Risk - Cyber Security Informer

On the Catastrophic Risk of AI

Schneier on Security

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. Poses ‘Risk of Extinction,’ Industry Leaders Warn.”

Risk

Risk Artificial Intelligence Technology Internet

Security Risks of AI

Schneier on Security

APRIL 27, 2023

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Many AI products are deployed without institutions fully understanding the security risks they pose.

Risk

Risk Cybersecurity Government Engineering

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

OCTOBER 10, 2024

It powers rapid analysis of identity exposures across organizations, VIPs and supply chains, pattern of life analysis, threat actor attribution, insider risk analysis, financial crimes research, and more. To learn more and see insights on your company’s exposed data, users can visit spycloud.com.

Risk

Risk Cybercrime Identity Theft Phishing

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software

Software Risk Artificial Intelligence Engineering

IT Leadership Agrees AI is Here, but Now What?

This whitepaper offers real strategies to manage risks and position your organization for success. IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow.

Cybersecurity

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Joseph Steinberg

JULY 20, 2022

Another important reason why we must address quantum-supremacy risks well in advance has to do with the nature of data. NIST has already begun to narrow down its list of recommended ways to address quantum’s risks to encryption – and products have already hit the market already that enable businesses to begin such transitions.

Risk

Risk Encryption Government Artificial Intelligence

Ted Chiang on the Risks of AI

Schneier on Security

MAY 12, 2023

Ted Chiang has an excellent essay in the New Yorker : “Will A.I. Become the New McKinsey?” ” The question we should be asking is: as A.I. becomes more powerful and flexible, is there any way to keep it from being another version of McKinsey? The question is worth considering across different meanings of the term “A.I.”

Risk

Risk Software Technology Marketing

Newsweek Op-Ed: Oversight of the Management of Cybersecurity Risks: The Skill Corporate Boards Need, But, So Often, Do Not Have

Joseph Steinberg

MAY 23, 2024

To read the piece, please see Oversight of the Management of Cybersecurity Risks: The Skill Most Corporate Boards Need, But Don’t Have on Newsweek.com. Earlier today, Newsweek published an op-ed that I wrote on this important topic.

Risk

Risk Cyber Risk Cybersecurity Artificial Intelligence

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Tenable: 26,500 Cyber Vulnerabilities Risk SE Asia’s Banks

Tech Republic Security

SEPTEMBER 6, 2024

Tenable's research reveals 26,500 cyber vulnerabilities in Southeast Asia's banking and insurance sectors, exposing critical security risks.

Banking

Banking Risk Insurance Financial Services

Some Generative AI Company Employees Pen Letter Wanting ‘Right to Warn’ About Risks

Tech Republic Security

JUNE 6, 2024

Both the promise and the risk of "human-level" AI has always been part of OpenAI’s makeup. What should business leaders take away from this letter?

Risk

Risk Artificial Intelligence Big data

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

The Last Watchdog

OCTOBER 3, 2024

Ramachandran Vivek Ramachandran , Founder & CEO of SquareX , warned about the mounting risks: “Browser extensions are a blind spot for EDR/XDR and SWGs have no way to infer their presence. Singapore, Oct. SquareX’s research team publicly demonstrated rogue extensions built on MV3.

Risk

Risk Password Management Malware Media

Are Password Managers Safe to Use? (Benefits, Risks & Best Practices)

Tech Republic Security

JUNE 5, 2024

Find out if they are really secure and discover the benefits and risks of using password managers. Are password managers safe to use?

Password Management

Password Management Passwords Risk

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. May 18th, 2023 at 9:30 am PDT, 12:30 pm EDT, 5:30 pm BST

Cryptocurrency

How AI Is Changing the Cloud Security and Risk Equation

Tech Republic Security

NOVEMBER 4, 2024

Discover how AI amplifies cloud security risks and how to mitigate them, with insights from Tenable’s Liat Hayun on managing data sensitivity, misconfigurations, and over-privileged access.

Risk

Risk Artificial Intelligence

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. So, how can you conduct a DLP risk assessment? What is a DLP Risk Assessment? Why Conduct a DLP Risk Assessment? Protecting sensitive data is what cybersecurity is all about.

Risk

Risk Cybersecurity Data breaches Cyber threats

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

From identity theft to greater oversight on risk management, internal IT teams will be taking the brunt of these incoming regulations. Regulatory overload Firms in the financial services industry are staring down the bottom of the regulatory barrel coming into 2024.

Cyber Risk

Cyber Risk Risk Financial Services Cyber threats

Citrix NetScaler ADC and Gateway Vulnerabilities Put Organizations at Risk

Penetration Testing

NOVEMBER 12, 2024

The vulnerabilities, tracked as CVE-2024-8534 and... The post Citrix NetScaler ADC and Gateway Vulnerabilities Put Organizations at Risk appeared first on Cybersecurity News.

Risk

Risk Cybersecurity

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders.

Risk

Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking

Penetration Testing

NOVEMBER 11, 2024

This issue arises from an insecure initial password... The post Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking appeared first on Cybersecurity News.

Risk

Risk Passwords Cybersecurity

UK Cyber Risks Are ‘Widely Underestimated,’ Warns Country’s Security Chief

Tech Republic Security

DECEMBER 5, 2024

Richard Horne, the head of the U.K.’s s National Cyber Security Centre, says that hostile activity has “increased in frequency, sophistication and intensity.”

Cyber Risk

Cyber Risk Risk Cybersecurity

FBI Warning: “Remember Me” Cookies Put Your Email at Risk

Penetration Testing

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) Atlanta Division has issued an urgent warning to the public about a surge in cybercriminals exploiting “Remember-Me” cookies to gain unauthorized access to email... The post FBI Warning: “Remember Me” Cookies Put Your Email at Risk appeared first on Cybersecurity News.

Risk

Risk Cybersecurity

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

OCTOBER 31, 2024

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. Here is one big one: Do not use or rely on un-risk-ranked lists.

Cybersecurity

Cybersecurity Risk Authentication

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Advertiser: Revenera

This IDC report addresses several key topics: Risks involved with using open-source software (OSS) How to manage these risks, including OSS license compliance Business benefits to the organization beyond risk mitigation Software supply chain best practices Key trends in industry and government regulation

Risk

Generative AI in Security: Risks and Mitigation Strategies

Tech Republic Security

OCTOBER 15, 2024

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.

Risk

Risk Artificial Intelligence Software Cybersecurity

Employee Data Access Behaviors Putting Australian Employers At Risk

Tech Republic Security

DECEMBER 6, 2024

A new report by security vendor CyberArk shows that most Australian employees fail to adhere to safe cybersecurity practices.

Risk

Risk Cybersecurity Artificial Intelligence Passwords

LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise

Penetration Testing

NOVEMBER 18, 2024

The flaw, rated a critical... The post LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise appeared first on Cybersecurity News. A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1

Risk

Risk Cybersecurity

ChatGPT: Hopes, Dreams, Cheating and Cybersecurity

Lohrman on Security

JANUARY 29, 2023

So what are the opportunities and risks with using this technology across different domains? ChatGPT is an AI-powered chatbot created by OpenAI.

Cybersecurity

Cybersecurity Technology Risk

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

Uncover and mitigate various security risks that put sensitive customer and business data at risk — including identifying misconfigured SaaS settings and suspicious or malicious behavior. By focusing on SaaS security posture management, your team can finally accomplish the following: Discover both known and unknown SaaS apps.

Risk

NIST Cybersecurity Framework 2.0

Schneier on Security

MARCH 1, 2024

The CSF’s governance component emphasizes that cybersecurity is a major source of enterprise risk that senior leaders should consider alongside others such as finance and reputation. […] The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s

Cybersecurity

Cybersecurity Small Business Government Risk

Obligatory ChatGPT Post

Schneier on Security

DECEMBER 13, 2022

At the same time, however, the use of these technologies also raises important questions and concerns about the potential risks and challenges they may pose. Of course, as with any new technology, there are also potential risks and challenges associated with the use of ChatGPT in the field of cybersecurity.

Cyber threats

Cyber threats Technology Risk Cybersecurity

FBI Advising People to Avoid Public Charging Stations

Schneier on Security

APRIL 12, 2023

How much of a risk is this, really? Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports. Carry your own charger and USB cord and use an electrical outlet instead. I am unconvinced, although I do carry a USB condom for charging stations I find suspicious.

Malware

Malware Software Risk

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

JUNE 21, 2022

3(c)(7)(A)(iii) would allow a company to deny access to apps installed by users, where those app makers “have been identified [by the Federal Government] as national security, intelligence, or law enforcement risks.” 2(a)(2), the definition of business user excludes any person who “is a clear national security risk.”

Internet

Internet Internet Encryption Backups

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization.

Risk

Pwned or Bot

Troy Hunt

JANUARY 19, 2023

Think of breach history not as a binary proposition indicating the legitimacy of an email address, rather as one of assessing risk and considering "pwned or bot" as one of many factors. The best illustration I can give is how Stripe defines risk by assessing a multitude of fraud factors.

Data breaches

Data breaches Risk Identity Theft Accountability

Building Trustworthy AI

Schneier on Security

MAY 11, 2023

Amid the myriad warnings about creepy risks to well-being, threats to democracy , and even existential doom that have accompanied stunning recent developments in artificial intelligence (AI)—and large language models (LLMs) like ChatGPT and GPT-4 —one optimistic vision is abundantly clear: this technology is useful.

Artificial Intelligence

Artificial Intelligence Computers and Electronics Risk Technology

Which Types Of Encryption Will Remain Secure As Quantum Computing Develops – And Which Popular Ones Will Not

Joseph Steinberg

FEBRUARY 2, 2022

While it has long been believed that quantum computers could potentially undermine the integrity of various forms of encryption, in 1994, an American mathematician by the name of Peter Shor showed how a quantum algorithm could quickly solve integer factorization problems – transforming a theoretical risk into a time bomb.

Encryption

Encryption Artificial Intelligence Risk Engineering

New York Increases Cybersecurity Rules for Financial Companies

Schneier on Security

NOVEMBER 3, 2023

Another example of a large and influential state doing things the federal government won’t: Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say.

Cybersecurity

Cybersecurity Government Risk Banking

The Importance of User Roles and Permissions in Cybersecurity Software

By only giving users access to what they need for their job, you reduce the risk of data breaches and unauthorized modifications. You should restrict access to sensitive information and systems the same way you restrict access to your house. This is known as role-based access control or RBAC. Read the eBook to learn more!

Cybersecurity

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

The Hacker News

OCTOBER 31, 2024

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin.

Risk

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

The Last Watchdog

APRIL 1, 2024

These key capabilities fall under the four competencies of oversight, process risk management, technology risk management, and human risk management. We operate in a world today where your business is the risk and how you adapt is the opportunity. There is also a benefit of stronger business partnerships.

Cybersecurity

Cybersecurity CISO B2B Risk

On Robots Killing People

Schneier on Security

SEPTEMBER 11, 2023

It wasn’t until the American Society of Mechanical Engineers demanded risk analysis and transparency that dangers from these huge tanks of boiling water, once considered mystifying, were made easily understandable. and ISO 10218, emphasize inherent safe design, protective measures, and rigorous risk assessments for industrial robots.

Artificial Intelligence

Artificial Intelligence Technology Risk Government

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

OCTOBER 30, 2024

And because that administrator account can do anything to that serverread the sensitivity data, hack the web server to install malware on people who visit its web pages, or anything else I might care to dothe private key on my laptop represents a security risk for that server. But if I delete that private key, the vulnerability goes away.

Accountability

Accountability Risk Malware Hacking

On the Catastrophic Risk of AI

Security Risks of AI

Trending Sources

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

IT Leadership Agrees AI is Here, but Now What?

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Ted Chiang on the Risks of AI

Newsweek Op-Ed: Oversight of the Management of Cybersecurity Risks: The Skill Corporate Boards Need, But, So Often, Do Not Have

ERM Program Fundamentals for Success in the Banking Industry

Tenable: 26,500 Cyber Vulnerabilities Risk SE Asia’s Banks

Some Generative AI Company Employees Pen Letter Wanting ‘Right to Warn’ About Risks

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

Are Password Managers Safe to Use? (Benefits, Risks & Best Practices)

Everything You Need to Know About Crypto

How AI Is Changing the Cloud Security and Risk Equation

From Risk Assessment to Action: Improving Your DLP Response

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

Citrix NetScaler ADC and Gateway Vulnerabilities Put Organizations at Risk

The Power of Storytelling in Risk Management

Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking

UK Cyber Risks Are ‘Widely Underestimated,’ Warns Country’s Security Chief

FBI Warning: “Remember Me” Cookies Put Your Email at Risk

Roger Grimes on Prioritizing Cybersecurity Advice

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Generative AI in Security: Risks and Mitigation Strategies

Employee Data Access Behaviors Putting Australian Employers At Risk

LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise

ChatGPT: Hopes, Dreams, Cheating and Cybersecurity

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

NIST Cybersecurity Framework 2.0

Obligatory ChatGPT Post

FBI Advising People to Avoid Public Charging Stations

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Successful Change Management with Enterprise Risk Management

Pwned or Bot

Building Trustworthy AI

Which Types Of Encryption Will Remain Secure As Quantum Computing Develops – And Which Popular Ones Will Not

New York Increases Cybersecurity Rules for Financial Companies

The Importance of User Roles and Permissions in Cybersecurity Software

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

On Robots Killing People

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Stay Connected