TrustArc

JUNE 7, 2023

The post Policy Briefing: UX Dark Patterns in Consent and Data Collection appeared first on TrustArc Privacy Blog. Regulators are cracking down on companies that manipulate and deceive users with UX dark patterns online.

Data collection 52

Data collection 52

Schneier on Security

MARCH 12, 2019

Gamification and algorithmic management of work activities through continuous data collection. In a blog post about this report, Cory Doctorow mentioned "the adoption curve for oppressive technology, which goes, 'refugee, immigrant, prisoner, mental patient, children, welfare recipient, blue collar worker, white collar worker.'"

Surveillance 221

Surveillance Data collection Technology Risk 221

Adam Levin

JANUARY 18, 2019

“If this Collection #1 has you spooked, changing your password(s) certainly can’t hurt — unless of course you’re in the habit of re-using passwords. Please don’t do that,” said security expert Brian Krebs on his blog.

Accountability 198

Accountability Passwords Data breaches Data collection 198

Adam Levin

DECEMBER 3, 2018

Hackenproof, the Estonian cybersecurity company that found the data trove online, announced their discovery on their blog. The data was found on Shodan , an IoT-centric search engine that allows users to look up and access “power plants, Smart TVs, [and] refrigerators.”

Identity Theft 194

Identity Theft Data collection Engineering Passwords 194

NetSpi Technical

NOVEMBER 14, 2024

For those interested in the previous PowerHuntShares release, here is the blog and presentation. The Results directory houses csv files containing all the computer, share, file, and permission data collected, including things like excessive privileges and stored secret samples. Let the pseudo-TLDR/release notes begin!

Passwords 145

Passwords Risk Data collection Backups 145

Schneier on Security

DECEMBER 19, 2023

Simon Willison nails it in a tweet: “OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.” His point is that these companies have lost our trust: Trust is really important.

Government 331

Government Banking Risk Internet 331

Heimadal Security

FEBRUARY 16, 2023

The data collected so far reveals that the threat actor or APT behind the fake customs invoicing smishing campaign is attempting to maliciously collect user PII by redirecting them to a cloned website via an SMS-delivered crafted URL.

Data collection 105

Data collection 105

Heimadal Security

NOVEMBER 21, 2022

The Digital Personal Data Protection Bill 2022 is the fourth attempt, since 2018, to secure users’ personal data, seek their consent for the information that will be collected, and also disclose the purpose of that data collection. The proposal […].

Data collection 98

Data collection Government Cybersecurity 98

TrustArc

DECEMBER 4, 2020

Technology brings new demands for compliance, especially given the amount of personal data collected through various means and how it is both used and combined. The post Serious Privacy Podcast – RegTech: Using the Power of Technology for Good (with Shub Nandi) appeared first on TrustArc Privacy Blog.

Technology 93

Technology Data collection 93

Anton on Security

DECEMBER 10, 2021

Hence this blog was born. Data collection failures still plague many SOCs. Now, again, one can also blame this on people and processes (especially, those people in IT who just didn’t give us the data). BTW, if somebody wakes me up at 3:00 a.m. I would name the loss of executive commitment. Yes, DIY SOC tools fail as well.

Technology 242

Technology CISO Data collection Threat Detection 242

Security Boulevard

AUGUST 3, 2023

Summary The BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE): Cypher search, including pre-built queries for AD and Azure Built-in support for offline data collection (i.e., Up next in our release blog series is the one everyone has been waiting for.

Data collection 98

Data collection Engineering Risk 98

Security Boulevard

MAY 2, 2024

Chris Clements, VP of Solutions Architecture at CISO Global “Hey Alexa, are you stealing my company’s data?” In an age where manufacturers have decided that just about every device needs to be “smart,” it’s becoming difficult to avoid the data collection and privacy invasion that are often baked into these devices.

Surveillance 123

Surveillance IoT CISO Data collection 123

Security Affairs

AUGUST 14, 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 145

Threat Reports Phishing Malware Banking 145

The Last Watchdog

MAY 21, 2020

Tracking is only harmless when there is no real data collected and stored; that’s impossible, isn’t it? Advertisers are adding new data nodes in order to gain a more holistic understanding of who you are as an audience and customer. After all, bots will share fingerprints with their real users.

Advertising 290

Advertising Internet Internet Accountability 290

Security Boulevard

JUNE 20, 2023

NIST Privacy Framework - organizations must identify the purposes for collecting and using PII. Federal Trade Commission (FTC) Act, Section 5 - organizations must disclose their data collection practices, including the purposes for which they collect and use PII.

Data collection 52

Data collection IoT Marketing Data privacy 52

The Last Watchdog

JUNE 20, 2022

Data collections released after ransomware attacks. Once vetted and accepted, threat hunters will go into these message boards and communities and search for anything connected to your business, for example: •Corporate login credentials. Databases with critical IP and/or PII. Chatter about the best methods to attack your business.

Ransomware 260

Ransomware Marketing Data collection VPN 260

Security Boulevard

MAY 20, 2021

In this blog, we'll walk through a few different snippet insertion methods and available optimizations. Akamai's real user monitoring (RUM) solution, mPulse, uses a bit of JavaScript code (an mPulse snippet) and the BoomerangJS library to collect performance data from a user's Web browser.

Data collection 80

Data collection 80

Security Affairs

JANUARY 9, 2023

The cybersecurity blog inSicurezzaDigitale has launched the Italian Dashboard Ransomware Monitor to analyze the principal RaaSs’ activities. All data collected by the dashboard can be exported in different formats and can be analyzed using useful graphics. ” explained the development team.

Ransomware 98

Ransomware Data collection Hacking Cybersecurity 98

Troy Hunt

DECEMBER 17, 2017

Before I left DC, I promised the folks there that I'd come back with recommendations on how we can address the root causes of data breaches. I'm going to do that in a five-part, public blog series over the course of this week. They may deny the usefulness of the skill. "god rights"). Oh - and it uses a password of 12345678.

Data breaches 239

Data breaches Education Passwords Penetration Testing 239

The Last Watchdog

JUNE 13, 2022

Many of the startups attempting to tackle this vexing problem are offering the promise of data science and machine learning to automate the process of managing identities, although none of them even have the data collected to prove the accuracy and robustness of their proposed solutions.

Cybersecurity 257

Cybersecurity Artificial Intelligence Software Marketing 257

Anton on Security

NOVEMBER 6, 2023

I also do NOT believe that the decoupled SIEM is a broken SIEM that should not exist. was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

Engineering 245

Engineering Data collection Threat Detection Technology 245

The Last Watchdog

JANUARY 9, 2023

A DPIA requires a thorough review of any personal data collected and stored, including who specifically controls the data and who has access at any given time.

Data privacy 210

Data privacy Small Business Data collection Cyber Risk 210

Security Boulevard

JULY 13, 2023

Our Netography Fusion® platform now enables customers to leverage data collected by your SentinelOne agents to accelerate their investigation, incident response, and policy enforcement within the Fusion platform.

Data collection 97

Data collection 97

The Last Watchdog

OCTOBER 23, 2023

Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories.

Architecture 261

Architecture Threat Detection Engineering Data collection 261

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open-sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 98

Threat Reports Phishing Malware Banking 98

The Last Watchdog

OCTOBER 10, 2022

To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. But until recently, the VR privacy threat has remained entirely theoretical. Berkeley RDI is a preeminent source of open-access metaverse privacy research.

Risk 222

Risk Data privacy Data collection Technology 222

Security Affairs

JULY 22, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 126

Threat Reports Phishing Malware Banking 126

SecureWorld News

OCTOBER 2, 2024

Perhaps you have even found content from your personal blog replicated in Google AI summaries. Our personal photos, private messages, and sensitive data are being used without our knowledge or consent to train AI systems. Request to see the data they have collected and ask them to delete it where possible.

Artificial Intelligence 120

Artificial Intelligence Data collection Data privacy Technology 120

Troy Hunt

NOVEMBER 25, 2020

Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet. Here we had a situation where an attacker could easily control moving parts within a car from a remote location.

IoT 363

IoT Firmware Risk Encryption 363

Adam Shostack

JANUARY 2, 2025

[no description provided] [Update: Steve Bellovin has a blog post ] One of the major pillars of science is the collection of data to disprove arguments. That data gathering can include experiments, observations, and, in engineering, investigations into failures.

InfoSec 130

InfoSec Data collection Engineering Cyber Attacks 130

The Last Watchdog

MAY 20, 2022

As new data protection legislation (such as the GDPR and the CCPA) joins current laws, the regulatory environment becomes increasingly complex (like HIPAA and PCI DSS). An MSSP can assist with data collection and report generation to establish compliance during audits or in the aftermath of a possible incident.

Marketing 247

Marketing Digital transformation Technology Cybersecurity 247

Security Affairs

MAY 2, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports 108

Threat Reports Phishing Malware Data collection 108

Security Affairs

APRIL 15, 2023

The collected data is sent to the C2 server every two days, but the cycle depends on the remote configuration. The level of data collection depends on the permissions granted to the app using the malicious library.

Data collection 98

Data collection Mobile Malware Education 98

Webroot

JUNE 25, 2021

appeared first on Webroot Blog. Whether you’re an IT administrator trying to secure remote workers or just own a smart TV, there’s something in this conversation for you. Be sure to give it a listen. The post Podcast: Can we fix IoT security?

IoT 111

IoT Internet Internet Data collection 111

The Last Watchdog

NOVEMBER 21, 2018

International regulations have also played a significant role in the privacy discussion, specifically following enforcement of the GDPR (General Data Privacy Regulation) in the European Union (EU). Many organizations are asking themselves “am I liable and governed by the legislation in the EU?” If the U.S.

Data privacy 133

Data privacy Data collection Big data Government 133

SC Magazine

APRIL 19, 2021

Researchers on Monday reported that cybercriminals are taking advantage of China’s push to become a leader in big data by extracting legitimate big data sources and selling the stolen data on the Chinese-language dark web. The stolen data ranges from lottery and stock data to commercial databases of Canadian and U.S.

Big data 100

Big data Data collection Mobile Risk 100

Security Boulevard

APRIL 1, 2025

A friendly Eye of Sauron helps everyWizard In this blog I dive a little bit into how Wiz builds and uses its Security Graph, how it uncovers toxic combinations of risk and prioritizes CVEs and other vulnerabilities by exploitability and context. Another example: imagine a database containing sensitive customer data.

Risk 52

Risk Internet Internet Cybersecurity 52