2019, Risk and Technology - Cyber Security Informer

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. There was another warning from the U.S.

Software

Software Risk Artificial Intelligence Engineering

National Security Risks of Late-Stage Capitalism

Schneier on Security

MARCH 1, 2021

The company outsourced much of its software engineering to cheaper programmers overseas, even though that typically increases the risk of security vulnerabilities. For a while, in 2019, the update server’s password for SolarWinds’s network management software was reported to be “solarwinds123.”

Risk

Risk Government Marketing Software

CVE-2019-19781 Citrix flaw exposes 80,000 companies at risk

Security Affairs

DECEMBER 23, 2019

Critical CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway could be exploited to access company networks, 80,000 companies at risk worldwide. It has been estimated that 80,000 companies in 158 countries are potentially at risk, most of them in the U.S. ( SecurityAffairs – Citrix, CVE-2019-19781).

Risk

Risk Technology Advertising Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Managing Cybersecurity Risk in M&A

Cisco Security

SEPTEMBER 26, 2022

As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Bolotin champions the continued advancement of the technology audit profession and received a master’s degree in cybersecurity from the University of California Berkeley.

Risk

Risk Cybersecurity Technology InfoSec

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

APRIL 24, 2019

Accounting for third-party risks is now mandated by regulations — with teeth. I had the chance at RSA 2019 to discuss that question with Catherine Allen, chairman and CEO of the Santa Fe Group, and Mike Jordan, senior director of Santa Fe’s Shared Assessments program. That out of the way, business can proceed with less risk.

Risk

Risk Technology IoT Digital transformation

Retail in 2019 needs security precautions

Thales Cloud Protection & Licensing

DECEMBER 28, 2018

They might at first glance, but retailers are now exposing themselves to a whole host of security risks as these connected shopping technologies evolve. As we head into 2019, one thing is clear: more convenience is directly proportional to industry-wide risk. The numbers don’t lie.

Retail

Retail Data breaches Digital transformation Risk

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

JANUARY 18, 2024

When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations. CSP collaboration improves the security environment where there’s a need to mitigate the emerging risks quickly and comprehensively.

Risk

Risk Backups Encryption DDOS

RSAC 2019 Blog Series: Taking the Risk out of Digital Transformation: RSAC 2019’s Quest for Delivering “Better”

Thales Cloud Protection & Licensing

FEBRUARY 27, 2019

However, in an attempt to be “better” many organizations have leaned heavily on emerging technologies such as cloud, blockchain and IoT – aka digital transformation. It turns out that enterprise companies diving head-first into digital transformation technologies are leaving their organizations open to unprecedented risk.

Digital transformation

Digital transformation Risk Encryption Technology

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks. “ OT attacks hit an all-time high. ” continues the report.

Advertising

Advertising Malware IoT Technology

SiteLock INFINITY Wins the 2019 Cloud Security Excellence Award

SiteLock

AUGUST 27, 2021

We are excited to announce that SiteLock ® INFINITY™ has been recognized as a WINNER of the 2019 Cloud Computing Security Excellence Awards ! Small businesses often build and maintain their own websites, but many do not have the technical expertise or bandwidth to ensure adequate protection is in place, which puts them at significant risk.

Small Business

Small Business Malware Marketing Internet

Seeds of Destruction: Cyber Risk Is Growing in Agriculture

The Security Ledger

MAY 4, 2021

In this episode of the podcast (#213): Molly Jahn of DARPA and University of Wisconsin joins us to talk about the growing cyber risk to the Food and Agriculture sector, as industry consolidation and precision agriculture combine to increase the chances of cyber disruption of food production. Read the whole entry. »

Cyber Risk

Cyber Risk Risk Digital transformation InfoSec

NEW TECH: Juicing up SOAR — SIRP inserts risk-based analysis into network defense playbooks

The Last Watchdog

MARCH 2, 2020

A new addition to the SOAR space is SIRP , a platform established in 2019 in the UK that combines security operations management with cybersecurity intelligence. Full automation is still some way off, but the data can be enriched based on certain automation and workflows, automating some 70 percent of the risk investigation.

Risk

Risk Banking Technology Cybersecurity

SiteLock 2019 Website Security Report: Protecting Websites in the Age of Stealth Attacks

SiteLock

AUGUST 27, 2021

Findings come from the SiteLock 2019 Website Security Report , an analysis of over 6 million websites to determine the most prevalent cyberthreats websites face today. Using proprietary algorithms and technology, SiteLock has identified the top website risk factors and emerging trends in 2019.

Data breaches

Data breaches Cybercrime Risk Malware

Introduction to the NIST AI Risk Management Framework (AI RMF)

Centraleyes

JANUARY 24, 2024

Unlike general cybersecurity concerns, whose primary focus is thwarting threats and vulnerabilities, AI risk management introduces a unique interplay of potential benefits and risks. Implementing AI technologies opens avenues for innovation, efficiency, and unprecedented advancements.

Risk

Risk Artificial Intelligence Government Accountability

Attacks on Citrix servers increase after the release of CVE-2019-19781 exploits

Security Affairs

JANUARY 27, 2020

Citrix has released security patches for the recently disclosed CVE-2019-19781 flaw, but the number of attacks on vulnerable systems is increasing. Last week, Citrix addressed the actively exploited CVE-2019-19781 flaw in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances. and 11.0.3.

Advertising

Advertising Hacking Technology Information Security

Best Third-Party Risk Management (TPRM) Tools of 2021

eSecurity Planet

AUGUST 27, 2021

In a developing market, third-party risk management (TPRM) software and tools could be the answer to helping organizations fill the gap. This article looks at the top third-party risk management vendors and tools and offers a look into TPRM solutions and what buyers should consider before purchasing. Aravo TPRM.

Risk

Risk Marketing Software Cybersecurity

US OCC imposed an $80 Million fine to Capital One for 2019 hack

Security Affairs

AUGUST 9, 2020

US Office of the Comptroller of the Currency (OCC) regulator has fined the credit card provider Capital One Financial Corp with $80 million over 2019 data breach. The US Office of the Comptroller of the Currency (OCC) has imposed an $80 million fine to the credit card provider Capital One Financial Corp over 2019 data breach.

Hacking

Hacking Banking Data breaches Advertising

The Future of Data Protection Begins at GITEX 2019

Thales Cloud Protection & Licensing

OCTOBER 3, 2019

I’ve seen numerous attack campaigns targeting this region come to the surface in 2019 alone. DarkMatter confirmed as much in its Cyber Security Report: June 2019 when it found that approximately 90 percent of UAE-based enterprises exhibited outdated software, credential problems in the form of weak/exposed passwords and insecure protocols.

Telecommunications

Telecommunications Encryption Software Banking

The 2019 Database Gold Rush

SiteLock

AUGUST 27, 2021

failing to regularly update your theme, plugin, and core files is a huge security risk. The more administrators a site has, the greater the risk of an attacker executing a brute force attack to compromise the valuable contents within a database. According to the 2019 Verizon Security Report , 34% of breaches involved internal actors.

Backups

Backups Passwords Identity Theft Malware

Emerging security challenges for Europe’s emerging technologies

Thales Cloud Protection & Licensing

SEPTEMBER 5, 2019

With many of these transformations, it is not just the premise of keeping up that drives the huge levels of investment we see organisations making – but also the promise of what’s possible, if the right technologies and approaches can be harnessed to disrupt or differentiate in the face of fierce competition. Containers.

Technology

Technology Digital transformation IoT Big data

The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control

Cisco Security

JULY 12, 2021

Chief Information Security Officers (CISOs) across the Global 2000 and Fortune 1000 are obsessed with protecting the workforce endpoints as critical vulnerabilities in the cybersecurity and risk management posture of their enterprises. Would a risk-conscious, security-aware workforce become a security enabler rather than a security risk?

Security Awareness

Security Awareness Risk CISO Cybersecurity

PoC exploits for Citrix ADC and Gateway CVE-2019-19781 flaw released online

Security Affairs

JANUARY 11, 2020

Experts announced the availability online of proof-of-concept exploit code for CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway servers. In December Citrix disclosed the critical CVE-2019-19781 vulnerability and explained that it could be exploited by attackers to access company networks. Pierluigi Paganini.

Advertising

Advertising Technology Accountability Risk

Experts warn of ongoing scans for Citrix servers affected by CVE-2019-19781

Security Affairs

JANUARY 9, 2020

Threat actors are probing Citrix servers in the attempt to exploit the CVE-2019-19781 remote code execution vulnerability. Security researchers are warning of ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers affected by the CVE-2019-19781 vulnerabilities.

Technology

Technology Advertising Internet Internet

5 IoT Security Predictions for 2019

Security Affairs

DECEMBER 21, 2018

2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019. 2019 will continue these trends but at a faster pace. Upcoming government standardization efforts will continue to increase substantially in 2019. About the author: Matt Burke.

IoT

IoT Manufacturing Internet Internet

7 Insights About Managing Cyber Risk You Can’t Afford To Miss

Jane Frankland

AUGUST 18, 2020

Furthermore, from 2019–2023E, approximately USD 5.2 trillion in global value will be at risk from cyberattacks. IBM found that the average time to identify a breach in 2019 was 206 days. The figures vary with Verizon reporting 21%, IBM reporting 24% and Cybsafe reporting 90% in 2019. billion by 2022. INSIGHT #2.

Cyber Risk

Cyber Risk Risk Cybersecurity Technology

The Necessity of Data Security: Recapping the 2019 Thales Data Security Summit

Thales Cloud Protection & Licensing

MAY 14, 2019

The ability to narrow the gap between taking advantage of digital transformation without compromising security was a reoccurring theme at our 2019 annual Data Security Summit on May 1. Digital transformation is accelerating the pace at which new technologies are being adopted. Federal Agencies.”

Digital transformation

Digital transformation Cloud Migration IoT Threat Reports

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

NOVEMBER 8, 2021

M&A invariably creates technology gaps that bad actor’s prey upon. According to a report from Protenus and DataBreaches.net, over 41 million patient records were breached in 2019, almost tripling healthcare industry breaches from the prior year. Patient data exposures. The data was found for sale on the dark web.

Healthcare

Healthcare Technology Architecture IoT

Black Hat/DefCon 2019: Where is Quantum?

Thales Cloud Protection & Licensing

SEPTEMBER 4, 2019

At a minimum, organizations should be looking at quantifying their level of risk using our Post-Quantum Risk Assessment tool. While far and wide claims around AI and machine learning remain a mainstay, there was less emphasis on these technologies then in years past which was great to see.

IoT

IoT Hacking Wireless Risk

2019 Predictions: Information security will be given a seat at the table without asking

Thales Cloud Protection & Licensing

DECEMBER 18, 2018

My experience in the past has been that information/cyber security professionals have often been relegated to giving advice on the threat landscape and risks, and then futilely lobbying the board for visibility and resources to put appropriate controls in place. In 2019, that attitude will finally, and permanently, change.

Information Security

Information Security CISO Risk Technology

Citrix releases permanent fixes for CVE-2019-19781 flaw in ADC 11.1 and 12.0

Security Affairs

JANUARY 20, 2020

Citrix addressed the actively exploited CVE-2019-19781 flaw in Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances. In December Citrix disclosed the critical CVE-2019-19781 vulnerability and explained that it could be exploited by attackers to access company networks.

Advertising

Advertising CISO Hacking Technology

7 Habits of a Highly Effective CISO: 2019 Data Security Resolutions

Thales Cloud Protection & Licensing

JANUARY 3, 2019

It’s 2019 and data is everywhere – and what you can do with what is at your fingertips is truly transformative. Unfortunately, with every possibility a new security risk appears, and as a CISO you are well-aware of the implications. and other countries coming on soon), being out of compliance becomes a huge and costly risk.

CISO

CISO Big data Digital transformation Encryption

Blackhawk Network Expands Security and Technology Team with Addition of Selim Aissi as New Chief Information Security Officer

CyberSecurity Insiders

JANUARY 11, 2022

–( BUSINESS WIRE )– Blackhawk Network , a global financial technology company and a leader in payment technologies and solutions, today announced veteran information security executive, Selim Aissi, has been named its Chief Information Security Officer. PLEASANTON, Calif.–( About Blackhawk Network.

Information Security

Information Security Technology CISO Engineering

2019 may not be the year of quantum, but it should be the year of preparation

Thales Cloud Protection & Licensing

DECEMBER 20, 2018

Highlighting several technical and financial problems that need to be overcome before a functional quantum computer can be built, the report states it’s too early to even predict a timeline for the development of the technology. New technologies = new risks. However, with new technologies comes new threats.

Technology

Technology Engineering Risk

Facebook spied on Snapchat users to get analytics about the competition

Malwarebytes

MARCH 28, 2024

The document mentions Facebook’s so-called In-App Action Panel (IAAP) program, which existed between June 2016 and approximately May 2019. Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client. Onavo was a VPN-like research tool that Facebook acquired in 2013.

Encryption

Encryption VPN Technology Mobile

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

MARCH 14, 2019

So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant. I had the chance to visit with CyberGRX CEO Fred Kneip at RSA 2019 at San Francisco’s Moscone Center last week. For a full drill down, please listen to the accompanying podcast.

Cyber Risk

Cyber Risk Risk Digital transformation Accountability

Security Vendors Understate Risks in Senate Hearing on SolarWinds

Security Boulevard

MARCH 15, 2021

It was also stated that the attack was the culmination of effort of about 1,000 bad actors working for at least six months from Oct 2019 to March 2020. All these victims risk losing intellectual property and economic dominance to a foreign adversary. This type of fileless malware bypasses most security technology.

Risk

Risk Technology Malware Software

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Cyber Risk

Cyber Risk Risk Financial Services Banking

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

” The FCC tweet also provided a link to the agency’s awareness page on juice jacking , which was originally published in advance of the Thanksgiving Holiday in 2019 but was updated in 2021 and then again shortly after the FBI’s tweet was picked up by the news media. This scam is referred to as juice jacking.”

Mobile

Mobile Software Backups Technology

Public companies may not grasp responsibility to investors in sharing info on cyber risk

SC Magazine

MARCH 5, 2021

Publicly traded companies must start disclosing more “actionable” information to shareholders and regulators around their cyber risks and vulnerabilities. Many executives themselves might not fully understand their own risks. Most reporting fails to convey the implications of risk levels for business processes,” the study said.

Cyber Risk

Cyber Risk Risk Data breaches Cyber threats

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco Security

MAY 5, 2022

A strategic compliance and risk management approach is as essential to the success of an organization as its product strategy. ISO IEC 27001:2013 – Information technology — Security techniques — Information security management systems — Requirements. We understand these challenges and are here to help.

Marketing

Marketing InfoSec Risk Technology

SHARED INTEL: Bogus Coronavirus email alerts underscore risk posed by weaponized email

The Last Watchdog

MARCH 12, 2020

One cybersecurity company, Tel Aviv-based Votiro, is taking a different approach to strengthen protection against such weaponized documents, using technology that disarms files before they are delivered to the recipient’s inbox. Votiro introduced their ‘Disarmer’ technology, called CDR, for “content, disarm and reconstruction” to the U.S.

Risk

Risk Technology Malware Firewall

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

The Last Watchdog

OCTOBER 4, 2019

I had the chance to meet with Randy Watkins, Critical Start’s chief technology officer at Black Hat USA 2019. Here are excerpts, edited for clarity and length: LW: What’s the difference between taking a ‘risk-oriented’ versus a ‘controlled-based’ approach to security? Watkins: Security really is the art of handling risk.

Risk

Risk Marketing Digital transformation DNS

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

MAY 2, 2019

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. I had the chance at RSA 2019 to discuss the SMB security landscape at length with Gill.

Risk

Risk Cyber Risk Cyber threats Banking

2019 Thales DTR: Global Edition: Facts that may surprise you

Thales Cloud Protection & Licensing

FEBRUARY 19, 2019

A few weeks ago, we issued the Global Edition of our 2019 Thales Data Threat Report, now in its seventh year. This year much of the emphasis within the results was on how digital transformation can put organizations’ sensitive data at risk. If you are rushing to market with new technologies. No surprise then that ….

Digital transformation

Digital transformation Data breaches Threat Reports Marketing

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

National Security Risks of Late-Stage Capitalism

Webinars

Trending Sources

CVE-2019-19781 Citrix flaw exposes 80,000 companies at risk

Webinars

Managing Cybersecurity Risk in M&A

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

Retail in 2019 needs security precautions

How Secure Is Cloud Storage? Features, Risks, & Protection

RSAC 2019 Blog Series: Taking the Risk out of Digital Transformation: RSAC 2019’s Quest for Delivering “Better”

OT attacks increased by over 2000 percent in 2019, IBM reports

SiteLock INFINITY Wins the 2019 Cloud Security Excellence Award

Seeds of Destruction: Cyber Risk Is Growing in Agriculture

NEW TECH: Juicing up SOAR — SIRP inserts risk-based analysis into network defense playbooks

SiteLock 2019 Website Security Report: Protecting Websites in the Age of Stealth Attacks

Introduction to the NIST AI Risk Management Framework (AI RMF)

Attacks on Citrix servers increase after the release of CVE-2019-19781 exploits

Best Third-Party Risk Management (TPRM) Tools of 2021

US OCC imposed an $80 Million fine to Capital One for 2019 hack

The Future of Data Protection Begins at GITEX 2019

The 2019 Database Gold Rush

Emerging security challenges for Europe’s emerging technologies

The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control

PoC exploits for Citrix ADC and Gateway CVE-2019-19781 flaw released online

Experts warn of ongoing scans for Citrix servers affected by CVE-2019-19781

5 IoT Security Predictions for 2019

7 Insights About Managing Cyber Risk You Can’t Afford To Miss

The Necessity of Data Security: Recapping the 2019 Thales Data Security Summit

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

Black Hat/DefCon 2019: Where is Quantum?

2019 Predictions: Information security will be given a seat at the table without asking

Citrix releases permanent fixes for CVE-2019-19781 flaw in ADC 11.1 and 12.0

7 Habits of a Highly Effective CISO: 2019 Data Security Resolutions

Blackhawk Network Expands Security and Technology Team with Addition of Selim Aissi as New Chief Information Security Officer

2019 may not be the year of quantum, but it should be the year of preparation

Facebook spied on Snapchat users to get analytics about the competition

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

Security Vendors Understate Risks in Senate Hearing on SolarWinds

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

Why is ‘Juice Jacking’ Suddenly Back in the News?

Public companies may not grasp responsibility to investors in sharing info on cyber risk

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

SHARED INTEL: Bogus Coronavirus email alerts underscore risk posed by weaponized email

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

2019 Thales DTR: Global Edition: Facts that may surprise you

Stay Connected