Internet and Risk - Cyber Security Informer

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks. For starters, he said, the app collects an awful lot of data about the user’s device.

Risk

Risk Artificial Intelligence Mobile Encryption

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. “We have looked into the matter and there was not a risk to our systems,” a MasterCard spokesperson wrote.

DNS

DNS Internet Internet Risk

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts.

Internet

Internet Internet Data breaches Authentication

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Hi, robot: Half of all internet traffic now automated

Malwarebytes

APRIL 16, 2025

If you sometimes feel that the internet isn’t the same vibrant place it used to be, you’re not alone. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic. Bad bots do all kinds of unpleasant things.

Internet

Internet Internet Passwords Artificial Intelligence

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Image: Barrett Lyon, opte.org. Based in Monroe, La., Lumen Technologies Inc.

Internet

Internet Internet Authentication Telecommunications

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

MARCH 8, 2022

Lumen Technologies , an American company that operates one of the largest Internet backbones and carries a significant percentage of the world’s Internet traffic, said today it will stop routing traffic for organizations based in Russia. ru) from the Internet.

Internet

Internet Internet Government Technology

Transacting in Person with Strangers from the Internet

Krebs on Security

SEPTEMBER 9, 2022

But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions. These safe trading places exist because sometimes in-person transactions from the Internet don’t end well for one or more parties involved. Nearly all U.S. Nearly all U.S.

Internet

Internet Internet Banking Surveillance

On the Catastrophic Risk of AI

Schneier on Security

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. Poses ‘Risk of Extinction,’ Industry Leaders Warn.”

Risk

Risk Artificial Intelligence Technology Internet

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

JUNE 21, 2022

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally in favor of them both. 2992, the American Innovation and Choice Online Act ; and S.

Internet

Internet Internet Encryption Backups

All Gmail users at risk from clever replay attack

Malwarebytes

APRIL 22, 2025

This attack, first flagged by Nick Johnson , the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS). Protect yourand your family’spersonal information by using identity protection.

Risk

Risk Accountability Scams Phishing

Insecure Medical Devices — Illumina DNA Sequencer Illuminates Risks

Security Boulevard

JANUARY 8, 2025

The post Insecure Medical Devices Illumina DNA Sequencer Illuminates Risks appeared first on Security Boulevard. IEI-IEI, Oh: Running an obsolete OS, on obsolete hardware, configured with obsolete settings.

Risk

Risk Social Engineering Internet Internet

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

SEPTEMBER 14, 2023

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. We possess the tools to craft a better, more trustworthy internet.

Internet

Internet Internet Technology Risk

Web 3.0 Requires Data Integrity

Schneier on Security

APRIL 3, 2025

The CIA triad has evolved with the Internet. the Internet of today. For example, the 5G communications revolution isn’t just about faster access to videos; it’s about Internet-connected things talking to other Internet-connected things without our intervention. The first iteration of the Web—Web 1.0

Artificial Intelligence

Artificial Intelligence Architecture Internet Internet

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Security teams will need to address the unique risks posed using LLMs in mission critical environments.

Cyber threats

Cyber threats CISO IoT Phishing

Together for a Better Internet: Celebrating Safer Internet Day 2025

Thales Cloud Protection & Licensing

FEBRUARY 11, 2025

Together for a Better Internet: Celebrating Safer Internet Day 2025 andrew.gertz@t Tue, 02/11/2025 - 14:57 At a time when technology is integral to our lives, Safer Internet Day (SID) has never been more relevant. These measures align perfectly with the spirit of Safer Internet Day. With an estimated 5.8

Internet

Internet Internet Education Technology

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Joseph Steinberg

JULY 20, 2022

Another important reason why we must address quantum-supremacy risks well in advance has to do with the nature of data. NIST has already begun to narrow down its list of recommended ways to address quantum’s risks to encryption – and products have already hit the market already that enable businesses to begin such transitions.

Risk

Risk Encryption Government Backups

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. There was another warning from the U.S.

Software

Software Risk Artificial Intelligence Cyber Attacks

On Blockchain Voting

Schneier on Security

NOVEMBER 16, 2020

But now I have this excellent paper from MIT researchers: “Going from Bad to Worse: From Internet Voting to Blockchain Voting” Sunoo Park, Michael Specter, Neha Narula, and Ronald L. Finally, we suggest questions for critically assessing security risks of new voting system proposals.

Computers and Electronics

Computers and Electronics Internet Internet Risk

Facebook Is Down

Schneier on Security

OCTOBER 4, 2021

BGP is a mechanism by which Internet service providers of the world share information about which providers are responsible for routing Internet traffic to which specific groups of Internet addresses. We all know the security risks of monocultures.

DNS

DNS Internet Internet Risk

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

government is sounding the alarm on a growing cybersecurity risk for critical infrastructureinternet-exposed Human-Machine Interfaces (HMIs). Failure to do so could allow malicious actors to disrupt operations, alter critical processes, and endanger public health and safety What Are HMIs and Why Are They at Risk?

Internet

Internet Internet Risk Passwords

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Unisys, for instance, was found to have framed cyber risks hypothetically even though its systems had already been breached, exfiltrating gigabytes of data. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. Want to stay out of trouble?

CISO

CISO CSO Risk Cyber threats

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk

Risk Threat Detection Technology Phishing

Benchmarks Q&A: What the finance sector’s new X9 PKI standard signals for other industries

The Last Watchdog

MAY 6, 2025

Related: Why crypto-agility is a must have Sinha While the web-based PKI systemgoverned by browsers and certificate authoritieshas served the public internet well, its limitations are becoming evident in tightly regulated, high-assurance environments like banking. LW: What about quantum risks? Is this part of the motivation?

Healthcare

Healthcare Banking Internet Internet

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail

Retail Cyber Risk Risk DDOS

The Hidden Security Risk on Our Factory Floors

Security Boulevard

APRIL 25, 2025

ICS and SCADA (supervisory control and data acquisition) networks were built as isolated systems, never meant to connect to the internet. The post The Hidden Security Risk on Our Factory Floors appeared first on Security Boulevard.

Risk

Risk Internet Internet Digital transformation

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

Its a question of how much risk your organization is willing to take, based on the data you must protect and its long-term value. We recommend using Dr. Michele Moscas theorem of quantum risk against an optimistic vs. pessimistic probability analysis. This is where the concern of harvest now, decrypt later attacks apply.

Encryption

Encryption Financial Services Technology Risk

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

The Last Watchdog

OCTOBER 4, 2023

The Omdia analysts called out a a handful of key proactive methodologies: Risk-Based Vulnerability Management (RBVM), Attack Surface Management (ASM), and Incident Simulation and Testing (IST). RBVM solutions don’t merely identify vulnerabilities, it quantifies and prioritizes them, making risk management more strategic.

Risk

Risk Marketing Software Network Security

Differences in App Security/Privacy Based on Country

Schneier on Security

SEPTEMBER 30, 2022

are at higher privacy risk. Research paper: “ A Large-scale Investigation into Geodifferences in Mobile Apps “: Abstract : Recent studies on the web ecosystem have been raising alarms on the increasing geodifferences in access to Internet content and services due to Internet censorship and geoblocking.

Mobile

Mobile Internet Internet VPN

No, it’s not OK to delete that new inetpub folder

Malwarebytes

APRIL 14, 2025

Since the empty folder is generally associated with an Internet Information Services (IIS) feature that most users will not be running, this called for an explanation. Internet Information Services (IIS) is a web server platform created by Microsoft to host websites, web applications, and services on Windows systems.

Internet

Internet Internet Authentication Accountability

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. The issue serves as a reminder of the potential risks inherent in widely used software.

Internet

Internet Internet Risk Social Engineering

7-Zip bug could allow a bypass of a Windows security feature. Update now

Malwarebytes

JANUARY 22, 2025

The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. Always be careful when opening archived files that you downloaded from the internet. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline.

Internet

Internet Internet Malware Risk

RSAC Fireside Chat: Attackers are exploiting gaps in business logic created by proliferation of APIs

The Last Watchdog

APRIL 25, 2025

Related: OWASPs Top 10 Web App Security Risks But this growing reliance has opened a new front in cybersecurityone where attackers are quietly exploiting weaknesses buried deep in business logic. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

DDOS

DDOS CISO Marketing Internet

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

Again, this upgrade addresses a high vulnerability for SSL VPN users that should be considered at imminent risk of exploitation and updated immediately. “To minimize the potential impact of an SSH vulnerability, we recommend restricting firewall management to trusted sources or disabling firewall SSH management from Internet access.”

Firewall

Firewall Firmware VPN Authentication

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. The Real Internet of Things: Details and Examples. 10 Behaviors That Will Reduce Your Risk Online. People like moving up rankings, so let’s use that! How to use this model. Related posts: My RSA 2017 Recap.

Authentication

Authentication Passwords Internet Internet

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

The Last Watchdog

APRIL 24, 2025

Sinha outlined how todays PKI mechanisms, while effective on the open internet, often falter in high-complexity financial environmentssuch as ATM networks, POS systems, and cloud-centric banking operations. It’s a hedge against operational disruptions, insider risk, and cryptographic obsolescence.

Banking

Banking Internet Internet IoT

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. In particular, we recommend that you immediately ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. 173.239.218[.]251

Firewall

Firewall Internet Internet VPN

MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain

The Last Watchdog

APRIL 16, 2025

The system that underpins vulnerability disclosurethe nervous system of cybersecurity risk managementis showing signs of structural fatigue. The CVE program isnt just a list of numbersits a Rosetta Stone that security teams rely on to identify, prioritize, and communicate risk. Far from it. Cipollones response?

Architecture

Architecture Risk Cybersecurity Internet

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

With the rise of online scams and privacy risks, virtual private networks (VPNs) are becoming more popular for day-to-day use. VPN servers: Usually located all over the world, VPN servers act as intermediaries between your device and the internet and maintain your privacy by masking your IP address and location. Why use a VPN?

VPN

VPN Antivirus Internet Internet

RSAC Fireside Chat: Shift left, think forward — why MDR is emerging as cyber’s silver bullet

The Last Watchdog

APRIL 29, 2025

Cybersecurity pros are rethinking how shift left applies not just to code, but to enterprise risk. First, theres proactive risk reductionidentifying configuration gaps, dormant tools, and soft spots in your stack before theyre exploited. DiLullo frames MDR as a three-part continuum. Ill keep watch and keep reporting.

CISO

CISO Threat Detection Risk Internet

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The core Manipulaters product is Heartsender , a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365 , Yahoo , AOL , Intuit , iCloud and ID.me , to name a few. “Presumably, these buyers also include Dutch nationals.

Phishing

Phishing Cybercrime Advertising Malware

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Nearly 7,000 flights were canceled. Tallying the total cost will take time.

Marketing

Marketing Software Internet Internet

MY TAKE: As RSAC 2025 opens, Microsoft, Amazon make GenAI grab — will control tighten?

The Last Watchdog

APRIL 28, 2025

SAN FRANCISCO RSAC 2025 kicks off today at Moscone Center, with more than 40,000 cybersecurity pros, tech executives, and policy leaders gathering to chart the future of digital risk management. Its here embedded in enterprise security architectures, compliance tools, risk models, employee workflows. Stay tuned.

Small Business

Small Business Internet Internet Architecture

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

This shift is expected to place significant pressure on organizations that haven’t yet developed trusted data to manage risk effectively. To mitigate risks, businesses will invest in modern, privacy-enhancing technologies (PETs), such as trusted execution environments (TEEs) and fully homomorphic encryption (FHE).

Cybersecurity

Cybersecurity CISO Risk Government

Experts Flag Security, Privacy Risks in DeepSeek AI App

MasterCard DNS Error Went Unnoticed for Years

Webinars

Trending Sources

Internet Archive was breached twice in a month

Webinars

Hi, robot: Half of all internet traffic now automated

The Internet is Held Together With Spit & Baling Wire

Internet Backbone Giant Lumen Shuns.RU

Transacting in Person with Strangers from the Internet

On the Catastrophic Risk of AI

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

All Gmail users at risk from clever replay attack

Insecure Medical Devices — Illumina DNA Sequencer Illuminates Risks

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

Web 3.0 Requires Data Integrity

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Together for a Better Internet: Celebrating Safer Internet Day 2025

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

On Blockchain Voting

Facebook Is Down

CISA Order Highlights Persistent Risk at Network Edge

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Benchmarks Q&A: What the finance sector’s new X9 PKI standard signals for other industries

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

The Hidden Security Risk on Our Factory Floors

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

Differences in App Security/Privacy Based on Country

No, it’s not OK to delete that new inetpub folder

Story of the Year: global IT outages and supply chain attacks

7-Zip bug could allow a bypass of a Windows security feature. Update now

RSAC Fireside Chat: Attackers are exploiting gaps in business logic created by proliferation of APIs

SonicWall warns of an exploitable SonicOS vulnerability

CASMM (The Consumer Authentication Strength Maturity Model)

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain

Do you actually need a VPN? Your guide to staying safe online!

RSAC Fireside Chat: Shift left, think forward — why MDR is emerging as cyber’s silver bullet

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

The CrowdStrike Outage and Market-Driven Brittleness

MY TAKE: As RSAC 2025 opens, Microsoft, Amazon make GenAI grab — will control tighten?

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Stay Connected