Troy Hunt

JANUARY 23, 2022

I have been, and still remain, a massive proponent of "the cloud" I built Have I Been Pwned (HIBP) as a cloud-first service that took advantage of modern cloud paradigms such as Azure Table Storage to massively drive down costs at crazy levels of performance I never could have achieved before. Windows NT; Windows NT 10.0;

Passwords 363

Passwords Accountability Firewall Risk 363

Centraleyes

NOVEMBER 5, 2023

Each of these components comprises specific standards and specifications designed to address risks concerning the confidentiality, integrity, and availability of PHI. Instead, compliance is demonstrated through risk assessments and control documentation. The enforcement of HIPAA falls under the jurisdiction of the U.S.

Healthcare 52

Healthcare Risk Insurance Penetration Testing 52

NopSec

OCTOBER 28, 2021

At a high level, Infrastructure Vuln Reports has two capabilities that I will review in this blog post: Ability to precisely define queries for vulnerabilities through a series of user interface options. There are two categories of filters: Assets Vulnerabilities Asset filters relate to asset attributes. Select “equals to.”

Retail 52

Retail Banking Risk 52

Security Boulevard

DECEMBER 21, 2021

The ASVS establishes three verification levels: Level 1: low assurance levels, completely penetration testable. Level 2: applications containing sensitive data, recommended for most apps. Design software to meet security requirements and mitigate security risks (PW.1). Implement code-level security checks.

Software 59

Software Architecture Risk Penetration Testing 59

Centraleyes

JANUARY 24, 2024

Unlike general cybersecurity concerns, whose primary focus is thwarting threats and vulnerabilities, AI risk management introduces a unique interplay of potential benefits and risks. Recognizing and harnessing the opportunities embedded in AI systems are integral components of the NIST Artificial Intelligence Risk Management Framework.

Risk 52

Risk Artificial Intelligence Government Accountability 52

Cisco Security

JANUARY 10, 2023

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. Using this information, last year I wrote a blog summing up the nine top of mind issues I believed will most impact CISOs as we headed into 2022.

CISO 132

CISO Insurance Cyber Insurance Phishing 132

NopSec

OCTOBER 11, 2022

This blog post focuses on how to create a bridge / correlation between CVE, CAPEC, CWE and ATT&CK vulnerability and attack taxonomies for the purpose of better understanding attack vectors and methods. The Figure below visualizes how CAPEC’s extension extends from high to low-level information.

Software 52

Software IoT Cyber Attacks Social Engineering 52

Centraleyes

DECEMBER 4, 2023

This blog post will dive into these questions, providing all the essential details. Processing Special Categories of Personal Data: The Act permits the processing of special categories of personal data without consent for specific purposes, subject to predefined conditions.

Data privacy 52

Data privacy Risk Telecommunications Big data 52

Security Boulevard

OCTOBER 10, 2022

Machines are like humans in that each one must have a unique identity (2). A new category was created — Machine Identity Management. We invented the technology and created the category Gartner now calls machine identity management. Reduce the risk of misuse and compromise by the bad guys who use identities in their attacks.

Digital transformation 59

Digital transformation Software Authentication InfoSec 59

Notice Bored

JUNE 5, 2022

b) determine all controls that are necessary to implement the information security risk treatment option(s) chosen; NOTE Organizations can design controls as required, or identify them from any source. NOTE 2 Control objectives are implicitly included in the controls chosen. Subclause 6.1.3 c) compare the controls determined in 6.1.3

Risk 72

Risk Information Security Accountability InfoSec 72

Pen Test Partners

SEPTEMBER 13, 2023

Additionally, they are required to have a formalised risk assessment in place to substantiate and validate their customised approach to the chosen requirements. Section 2 No significant changes in this section. Disk level encryption is no longer permitted for protection unless it is a form of removeable media (e.g.,

Authentication 52

Authentication Passwords Media Encryption 52

Security Boulevard

SEPTEMBER 13, 2021

On June 2 and 3, 2021, the National Institute of Standard and Technology (NIST) held a workshop where it consulted with federal agencies, the private sector, academics, and other stakeholders to start working on a definition of Critical Software. Critical Software Definition. The definition of “critical trust”. Recommended Minimum Standards.

Cybersecurity 96

Cybersecurity Software Technology Risk 96

Google Security

MAY 11, 2022

It’s why today at I/O we announced new ways we’re reducing the risks of phishing by: scaling phishing protections to Google Docs, Sheets and Slides, continuing to auto enroll people in 2-Step Verification and more. This blog will deep dive into the method of phishing and how it has evolved today.

Phishing 106

Phishing Scams Authentication Accountability 106

McAfee

SEPTEMBER 29, 2021

For this process to be optimized, we believe that ruthless prioritization is critical at all levels of alert response and triage. Some surveyed respondents admit to ignoring specific categories of alerts, and some turn off the security alerts associated with the security controls that generate much of the alert traffic.

DNS 67

DNS Manufacturing Data breaches Risk 67

Cisco Security

AUGUST 12, 2021

The Cisco threat hunting team investigated the risk in SecureX threat response, which was integrated with 20+ Cisco and partner threat intelligence platforms. SECURITY CATEGORY (PHISHING). Event Details (1 of 2). Look for a blog from Aditya on how he accomplished this with SecureX orchestration. Cisco Technologies.

DNS 141

DNS Firewall Phishing Mobile 141

Privacy and Cybersecurity Law

JULY 26, 2021

Furthermore, they should minimize the risk of distorted or discriminatory effects. The Company infringed Article 37(7) of the GDPR since it failed to properly communicate the contact details of the group-level DPO to the Garante. Receive our latest blog posts by email. Communication of the DPO’s contact details to the Garante.

Retail 52

Retail Surveillance Data collection Technology 52

Security Boulevard

NOVEMBER 9, 2021

Employee cybersecurity training is ranked as one of the top three categories where many companies are increasing security spending. OWASP researches and publishes top ten lists outlining the direst security risks app developers face. Project managers can use these lists to proactively ensure risks are addressed during the SDLC.

Mobile 59

Mobile Software Risk Firewall 59

Cisco Security

JUNE 30, 2021

Secure Network Analytics uses flow telemetry such as NetFlow, jFlow, sFlow, IPFIX, and packet-level data and helps in reducing the risk to an organisation. NIST CSF Categories and Sub-Categories. 2] Secure Network Analytics customers have access to our global threat intelligence feed powered by the Cisco Talos.

Threat Detection 81

Threat Detection Risk Data collection Internet 81

Cisco Security

JULY 5, 2021

NIST CSF Categories and Sub-Categories. 2] Orbital gives detailed information about the H/W and running applications/processes by querying endpoints using WMI. IDENTIFY – Risk Assessment (vulnerabilities identified; threat intelligence received; threats identified; threats, vulnerabilities and impacts to determine risk).

Malware 133

Malware Risk Mobile Technology 133

BH Consulting

AUGUST 10, 2023

So when I refer to ISO standards as frameworks in this blog, my intention is to explain that you don’t need to use it rigidly in this case – you can simply refer to it as a controls framework. It also provides a risk-based approach which ties nicely with GDPR’s risk-based approach.

Cybersecurity 52

Cybersecurity Risk Government Information Security 52

Cisco Security

SEPTEMBER 1, 2023

This blog was written by Annika Mammen, former User Experience Engineer at Cisco There are so many areas to consider when dealing with protecting and detecting threats, unfortunately cognitive overload is one problem that is often overlooked. Risk Score Incidents are ranked based on a color-coded risk score.

Engineering 108

Engineering Risk Marketing Accountability 108

SecureList

JUNE 15, 2022

Some posts also refer to the level of complexity as a reason for high prices, i.e., how much time and effort the seller spent to gain access. Access level: Admin. Access level: Admin. Access level: Admin. Offers grouped by price category ( download ). Access type: VPN-RDP. Price: 300$. Country: USA. Revenue: 3kk+$.

VPN 89

VPN Accountability Ransomware Encryption 89

Duo's Security Blog

JULY 1, 2021

Part of our Administrator's Guide to Passwordless blog series See the video at the blog post. To reduce the risk of a burglar who can teleport, we can (a) make our keys harder to forge and our locks harder to pick, or (b) stop the burglar from being able to teleport. Why a teleporting burglar? They’re basically magic.

Passwords 92

Passwords Surveillance Authentication Risk 92

Google Security

SEPTEMBER 22, 2020

This blog post outlines recent improvements around how users interact with the lockscreen on Android devices and more generally with authentication. The model itself is fairly simple, classifying authentication modalities into three buckets of decreasing levels of security and commensurately increasing constraints.

Authentication 75

Authentication Passwords Architecture Backups 75

McAfee

APRIL 20, 2020

In this blog we set out to see how choosing the correct security controls framework can go a long way in establishing a secure foundation, which then allows Enterprise security designers/decision makers to make more informed solution choices while selecting the controls and vendor architectures.

Architecture 54

Architecture Risk Data breaches Cyber threats 54

BH Consulting

MAY 25, 2022

This blog is here to guide you through topical trends to note as we enter GDPR’s fifth year. This provides for a risk-based approach in assessing AI systems and technologies. At a high level, it looks to make data sharing and use/reuse easier for all by setting standards at an EU-wide level. Data Act (expected mid 2024).

Artificial Intelligence 97

Artificial Intelligence Marketing Government Technology 97

Cisco Security

FEBRUARY 4, 2022

My good friend and fellow Advisory CISO Helen Patton has done a great summary of the memo in a previous blog. Keep in mind that not all agencies are starting at the same point in terms of security posture or risk exposure. is device access dependent on device posture at first access as well as changing risk?).

Architecture 84

Architecture Authentication CISO Government 84

McAfee

APRIL 7, 2020

For example, an exploit which creates Level 2 (Control) access of the Purdue Model is a prime target for cyberwarfare on critical infrastructure. Most ICS/IoT challenges can be boiled down to three primary categories: Asset Discovery and Tracking, Threat Detection, and Risk Management. Risk Management.

IoT 57

IoT Government Artificial Intelligence Architecture 57

NopSec

JULY 26, 2022

In the last blog entry, we discussed the need to approach patching intelligently, recognizing its inherent complexities that might not be apparent at first. Within this broad category are other terms you’re likely to come across, such as “vulnerability assessment,” “vulnerability management,” and “vulnerability prioritization technology.”

Cybersecurity 40

Cybersecurity Penetration Testing Software Internet 40

Cisco Security

MAY 27, 2022

In part one of our Black Hat Asia 2022 NOC blog , we discussed building the network with Meraki: . Looking at a snapshot from a single day of the show, Umbrella captured 572,282 DNS requests from all cloud apps, with over 42,000 posing either high or very high risk. We also include risk downs breaks by category….

Malware 76

Malware Accountability DNS Technology 76

SecureList

MAY 12, 2021

Idea #2: Targeted ransomware is targeted. While they do not represent a rift in what companies need to be able to defend against, their very existence creates an additional risk for victims. Babuk is the first new RaaS threat discovered in 2021, demonstrating a high level of activity. The other is the Babuk locker.

Ransomware 123

Ransomware Encryption Malware Cybercrime 123

McAfee

SEPTEMBER 19, 2019

Whether malicious or accidental, security incidents involving insiders can put large amounts of highly sensitive data at risk, even when IT security teams may consider data “secure” within sanctioned cloud applications. Insider attacks detected in previous years highlight the variation in the categories of perpetrators and their approaches.

Threat Detection 40

Threat Detection Accountability Risk Data breaches 40

Thales Cloud Protection & Licensing

NOVEMBER 7, 2017

In order to talk about any specialized field of knowledge, you need a common language with agreed upon terms, definitions and some level of accepted industry standards. There are really four categories of threats introduced into organizations with IoT use. Cybersecurity is no different. Used as a bot/remote control.

IoT 97

IoT Cybersecurity Digital transformation Manufacturing 97

Fox IT

MAY 4, 2021

But if you would like to understand the rather tortured history of this particular malware a little better, the research and blog posts on the subject by Check Point are a good starting point. Financial VNC SOCKS UK 1 No‡ Yes Yes Yes UK 2 Yes No No No Italy No‡ Yes Yes Yes Australia/NZ 1 Yes Yes No‡ No Australia/NZ 2 Yes Yes No‡ No RM3.at

Banking 98

Banking Malware Encryption Architecture 98