2019, Risk and Technology - Cyber Security Informer

National Security Risks of Late-Stage Capitalism

Schneier on Security

MARCH 1, 2021

The company outsourced much of its software engineering to cheaper programmers overseas, even though that typically increases the risk of security vulnerabilities. For a while, in 2019, the update server’s password for SolarWinds’s network management software was reported to be “solarwinds123.”

Risk

Risk Government Marketing Software

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. There was another warning from the U.S.

Software

Software Risk Artificial Intelligence Cyber Attacks

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

APRIL 24, 2019

Accounting for third-party risks is now mandated by regulations — with teeth. I had the chance at RSA 2019 to discuss that question with Catherine Allen, chairman and CEO of the Santa Fe Group, and Mike Jordan, senior director of Santa Fe’s Shared Assessments program. That out of the way, business can proceed with less risk.

Risk

Risk Technology IoT Digital transformation

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks. “ OT attacks hit an all-time high. ” continues the report.

Advertising

Advertising Malware IoT Technology

How threat actors can use generative artificial intelligence?

Security Affairs

DECEMBER 1, 2024

The increasing sophistication of these technologies has made it harder than ever to distinguish real content from fake. A study by the Massachusetts Institute of Technology (MIT) presented in 2019 revealed that deepfakes generated by AI could deceive humans up to 60% of the time. As the technology evolves, so will its misuse.

Artificial Intelligence

Artificial Intelligence Phishing Media Cybercrime

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

SecureWorld News

OCTOBER 23, 2024

Securities and Exchange Commission (SEC) announced Tuesday that it has fined four companies $7 million for misleading statements about their cybersecurity incidents, particularly concerning the high-profile 2019 SolarWinds hack. Check Point Software Technologies Ltd., Check Point Software Technologies Ltd., Unisys Corp.,

Cybersecurity

Cybersecurity Risk Hacking Software

NEW TECH: Juicing up SOAR — SIRP inserts risk-based analysis into network defense playbooks

The Last Watchdog

MARCH 2, 2020

A new addition to the SOAR space is SIRP , a platform established in 2019 in the UK that combines security operations management with cybersecurity intelligence. Full automation is still some way off, but the data can be enriched based on certain automation and workflows, automating some 70 percent of the risk investigation.

Risk

Risk Banking Technology Marketing

Credit Reporting Companies Put Customer Data at Risk

Adam Levin

MAY 19, 2021

An undergraduate student at Rochester Institute of Technology named Bill Demirkapi discovered the most recent security failure. TransUnion, 2019: The credit reporting bureau reported the data compromise of 37,000 Canadians, however the nature and content of that compromise are not clear. .

Risk

Risk Identity Theft Data breaches VPN

Attacks on Citrix servers increase after the release of CVE-2019-19781 exploits

Security Affairs

JANUARY 27, 2020

Citrix has released security patches for the recently disclosed CVE-2019-19781 flaw, but the number of attacks on vulnerable systems is increasing. Last week, Citrix addressed the actively exploited CVE-2019-19781 flaw in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances. and 11.0.3.

Advertising

Advertising Hacking Technology Information Security

Managing Cybersecurity Risk in M&A

Cisco Security

SEPTEMBER 26, 2022

As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Bolotin champions the continued advancement of the technology audit profession and received a master’s degree in cybersecurity from the University of California Berkeley.

Risk

Risk Cybersecurity Technology InfoSec

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

Chinese company 360 Security Technology, also known as Qihoo 360, purchased Lemon Seed, according to its 2019 annual report. The Entity List identifies entities that the US believes pose a risk to its national security. It is also responsible for others that didn’t make it into the top 100: Snap VPN, and Signal Secure VPN.

VPN

VPN Mobile Government Technology

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

NOVEMBER 8, 2021

M&A invariably creates technology gaps that bad actor’s prey upon. According to a report from Protenus and DataBreaches.net, over 41 million patient records were breached in 2019, almost tripling healthcare industry breaches from the prior year. Patient data exposures. The data was found for sale on the dark web.

Healthcare

Healthcare Technology Architecture IoT

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

” The FCC tweet also provided a link to the agency’s awareness page on juice jacking , which was originally published in advance of the Thanksgiving Holiday in 2019 but was updated in 2021 and then again shortly after the FBI’s tweet was picked up by the news media. This scam is referred to as juice jacking.”

Mobile

Mobile Software Backups Technology

Zero-day attacks on browsers and smartphones drop, says Google

Malwarebytes

MAY 1, 2025

Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google’s security team this week. While most attacks do still target personal technology like smartphones and browsers, the focus is moving increasingly to enterprise tech. What does all this mean for you?

Spyware

Spyware Mobile Technology Government

The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control

Cisco Security

JULY 12, 2021

Chief Information Security Officers (CISOs) across the Global 2000 and Fortune 1000 are obsessed with protecting the workforce endpoints as critical vulnerabilities in the cybersecurity and risk management posture of their enterprises. Would a risk-conscious, security-aware workforce become a security enabler rather than a security risk?

Security Awareness

Security Awareness Risk CISO Cybersecurity

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

MAY 2, 2019

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. I had the chance at RSA 2019 to discuss the SMB security landscape at length with Gill.

Risk

Risk Cyber Risk Cyber threats Banking

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

MARCH 14, 2019

So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant. I had the chance to visit with CyberGRX CEO Fred Kneip at RSA 2019 at San Francisco’s Moscone Center last week. For a full drill down, please listen to the accompanying podcast.

Cyber Risk

Cyber Risk Risk Digital transformation Accountability

Safer with Google: Advancing Memory Safety

Google Security

OCTOBER 15, 2024

We recognized the inherent risks associated with memory-unsafe languages and developed tools like sanitizers , which detect memory safety bugs dynamically, and fuzzers like AFL and libfuzzer , which proactively test the robustness and security of a software application by repeatedly feeding unexpected inputs.

Computers and Electronics

Computers and Electronics Software Risk Architecture

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

The Last Watchdog

OCTOBER 10, 2019

Related: Implications of huge Capital One breach CASBs supplied a comprehensive set of tools to monitor and manage the multitude of fresh cyber risks spinning out of the rise in in corporate reliance on cloud services. In doing so, CASBs became the fastest growing security category ever , as declared by Gartner.

Risk

Risk Cloud Migration Engineering Cyber Risk

Best Third-Party Risk Management (TPRM) Tools of 2021

eSecurity Planet

AUGUST 27, 2021

In a developing market, third-party risk management (TPRM) software and tools could be the answer to helping organizations fill the gap. This article looks at the top third-party risk management vendors and tools and offers a look into TPRM solutions and what buyers should consider before purchasing. Aravo TPRM.

Risk

Risk Marketing Software Cybersecurity

WhatsApp hack: Meta wins payout over NSO Group spyware

Malwarebytes

MAY 8, 2025

According to the original complaint against NSO Group, filed in October 2019, the spyware vendor used WhatsApp servers to send malware to around 1400 mobile phones. The European Data Protection Supervisor recommended an EU ban on the technology in 2022, although this has not yet happened. Facebook has its own initiative.

Spyware

Spyware Hacking Surveillance Government

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Cyber Risk

Cyber Risk Risk Financial Services Banking

How Cyber Safe is Your Drinking Water Supply?

Krebs on Security

JUNE 21, 2021

The ISAC found when it comes to IT systems tied to “operational technology” (OT) — systems responsible for monitoring and controlling the industrial operation of these utilities and their safety features — just 30.5 percent of utilities have identified all IT-networked assets, with an additional 21.7

Hacking

Hacking Accountability Cybersecurity Technology

Robocall Legal Advocate Leaks Customer Data

Krebs on Security

AUGUST 3, 2020

The Blacklist Alliance provides technologies and services to marketing firms concerned about lawsuits under the Telephone Consumer Protection Act (TCPA), a 1991 law that restricts the making of telemarketing calls through the use of automatic telephone dialing systems and artificial or prerecorded voice messages.

Mobile

Mobile Marketing Consumer Protection Wireless

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. The security breach poses a major national security risk. Salt Typhoon is a China-linked APT group active since at least 2019.

Mobile

Mobile Telecommunications Data breaches Hacking

SiteLock INFINITY Wins the 2019 Cloud Security Excellence Award

SiteLock

AUGUST 27, 2021

We are excited to announce that SiteLock ® INFINITY™ has been recognized as a WINNER of the 2019 Cloud Computing Security Excellence Awards ! Small businesses often build and maintain their own websites, but many do not have the technical expertise or bandwidth to ensure adequate protection is in place, which puts them at significant risk.

Small Business

Small Business Malware Marketing Internet

Cybersecurity Risks of 5G – And How to Control Them

eSecurity Planet

SEPTEMBER 1, 2021

Consumers and organizations are enthused about the operational benefits of more robust mobile connectivity, but the shift to 5G networks doesn’t come without risks. Here we’ll discuss the most significant risks posed by 5G, how U.S. Table of Contents What Are the Cybersecurity Risks of 5G? How is 5G Different?

Risk

Risk Cybersecurity IoT Wireless

Qualys Automates Ransomware Risk Assessment

eSecurity Planet

OCTOBER 8, 2021

Qualys this week launched a new Ransomware Risk Assessment Service that’s designed to help enterprises understand their potential exposure to ransomware and automate the process of patching any associated vulnerabilities or misconfigurations. CVE-2019-1458. December 2019. Qualys Ransomware Risk Assessment dashboard.

Ransomware

Ransomware Risk Backups Software

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

The Last Watchdog

OCTOBER 4, 2019

I had the chance to meet with Randy Watkins, Critical Start’s chief technology officer at Black Hat USA 2019. Here are excerpts, edited for clarity and length: LW: What’s the difference between taking a ‘risk-oriented’ versus a ‘controlled-based’ approach to security? Watkins: Security really is the art of handling risk.

Risk

Risk Marketing Digital transformation DNS

Announcing Risk-Based Endpoint Security with Cisco Secure Endpoint and Kenna Security

Cisco Security

APRIL 11, 2022

Kenna Security maps out the vulnerabilities in your environment and prioritizes the order in which you should address them based on a risk score. With this initial integration, Secure Endpoint customers can now perform risk-based endpoint security. Figure 1: Kenna Risk Score in the Secure Endpoint console.

Risk

Risk Internet Internet Malware

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco Security

MAY 5, 2022

A strategic compliance and risk management approach is as essential to the success of an organization as its product strategy. ISO IEC 27001:2013 – Information technology — Security techniques — Information security management systems — Requirements. We understand these challenges and are here to help.

Marketing

Marketing InfoSec Risk Technology

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

AUGUST 12, 2024

This is all part of Generative AI and Large Language Models igniting the next massive technological disruption globally. When you add AI into the mix, it further intensifies the challenge of managing data sprawl and the associated risks.” AppSec technology security-hardens software at the coding level.

Software

Software Technology Mobile Cybersecurity

ENISA publishes a Threat Landscape for 5G Networks

Security Affairs

NOVEMBER 21, 2019

An EU-wide Coordinated Risk Assessment of 5G networks has been published on the 9 th October 2019. It contained 10 high-level risk scenarios, based on the national risk assessments by EU Member States. The assessed threats refine the threats reviewed in the coordinated risk assessment. Next Steps.

Architecture

Architecture Risk Telecommunications Advertising

Government Shutdown Hampers Cybersecurity

Adam Levin

JANUARY 9, 2019

85% of the National Institute of Standards and Technology , which produces the Cybersecurity Framework of private and public sector security standards. The Department of Homeland Security’s 2019 Cybersecurity and Innovation Showcase, initially scheduled to begin January 8, was also cancelled.

Government

Government Cybersecurity Telecommunications Cyber Attacks

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

The Last Watchdog

DECEMBER 5, 2019

I’m privileged to share news that two Last Watchdog articles were recognized in the 2019 Information Management Today MVP Awards. I’ve been paying close attention to privacy and cybersecurity since 2004, first as a technology reporter at USA TODAY, then as Editor-In-Chief of ThirdCertainty.com, a corporate-underwritten news analysis blog.

IoT

IoT Cyber Risk Internet Internet

BEST PRACTICES: The case for ‘adaptive MFA’ in our perimeter-less digital environment

The Last Watchdog

MAY 14, 2019

One of the catch phrases I overheard at RSA 2019 that jumped out at me was this: “The internet is the new corporate network.” Founded in 2016 by cryptography experts from the Israeli Intelligence Corps’ elite 8200 cyber unit, Silverfort is backed by leading investors in cybersecurity technologies. That’s where adaptive MFA comes in.

Authentication

Authentication Digital transformation Risk Internet

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

JANUARY 18, 2024

When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations. CSP collaboration improves the security environment where there’s a need to mitigate the emerging risks quickly and comprehensively.

Risk

Risk Backups Encryption DDOS

NEW TECH: SyncDog vanquishes BYOD risk by isolating company assets on a secure mobile app

The Last Watchdog

MARCH 18, 2019

This has led the BYOD dilemma cycling afresh, with each advance of the technology, which is what it’s doing right now. I had the chance to sit down with SynCDog’s founder and CEO, Jonas Gyllensvaan, along with its Chief Revenue Officer, Brian Egenrieder, at RSA 2019. Rekindled conflict.

Mobile

Mobile Risk Technology Passwords

Breaking Down the OWASP Top 10 API Security Risks 2023 (& What Changed From 2019)

Veracode Security

SEPTEMBER 30, 2024

The 2019 list was the first edition of the OWASP API Security Top 10. The changes in the list reflect the changes in the technology landscape we see today. The OWASP Top Ten lists have been the cornerstone for application security best practices for over two decades.

Risk

Risk Architecture Technology Engineering

EU to regulate AI based Facial Recognition

CyberSecurity Insiders

APRIL 25, 2021

European Commission (EC) is planning to devise a new framework that regularized the usage of AI based Facial Recognition technology that all technology based providers need to comply with. More details are awaited!

Artificial Intelligence

Artificial Intelligence Surveillance Technology Government

AT&T, T-Mobile To Stop Selling Location Data

Adam Levin

JANUARY 15, 2019

AT&T and T-Mobile announced that in March 2019 they would stop selling user location data to third parties. The announcements came on the heels of a Motherboard article that reported on the ability to track individual cellular phones via “location aggregator” companies with access to mobile customer information.

Mobile

Mobile Accountability Risk Technology

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

The Last Watchdog

AUGUST 22, 2019

I had an evocative discussion at Black Hat USA 2019 with Andy Byron, president of Lacework, a Mountain View, CA-based start-up that has raised $32 million in venture capital to help companies address these conflicting imperatives. “The The massive transformation that’s happening right now introduces a lot of risk.

Digital transformation

Digital transformation Risk Firewall Accountability

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

MAY 28, 2020

According to the report, a typical offender faces a perfect storm of ill-boding circumstances, including a perceived low risk of getting caught, and a perception that their offenses in general amounted to victimless crimes. Source: Booting the Booters, 2019. When we find an ad that violates our policies we take action.

Cybercrime

Cybercrime DDOS Advertising Hacking

Nation-state actors target Australia, Government warns

Security Affairs

JUNE 19, 2020

Warning Australians of “specific risks” and an increased frequency of attacks, The Australian government is working on “specific risks” related to a significant increase in the number of targeted cyber attacks against sensitive institutions and organizations in almost any industry, Morrison told an organised press conference.

Government

Government Cyber Attacks Advertising Risk

National Security Risks of Late-Stage Capitalism

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Trending Sources

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

OT attacks increased by over 2000 percent in 2019, IBM reports

How threat actors can use generative artificial intelligence?

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

NEW TECH: Juicing up SOAR — SIRP inserts risk-based analysis into network defense playbooks

Credit Reporting Companies Put Customer Data at Risk

Attacks on Citrix servers increase after the release of CVE-2019-19781 exploits

Managing Cybersecurity Risk in M&A

Popular VPNs are routing traffic via Chinese companies, including one with link to military

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

Why is ‘Juice Jacking’ Suddenly Back in the News?

Zero-day attacks on browsers and smartphones drop, says Google

The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

Safer with Google: Advancing Memory Safety

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

Best Third-Party Risk Management (TPRM) Tools of 2021

WhatsApp hack: Meta wins payout over NSO Group spyware

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

How Cyber Safe is Your Drinking Water Supply?

Robocall Legal Advocate Leaks Customer Data

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

SiteLock INFINITY Wins the 2019 Cloud Security Excellence Award

Cybersecurity Risks of 5G – And How to Control Them

Qualys Automates Ransomware Risk Assessment

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

Announcing Risk-Based Endpoint Security with Cisco Secure Endpoint and Kenna Security

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

ENISA publishes a Threat Landscape for 5G Networks

Government Shutdown Hampers Cybersecurity

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

BEST PRACTICES: The case for ‘adaptive MFA’ in our perimeter-less digital environment

How Secure Is Cloud Storage? Features, Risks, & Protection

NEW TECH: SyncDog vanquishes BYOD risk by isolating company assets on a secure mobile app

Breaking Down the OWASP Top 10 API Security Risks 2023 (& What Changed From 2019)

EU to regulate AI based Facial Recognition

AT&T, T-Mobile To Stop Selling Location Data

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

UK Ad Campaign Seeks to Deter Cybercrime

Nation-state actors target Australia, Government warns

Stay Connected