Security Affairs

JUNE 12, 2022

“By use of our responsible disclosure procedures independent penetration testing of HID Mercury , access panels sold by LenelS2 were reported to contain cybersecurity vulnerabilities.” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. ” reads the advisory.

Firmware 88

Firmware Penetration Testing Manufacturing Authentication 88

Security Affairs

JUNE 17, 2022

. “By design, when you reduce the document library version limit, any further changes to the files in the document library will result in older versions becoming very hard to restore (see responsible disclosure and discussion). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Encryption 89

Encryption Backups Ransomware Accountability 89

Centraleyes

APRIL 23, 2024

This section seeks to objectively explore specific categories of digital risks, unraveling strategic approaches to mitigate them effectively. Data Privacy Risks Data privacy risks involve the unauthorized access, use, or disclosure of sensitive personal information. Examples include malware, phishing attacks, and insider threats.

Risk 52

Risk Technology Artificial Intelligence Data privacy 52

Jane Frankland

OCTOBER 31, 2023

In this blog, I’ll be exploring some of the main cracks in current cybersecurity defence approaches specifically around Secure Operation Centres (SOCs) and the value that CISOs and ITDMs are currently getting from their internal teams and third-party providers. What is needed to remain protected from cyber threats in 2024.

CISO 147

CISO Threat Detection Cyber threats Cybercrime 147

BH Consulting

MARCH 8, 2024

Valerie Lyons BH Consulting’s Chief Operations Officer and a Senior Cybersecurity and Data Protection Consultant, Dr. Valerie Lyons is a published author of ‘The Privacy Leader Compass’, which in just a few short weeks at the end of 2023, became the year’s bestselling title in its category.

Cybersecurity 107

Cybersecurity Social Engineering Healthcare Data privacy 107

SecureWorld News

MARCH 21, 2023

According to some reports , they wanted $4 million for non-disclosure, but the department agreed to pay no more than $100,000. Information that falls under the "free" category can be given away as a lure for interested parties to join the hub. Preparedness for possible disclosure of sensitive data will help minimize the damage.

Ransomware 79

Ransomware Encryption Adware Data breaches 79

Centraleyes

JANUARY 21, 2024

Entities within these categories must adopt a comprehensive set of 10 measures to fortify network and information systems and the physical environment surrounding these systems. Essential entities ” span sectors such as energy, healthcare, transport, and water.

Cybersecurity 110

Cybersecurity Energy and Utilities Cyber threats Risk 110

Centraleyes

JANUARY 24, 2024

Accountability presupposes transparency, with meaningful disclosure of AI system information based on the AI lifecycle stage and tailored to user roles. Bias categories—systemic, computational and statistical, and human-cognitive—highlight the multifaceted nature of bias.

Risk 52

Risk Artificial Intelligence Government Accountability 52

Thales Cloud Protection & Licensing

AUGUST 15, 2019

Last August, my colleague Ashvin Kamaraju wrote a blog shortly after this took place. This informing process should include the categories of PI collected, how that PI is used, and the categories of PI the business has shared or sold to third parties (and who these parties are) in the last year.

Digital transformation 92

Digital transformation Data collection Data privacy CISO 92

Centraleyes

NOVEMBER 16, 2023

The five SOC 2 categories of TSPs include: Security : Ensuring your systems are protected against unauthorized access, both physically and logically. Confidentiality: Protecting sensitive information from unauthorized disclosure. Which Controls or Features are Necessary? Who Developed SOC 2 and Why?

Risk 52

Risk Data collection Backups Accountability 52

Digital Shadows

JANUARY 18, 2023

The lines of threat-actor categories have become increasingly blurred, as when Russian hacktivists used ransomware against Ukrainian organizations. This blog focuses on ransomware activity in Q4 2022, based on primary and secondary source reporting. One major development was the use of ransomware in hacktivism’s resurgence during 2022.

Ransomware 40

Ransomware Accountability Healthcare Data breaches 40

Security Boulevard

AUGUST 4, 2021

Founded in August 2020, OpenSSF is a Linux Foundation-funded project focused on establishing metrics, tooling, best practices, developer identity validation, and vulnerability disclosures to improve open source software security. The criteria are grouped into six categories: Basics. What are Secure Scorecards for open source projects?

Software 82

Software Risk Government Technology 82

Security Affairs

JUNE 1, 2022

Below is the timeline for this flaw that has yet to be addressed: Date Action 2022-02-02 We report the issue to the vendor and inform about our 90 disclosure policy 2022-02-17 We ask for a status update. 2022-05-03 We inform the vendor that the 90-day disclosure deadline has passed. Follow me on Twitter: @securityaffairs and Facebook.

Authentication 100

Authentication Passwords Hacking Cybersecurity 100

Centraleyes

APRIL 15, 2024

Sensitive data categories under MODPA include racial or ethnic origin, religious beliefs, health data, genetic or biometric data, data related to minors, and precise geolocation data. The disclosure requirements state that notification is required unless the business determines that the breach is not likely to exploit personal information.

Data privacy 52

Data privacy Identity Theft Data breaches Data collection 52

Security Affairs

MARCH 6, 2024

The new program is made up of three categories of services for the affiliates: paid, free, and another for the individuals without a program who only want to sell or publish data on their blog (PYV service).” ” Stmx_GhostLocker member affiliate working model. Stmx_GhostLocker non-member affiliate working model.

Ransomware 116

Ransomware Encryption Cybercrime Hacking 116

NopSec

MARCH 29, 2023

With this blog post, I would like to shed light on the components of cryptocurrency infrastructure and how to threat model these various elements. Information Disclosure of a compromised private key could allow decryption of messages intended for the owner of a blockchain account.

Cryptocurrency 52

Cryptocurrency Accountability Malware Architecture 52

Cisco Security

SEPTEMBER 1, 2023

This blog was written by Annika Mammen, former User Experience Engineer at Cisco There are so many areas to consider when dealing with protecting and detecting threats, unfortunately cognitive overload is one problem that is often overlooked. A good example of this in everyday life is the average ATM. Now, let us look at how we achieve that.

Engineering 102

Engineering Risk Marketing Accountability 102

Cisco Security

AUGUST 28, 2023

Other examples of clear text disclosure were observed via basic authentication which simply used base64 to encode the credentials transmitted over clear text. You can find the code and guide at this GitHub repository and the guide in this blog post. Take away those two high volume categories, and the numbers track much better.

Wireless 60

Wireless DNS Mobile Technology 60

Troy Hunt

JUNE 10, 2019

Search for your account across multiple breaches [link] — Have I Been Pwned (@haveibeenpwned) December 4, 2013 I’ll save the history lesson for the years between then and today because there are presently 106 blog posts with the HIBP tag you can go and read if you’re interested, let me just talk briefly about where the service is at today.

Data breaches 279

Data breaches Passwords InfoSec Accountability 279

SecureList

JULY 28, 2022

In March, Proofpoint published a blog post about a new spear-phishing campaign related to the war in Ukraine, tentatively attributed to the Russian-speaking actor UNC1151 (aka TA445 and Ghostwriter). As part of this process, the actor abused a legitimate blog service to host a malicious script with an encoded format.

Malware 130

Malware Firmware Phishing Cryptocurrency 130