Its Data

Schneier on Security

OCTOBER 1, 2024

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model.

Hacking

Hacking Artificial Intelligence

Fake Signal and Telegram Apps in the Google Play Store

Schneier on Security

SEPTEMBER 14, 2023

Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user.

Malware

Malware Accountability Hacking Spyware

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 “There is also information on corporate taxpayers.” million people.

Identity Theft

Identity Theft Banking Cybercrime Hacking

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Joseph Steinberg

DECEMBER 11, 2023

Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. IACP membership is open to law enforcement professionals of all ranks, as well as non-sworn leaders across the criminal justice system. patent filings.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Technology

Microsoft Executives Hacked

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.

Hacking

Hacking Accountability Passwords Cybersecurity

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO

CISO Encryption Telecommunications Financial Services

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. InfraGard , a program run by the U.S.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab , to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.” Rising data privacy regulations underscores the need for such a capability, Boyle told me.

Data privacy

Data privacy Financial Services Healthcare Advertising

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

The Last Watchdog

MAY 21, 2024

We have access to public and non-public information, while the bad guys only have access to public information that anyone can get,” Benishti observes. “So One huge lesson gleaned is that the vendors who are integrating GenAI/LLM technology into their security tools have a huge advantage over threat actors: superior intelligence. “We

Phishing

Phishing Banking Technology Internet

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.” interests.

Government

Government Hacking Cyber threats Mobile

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Krebs on Security

MARCH 17, 2023

Pompompurin took credit for that stunt, and said he was able to send the FBI email blast by exploiting a flaw in an FBI portal designed to share information with state and local law enforcement authorities. The FBI later acknowledged that a software misconfiguration allowed someone to send the fake emails. In April 2022, U.S.

Data breaches

Data breaches Cybercrime Insurance Internet

Police Get Medical Records without a Warrant

Schneier on Security

DECEMBER 18, 2023

—said their investigation pulled information from briefings with eight big prescription drug suppliers. Instead, all the pharmacies hand over such information with nothing more than a subpoena, which can be issued by government agencies and does not require review or approval by a judge. The letter—signed by Sen.

Surveillance

Surveillance Government Healthcare

On the Cybersecurity Jobs Shortage

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity

Cybersecurity Engineering CISO Architecture

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Clicking to view the “live stream” of the funeral takes one to a newly registered website that requests credit card information. One of the many scam funeral group pages on Facebook. co or skysports[.]live.

Scams

Scams DNS Internet Internet

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Security Affairs

DECEMBER 8, 2024

The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. As part of the investigation, we engaged leading third-party cybersecurity experts experienced in handling these types of incidents.

Data breaches

Data breaches Insurance Healthcare Ransomware

Building Trustworthy AI

Schneier on Security

MAY 11, 2023

It can help you find information, express your thoughts, correct errors in your writing, and much more. You would have to give it background information and edit its output, of course, but that draft would be written by a model trained on your personal beliefs, knowledge, and style. But we’re not there yet.

Artificial Intelligence

Artificial Intelligence Computers and Electronics Risk Technology

Code Written with AI Assistants Is Less Secure

Schneier on Security

JANUARY 17, 2024

Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants’ language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future.

Artificial Intelligence

New NSA Information from (and About) Snowden

How to Become a Chief Information Officer: CIO Cheat Sheet

Trending Sources

Surveillance by the New Microsoft Outlook App

Data Exfiltration Using Indirect Prompt Injection

The Power of Storytelling in Risk Management

Criminals Exploiting FBI Emergency Data Requests

Juniper Support Portal Exposed Customer Device Info

CEO of data privacy company Onerep.com founded dozens of people-search firms

People-Search Site Removal Services Largely Ineffective

Successful Change Management with Enterprise Risk Management

NSO Group Spies on People on Behalf of Governments

AI-Generated Steganography

Spying through Push Notifications

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Beware of Pixels & Trackers on U.S. Healthcare Websites

What Graykey Can and Can’t Unlock

A Close Up Look at the Consumer Data Broker Radaris

My Philosophy and Recommendations Around the LastPass Breaches

Many Public Salesforce Sites are Leaking Private Data

The Importance of User Roles and Permissions in Cybersecurity Software

US Federal Court Rules Against Geofence Warrants

Apple to Add Manual Authentication to iMessage

NationalPublicData.com Hack Exposes a Nation’s Data

Is Your Phone Spying On You? How to Check and What to Do

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Automakers Are Sharing Driver Data with Insurers without Consent

ChatGPT Is Ingesting Corporate Secrets

Hacking ChatGPT by Planting False Memories into Its Data

Fake Signal and Telegram Apps in the Google Play Store

Who Stole 3.6M Tax Records from South Carolina?

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Microsoft Executives Hacked

Why CISA is Warning CISOs About a Breach at Sisense

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

New Leak Shows Business Side of China’s APT Menace

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Police Get Medical Records without a Warrant

On the Cybersecurity Jobs Shortage

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Building Trustworthy AI

Code Written with AI Assistants Is Less Secure

Stay Connected