Risk - Cyber Security Informer

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks. For starters, he said, the app collects an awful lot of data about the user’s device.

Risk

Risk Artificial Intelligence Mobile Encryption

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

The Last Watchdog

FEBRUARY 25, 2025

Related: Weaponizing Microsoft’s co-pilot Until now, lackluster enterprise search capabilities kept many security risks in checkemployees simply couldnt find much of the data they were authorized to access. Over-provisioned access The risks of excessive access are nothing new.

Risk

Risk CISO Engineering

The Independent Op-Ed: Australia’s social media ban won’t protect kids – it’ll put them more at risk

Joseph Steinberg

DECEMBER 21, 2024

To read the piece that appeared today in The Independent , please see: Australias social media ban wont protect kids itll put them more at risk on The Independent ‘s web site.

Media

Media Risk Artificial Intelligence Government

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

See No Risk, Hear No Warning, Speak No Breach: The Cybersecurity Trap for Small Businesses

Jane Frankland

APRIL 10, 2025

Just like the three wise monkeys , some small business owners are unintentionally following a philosophy of see no risk, hear no warning, speak no threat when it comes to cybersecurity. Why Small Business Cybersecurity Matters More Than Ever In a supply chain world, your weakest link is someone elses risk exposure. Here’s how: 1.

Small Business

Small Business Risk Cybersecurity Cyber Risk

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. Register now to save your seat!

Risk

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. Security Risk Advisors SCALR XDR is both a platform, built on Microsoft Azure and a 247 monitoring service with Microsoft Sentinel. Philadelphia, Pa., Philadelphia, Pa., To learn more: [link].

Risk

Risk Penetration Testing Marketing Technology

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

OCTOBER 31, 2024

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. Here is one big one: Do not use or rely on un-risk-ranked lists.

Cybersecurity

Cybersecurity Risk Authentication

Digital nomads and risk associated with the threat of infiltred employees

Security Affairs

MARCH 4, 2025

Companies face the risk of insider threats, worsened by remote work. The insider threat, or the risk that an employee could harm the company, is a growing concern. The insider threat, or the risk that an employee could harm the company, is a growing concern. North Korean hackers infiltrate firms via fake IT hires, stealing data.

Risk

Risk Education Scams VPN

Cyber Risk in U.S. Healthcare: Tackling HIPAA, Vendors, and Human Error – A Free Webinar With Joseph Steinberg and Chip Witt

Joseph Steinberg

APRIL 23, 2025

healthcare organizations are under relentless cyber pressure and the risks to patient safety have never been higher. The post Cyber Risk in U.S. Healthcare Cybersecurity And How to Fix It. From ransomware and cloud misconfigurations to vulnerable medical devices, U.S. Youll walk away with: – Lessons from real-world U.S.

Healthcare

Healthcare Cyber Risk Artificial Intelligence Risk

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

eSecurity Planet

MARCH 24, 2025

Beyond mass data exposure, there are heightened risks of credential compromise, corporate espionage, and potential extortion. The post Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked appeared first on eSecurity Planet. The consequences of this breach are severe.

Risk

Risk Passwords Hacking Encryption

News alert: Aptori’s AI-driven platform reduces risk, ensures compliance — now on Google Marketplace

The Last Watchdog

MARCH 12, 2025

This new agentic AI solution leverages semantic reasoning to analyze application code and logic in real time, delivering deterministic vulnerability detection, contextual risk prioritization, and automated remediation. San Jose, Calif., Aptoris AI-driven approach goes beyond traditional static analysis. Users can learn more at [link].

Risk

Risk Engineering Digital transformation Technology

All Gmail users at risk from clever replay attack

Malwarebytes

APRIL 22, 2025

We don’t just report on threats – we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headline. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.

Risk

Risk Scams Accountability Phishing

Regulating AI Behavior with a Hypervisor

Schneier on Security

APRIL 23, 2025

.” Abstract :As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society.

Architecture

Architecture Software Healthcare Risk

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. May 18th, 2023 at 9:30 am PDT, 12:30 pm EDT, 5:30 pm BST

Cryptocurrency

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

Security Affairs

FEBRUARY 3, 2025

Ron Wyden warns of national security risks after Elon Musk s DOGE was given full access to sensitive Treasury systems. Ron Wyden warned of national security risks after Elon Musk s team, Department of Government Efficiency (DOGE), was granted full access to a sensitive U.S. Treasury payments system poses significant risks.

Risk

Risk Surveillance Cyber threats Marketing

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

“We have looked into the matter and there was not a risk to our systems,” a MasterCard spokesperson wrote. “Before making any public disclosure, I ensured that the affected domain was registered to prevent exploitation, mitigating any risk to MasterCard or its customers. “This typo has now been corrected.”

DNS

DNS Internet Internet Risk

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

The Last Watchdog

MARCH 19, 2025

SpyCloud , the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report , highlighting the rise of darknet-exposed identity data as the primary cyber risk facing enterprises today. It requires organizations to rethink the risks posed by employees, consumers, partners and suppliers.

Cyber Risk

Cyber Risk Risk Phishing Cybercrime

On Generative AI Security

Schneier on Security

FEBRUARY 5, 2025

Automation can help cover more of the risk landscape. LLMs amplify existing security risks and introduce new ones. You don’t have to compute gradients to break an AI system. AI red teaming is not safety benchmarking. The human element of AI red teaming is crucial. Responsible AI harms are pervasive but difficult to measure.

Risk

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders.

Risk

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Security teams will need to address the unique risks posed using LLMs in mission critical environments.

Cyber threats

Cyber threats CISO IoT Phishing

Flaw in Verizon call record requests put millions of Americans at risk

Malwarebytes

APRIL 4, 2025

For people in a domestic abuse situation, public figures, or those of interest to resourceful cyberattackers, a history of calls and frequent callers falling in the wrong hands can put people at physical risk or even compromise national security.

Risk

Risk Wireless Mobile Telecommunications

Pairwise Authentication of Humans

Schneier on Security

FEBRUARY 10, 2025

To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.

Authentication

Authentication Mobile Risk

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

SecureWorld News

FEBRUARY 28, 2025

But amidst all these flashy, futuristic threats, the biggest cybersecurity risk remains the same as it's always beenhumans. The elephant in the (server) room We've all seen the headlines: AI is taking over, deepfakes are fooling the masses, quantum computing will break encryption! And I'm not talking about the shadowy hackers in hoodies.

Cybersecurity

Cybersecurity Risk Social Engineering Phishing

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Advertiser: Revenera

This IDC report addresses several key topics: Risks involved with using open-source software (OSS) How to manage these risks, including OSS license compliance Business benefits to the organization beyond risk mitigation Software supply chain best practices Key trends in industry and government regulation

Risk

Safety and Security in Automated Driving

Adam Shostack

JANUARY 2, 2025

Lets explore the risks associated with Automated Driving. Contrary to the commonly used definition of an [minimal risk condition, (MRC)], which describes only a standstill, this publication expands the definition to also include degraded operation and takeovers by the vehicle operator. million people were seriously injured.

Risk

Risk Architecture Manufacturing Cybersecurity

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Unisys, for instance, was found to have framed cyber risks hypothetically even though its systems had already been breached, exfiltrating gigabytes of data. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. Want to stay out of trouble?

CISO

CISO CSO Risk Cyber threats

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

Jane Frankland

APRIL 15, 2025

Instead of focusing on accessible, impactful solutions like human risk management, we gravitate toward shiny new technologiestools and systems that feel exciting, measurable, and comfortably within our domain of expertise. The hard truth is that technology alone cant fix the root causes of cyber risk.

Risk

Risk Technology Cybersecurity Security Awareness

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk

Risk Threat Detection Technology Phishing

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

Uncover and mitigate various security risks that put sensitive customer and business data at risk — including identifying misconfigured SaaS settings and suspicious or malicious behavior. By focusing on SaaS security posture management, your team can finally accomplish the following: Discover both known and unknown SaaS apps.

Risk

What Rebels Teach us About Stronger Cyber Defence

Jane Frankland

APRIL 25, 2025

While this progress is impressive and efficient, it comes with substantial risks. We need cybersecurity leadersCISOs, cyber risk owners, and IT decision makerswho are willing to challenge the norm, think critically, and make ethical decisions to protect our organisations, and world. Thats essentially the position were in today.

Technology

Technology Cyber threats Risk Cybersecurity

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

This shift is expected to place significant pressure on organizations that haven’t yet developed trusted data to manage risk effectively. To mitigate risks, businesses will invest in modern, privacy-enhancing technologies (PETs), such as trusted execution environments (TEEs) and fully homomorphic encryption (FHE).

Cybersecurity

Cybersecurity CISO Risk Government

Reducing the Crushing Burden of Cybersecurity, Privacy Laws in the UK

SecureWorld News

NOVEMBER 17, 2024

This can lead to increased compliance costs, operational challenges, and potential reputational risks. A risk-based approach Consolidating frameworks can foster a more risk-based approach to regulation. International consolidation International cooperation is crucial in reducing the burden of multiple regulations.

Cybersecurity

Cybersecurity Risk Healthcare Accountability

What Maslow’s Hierarchy of Needs Reveals About Cybersecurity Flaws

Jane Frankland

APRIL 18, 2025

Organisations invest heavily in governance, risk, and compliance (GRC) and risk management efforts while neglecting foundational elements like leadership and culture. Risk Management Brings Clarity (Belonging and Love Needs) The middle of the hierarchy addresses our need for connection and clarity. The result?

Cybersecurity

Cybersecurity Technology Risk Security Awareness

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization.

Risk

Simson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

OCTOBER 30, 2024

And because that administrator account can do anything to that server—read the sensitivity data, hack the web server to install malware on people who visit its web pages, or anything else I might care to do—the private key on my laptop represents a security risk for that server.

Accountability

Accountability Risk Malware Hacking

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Security Affairs

APRIL 16, 2025

-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. government funding for MITRE s CVE program , a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption.

Government

Government Risk Cybersecurity Media

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

RISKS AND IMPACTS ON CYBERSECURITY AND PRIVACY The availability of accounts linked to law enforcement and other government agencies, combined with the ease Threat Actors have in renting an EDR service, jeopardizes both the security of governmental infrastructures and the protection of citizens privacy.

Cybercrime

Cybercrime Social Engineering Accountability Government

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

Malwarebytes

JANUARY 30, 2025

Needless to say, this oversight put DeepSeek and its users at risk. We have said this before and well probably have to repeat it numerous times, but the need for fast developments in this field is creating privacy risks that we have never seen before, simply because security is an afterthought for the developers.

Artificial Intelligence

Artificial Intelligence Risk Marketing Passwords

IT Leadership Agrees AI is Here, but Now What?

This whitepaper offers real strategies to manage risks and position your organization for success. IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow.

Cybersecurity

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

The Last Watchdog

NOVEMBER 11, 2024

This is primarily because AR is still relatively new and a rapidly evolving technology, which ultimately means that it is bound to bring about unprecedented opportunities, challenges, and even risks to cybersecurity. Are there any security risks involved? Are there any applications of augmented reality in cybersecurity?

Cybersecurity

Cybersecurity Social Engineering Technology Threat Detection

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

Cybersecurity Risks As people become more selective in their engagement of technology, the behavioural changes were now experiencing have significant implications for cybersecurity. Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity

Cybersecurity Technology Scams Risk

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover

Penetration Testing

APRIL 9, 2025

A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the risk of unauthenticated administrative account creation, potentially allowing full site takeover. The vulnerability, tracked as CVE-2025-3102 with a CVSS score of 8.1,

Accountability

Accountability Risk Cybersecurity

News alert: SecPod launches ‘Saner Cloud’ — CNAPP platform for real-time, automated security

The Last Watchdog

MARCH 19, 2025

Saner Cloud is designed to address these challenges by providing a unified security platform that continuously detects, prioritizes, and remediates vulnerabilities, misconfigurations, identity risks, and compliance violationsautomatically and in real time. Cloud security has long been reactivedetecting risks but failing to fix them.

Cyber threats

Cyber threats Risk Technology Media

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

A well-structured training program fosters true behavioral change, reducing the risk of cyber threats. explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content. Discover more on phished.io

Cyber threats

Experts Flag Security, Privacy Risks in DeepSeek AI App

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

Webinars

Trending Sources

The Independent Op-Ed: Australia’s social media ban won’t protect kids – it’ll put them more at risk

Webinars

See No Risk, Hear No Warning, Speak No Breach: The Cybersecurity Trap for Small Businesses

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

Roger Grimes on Prioritizing Cybersecurity Advice

Digital nomads and risk associated with the threat of infiltred employees

Cyber Risk in U.S. Healthcare: Tackling HIPAA, Vendors, and Human Error – A Free Webinar With Joseph Steinberg and Chip Witt

ERM Program Fundamentals for Success in the Banking Industry

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

News alert: Aptori’s AI-driven platform reduces risk, ensures compliance — now on Google Marketplace

All Gmail users at risk from clever replay attack

Regulating AI Behavior with a Hypervisor

Everything You Need to Know About Crypto

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

MasterCard DNS Error Went Unnoticed for Years

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

On Generative AI Security

The Power of Storytelling in Risk Management

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Flaw in Verizon call record requests put millions of Americans at risk

Pairwise Authentication of Humans

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Safety and Security in Automated Driving

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

What Rebels Teach us About Stronger Cyber Defence

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Reducing the Crushing Burden of Cybersecurity, Privacy Laws in the UK

What Maslow’s Hierarchy of Needs Reveals About Cybersecurity Flaws

Successful Change Management with Enterprise Risk Management

Simson Garfinkel on Spooky Cryptographic Action at a Distance

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

EDR-as-a-Service makes the headlines in the cybercrime landscape

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

IT Leadership Agrees AI is Here, but Now What?

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover

News alert: SecPod launches ‘Saner Cloud’ — CNAPP platform for real-time, automated security

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Stay Connected