Adam Shostack

JANUARY 2, 2025

Lets explore the risks associated with Automated Driving. Contrary to the commonly used definition of an [minimal risk condition, (MRC)], which describes only a standstill, this publication expands the definition to also include degraded operation and takeovers by the vehicle operator. million people were seriously injured.

Risk 189

Risk Manufacturing Architecture Cybersecurity 189

The Last Watchdog

MARCH 19, 2025

SpyCloud , the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report , highlighting the rise of darknet-exposed identity data as the primary cyber risk facing enterprises today. It requires organizations to rethink the risks posed by employees, consumers, partners and suppliers.

Cyber Risk 113

Cyber Risk Risk Phishing Cybercrime 113

SecureList

OCTOBER 29, 2024

The primary objective of these services is risk reduction. Policy violations by employees Most organizations focus on external threats; however, policy violations pose a major risk , with 51% of SMB incidents and 43% of enterprise incidents involving IT security policy violations caused by employees.

Risk 111

Risk Antivirus Accountability Malware 111

SecureWorld News

APRIL 15, 2025

The latest Ponemon-Sullivan Privacy Report has dropped, and its findings should be a wake-up call for cybersecurity professionals navigating the escalating risks around privileged access. This disconnect between risk awareness and resourcing is a red flag for cybersecurity leaders. Grant temporary, scoped access.

Risk 70

Risk CISO Architecture Data breaches 70

Security Boulevard

DECEMBER 22, 2024

Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period.

Cyber threats 111

Cyber threats Data privacy Risk Cybersecurity 111

Joseph Steinberg

JULY 20, 2022

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. This post is sponsored by IronCAP.

Risk 338

Risk Encryption Government Artificial Intelligence 338

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software 264

Software Risk Artificial Intelligence Cyber Attacks 264

SecureWorld News

NOVEMBER 17, 2024

The interplay of domestic and international regulations presents significant challenges for organizations, demanding significant investments in technology, personnel, and processes. This can lead to increased compliance costs, operational challenges, and potential reputational risks. of the UK's business population, 5.5

Cybersecurity 120

Cybersecurity Risk Healthcare Accountability 120

Krebs on Security

FEBRUARY 26, 2025

But in a response filed today (PDF), prosecutors in Seattle said Wagenius was a flight risk, partly because prior to his arrest he was searching online for how to defect to countries that do not extradite to the United States. government military which country will not hand me over” -“U.S. million customers.

Hacking 236

Hacking Government Identity Theft Accountability 236

Thales Cloud Protection & Licensing

DECEMBER 3, 2024

Thales Introduces Data Risk Intelligence, Bringing Organizations Risk Profile Front and Center madhav Tue, 12/03/2024 - 09:32 When Thales finalized the acquisition of Imperva in January 2024, our aim was clear: to empower organizations to protect data and secure all paths to it. Want to dive deeper?

Risk 62

Risk Digital transformation Encryption Software 62

The Last Watchdog

OCTOBER 3, 2024

Ramachandran Vivek Ramachandran , Founder & CEO of SquareX , warned about the mounting risks: “Browser extensions are a blind spot for EDR/XDR and SWGs have no way to infer their presence. Singapore, Oct. SquareX’s research team publicly demonstrated rogue extensions built on MV3.

Risk 243

Risk Password Management Malware Media 243

Malwarebytes

JULY 25, 2024

If you are affected by this faulty update, you will be presented with a screen similar to this one when you boot the system. We don’t just report on threats—we remove them Cybersecurity risks should never spread beyond a headline. BitLocker recovery screen On the screen, you’re asked to Enter the recovery key for this drive.

Encryption 141

Encryption Firmware Accountability Risk 141

Schneier on Security

AUGUST 12, 2024

Interesting paper: “ Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data “: Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks.

Artificial Intelligence 327

Artificial Intelligence Risk 327

SecureWorld News

OCTOBER 23, 2024

The SEC charged the companies with "materially misleading disclosures regarding cybersecurity risks and intrusions." which received the largest fine of $4 million, inaccurately described its cybersecurity risks as hypothetical in its SEC filings despite being aware of two significant breaches related to SolarWinds. Unisys Corp.,

Cybersecurity 113

Cybersecurity Risk Hacking Software 113

Security Affairs

APRIL 7, 2025

OPERATIONAL MANUALS AND DECEPTION STRATEGIES As further evidence of the increasing professionalization of this illicit sector, Meridian Group reports the publication of informational content designed to guide the proper use of EDR services, presented as a detailed guide on how to correctly complete and unlawfully submit the requests.

Cybercrime 139

Cybercrime Social Engineering Accountability Government 139

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail 71

Retail Cyber Risk Risk DDOS 71

Schneier on Security

JULY 3, 2024

It’s a serious one : The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk.

Firewall 351

Firewall Data breaches Malware Risk 351

Joseph Steinberg

AUGUST 16, 2021

Even if major essential service providers were to perfect their own cybersecurity operations, large numbers of smaller providers – sometimes functioning on just municipal scales – can still pose serious risks to life, health, safety, and property if they are not adequately protected against cyber threats.

Risk 246

Risk Ransomware Cybersecurity Artificial Intelligence 246

Security Boulevard

APRIL 14, 2025

Author/Presenter: Liv Matan Our sincere appreciation to BSidesLV , and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conferences events located at the Tuscany Suites & Casino ; and via the organizations YouTube channel.

Risk 52

Risk Education Cybersecurity 52

SecureWorld News

JULY 17, 2024

The event not only showcases athletic prowess but also presents a significant challenge for cybersecurity professionals. The report identifies a range of risks including cyberattacks targeting critical infrastructure, event management systems, and personal data of athletes and attendees.

Cybersecurity 127

Cybersecurity Phishing Mobile Media 127

Security Affairs

MARCH 9, 2025

At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif. The experts warn that a hidden feature poses a security risk for millions of IoT devices. ” continues the researchers.

Manufacturing 127

Manufacturing IoT Firmware Mobile 127

Adam Shostack

JANUARY 2, 2025

First, the Washington Post reports on how Officials studied Baltimore bridge risks but didnt prepare for ship strike that discusses the challenges of securing bridges against modern cargo ships. A less busy month in appsec, AI, and regulation, but still interesting stories Im going to kick off with two interesting engineering stories.

Engineering 130

Engineering Software Cybersecurity Risk 130

SecureWorld News

NOVEMBER 25, 2024

It’s a chance to take a high-level look at how well your organization is managing information security risks, meeting objectives, and staying aligned with regulatory and business needs. Whether it’s a gap in controls, a missed objective, or an emerging risk, this is your chance to catch it early and take action.

Cybersecurity 109

Cybersecurity Risk Information Security Accountability 109

BH Consulting

APRIL 16, 2025

Dr. Ng emphasised the balancing act between innovation and risk. Cloud calls for cooperation in a changed risk landscape Has computing really changed with the cloud? Although the core architecture hasnt shifted drastically, he said the risk landscape has.

Risk 59

Risk Government Ransomware Retail 59

The Last Watchdog

OCTOBER 10, 2022

In a follow-up work, called “ MetaGuard ,” we present a promising solution to our VR data privacy woes. Instead, it is a first step towards solving a dangerous technological disparity: despite posing an unprecedented degree of privacy risk, VR currently lacks even the most basic privacy tools.

Risk 222

Risk Data privacy Data collection Technology 222

Duo's Security Blog

JUNE 25, 2024

Duo’s Risk-Based Authentication (RBA) helps solve this by adapting MFA requirements based on the level of risk an individual login attempt poses to an organization. We heard these questions from our customers repeatedly, which is why we are thrilled to announce the launch of Risk-Based Authentication Preview Mode.

Authentication 138

Authentication Risk Artificial Intelligence Engineering 138

The Last Watchdog

JANUARY 3, 2023

With more and more people working remotely, unsecured home or public WiFi networks represent a security risk not only to individuals but to their companies as well. Since many people are now working from home at least partially, vulnerabilities at home are vulnerabilities at work, and threaten to put a company’s data at risk.

Risk 203

Risk Cybersecurity Antivirus Phishing 203

Security Boulevard

MARCH 8, 2025

Author/Presenter: Thom Langford Our thanks to Bsides Exeter , and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. Permalink The post BSides Exeter 2024 – Keynote: Flushing Away Preconceptions Of Risk appeared first on Security Boulevard.

Risk 52

Risk Education Cybersecurity 52

Schneier on Security

AUGUST 13, 2021

The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. Defcon presentation and slides. Combine it with voice and video synthesis, and you have some pretty scary scenarios. Another news article.

Phishing 357

Phishing Risk Social Engineering Artificial Intelligence 357

Security Affairs

DECEMBER 1, 2024

A study by the Massachusetts Institute of Technology (MIT) presented in 2019 revealed that deepfakes generated by AI could deceive humans up to 60% of the time. While it offers immense opportunities for innovation and progress, it also presents significant risks when weaponized by malicious actors.

Artificial Intelligence 134

Artificial Intelligence Phishing Media Cyber threats 134

Duo's Security Blog

APRIL 17, 2025

However, personal VPNs present a hidden threat when misused by attackers to obfuscate their location, posing significant security risks to organizations. CISA Highlights the Risk of Personal VPN Use VPNs are often touted as tools for privacy and security, but they can also be exploited by threat actors.

VPN 108

VPN Risk Cybersecurity 108

The Last Watchdog

APRIL 22, 2025

security professionals, highlighting a few worrisome findings: Deepfake risks increasingly target vulnerable board members and executives. Case in point: 59% of respondents said it is very difficult to detect deepfake attacks, and the majority have low confidence in their executives ability to recognize a deepfake risk.

Authentication 100

Authentication Social Engineering Technology Media 100

Adam Shostack

JANUARY 2, 2025

Risk Framework and Machine Learning The Berryville Institute of Machine Learning (BIML) has released " An Architectural Risk Analysis of Machine Learning Systems." BIML has released the work in two ways, an interactive risk framework contains a subset of the information in the PDF version. The first challenge is specificity.

Risk 130

Risk Engineering Architecture 130

SecureWorld News

NOVEMBER 14, 2024

Significant Financial and Operational Costs: Healthcare providers, faced with potential HIPAA fines and the risk of service interruptions, may feel pressured to pay ransom demands. This stolen data is often exposed on both the clear and dark web, heightening risks of identity theft and further perpetuating cybercrime.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

Security Boulevard

FEBRUARY 19, 2025

Two security flaws found in Xerox VersaLink MFPs could allow hackers to capture authentication credentials and move laterally through enterprise networks and highlight the often-overlooked cyber risks that printers and other IoT devices present to organizations.

Cyber Risk 90

Cyber Risk IoT Authentication Risk 90

Security Affairs

DECEMBER 5, 2024

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. As such, analysts are hit with a deluge of low-quality alerts, increasing the risk of missing genuine threats.

Artificial Intelligence 136

Artificial Intelligence Data collection Cybersecurity Risk 136

Security Boulevard

DECEMBER 29, 2024

Authors/Presenters: Anthony Hendricks Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Permalink The post DEF CON 32 – How State Laws Meant to Protect Children Raise Other Risks appeared first on Security Boulevard.

Risk 59

Risk Education Cybersecurity 59