Blog, Data collection and Technology - Cyber Security Informer

SOC Technology Failures?—?Do They Matter?

Anton on Security

DECEMBER 10, 2021

SOC Technology Failures?—?Do img src: [link] Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure. Hence this blog was born. Let’s stick to mostly technology focused failures. SOC should not spend time / resources managing such technologies. Do They Matter?

Technology

Technology CISO Data collection Threat Detection

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us.

Data breaches

Data breaches Passwords B2B Technology

On Surveillance in the Workplace

Schneier on Security

MARCH 12, 2019

Gamification and algorithmic management of work activities through continuous data collection. In a blog post about this report, Cory Doctorow mentioned "the adoption curve for oppressive technology, which goes, 'refugee, immigrant, prisoner, mental patient, children, welfare recipient, blue collar worker, white collar worker.'"

Surveillance

Surveillance Data collection Technology Risk

Serious Privacy Podcast – RegTech: Using the Power of Technology for Good (with Shub Nandi)

TrustArc

DECEMBER 4, 2020

Technology brings new demands for compliance, especially given the amount of personal data collected through various means and how it is both used and combined. However, technology can also be used to assist compliance professionals by providing the necessary information quickly.

Technology

Technology Data collection

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

MAY 18, 2022

for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. ” But several days after a Jan.

Government

Government Accountability Surveillance Data collection

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

DECEMBER 3, 2018

Hackenproof, the Estonian cybersecurity company that found the data trove online, announced their discovery on their blog. The data was found on Shodan , an IoT-centric search engine that allows users to look up and access “power plants, Smart TVs, [and] refrigerators.” 32 million SkyBrasil customers. 1133 NFL players.

Identity Theft

Identity Theft Data collection Engineering IoT

Cyber Playbook: Information Technology vs Operational Technology – How to Leverage IT to Secure Your OT Systems

Herjavec Group

JANUARY 31, 2022

Information Technology (IT) primarily refers to hardware, software, and communications technologies like networking equipment and modems that are used to store, recover, transmit, manipulate, and protect data. . Operational technology has seen innovations that allowed it to become safer, more efficient, and more reliable.

Technology

Technology Cybersecurity InfoSec Software

Emerging security challenges for Europe’s emerging technologies

Thales Cloud Protection & Licensing

SEPTEMBER 5, 2019

With many of these transformations, it is not just the premise of keeping up that drives the huge levels of investment we see organisations making – but also the promise of what’s possible, if the right technologies and approaches can be harnessed to disrupt or differentiate in the face of fierce competition. Containers.

Technology

Technology Digital transformation IoT Big data

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

Simon Willison nails it in a tweet: “OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.” His point is that these companies have lost our trust: Trust is really important.

Government

Government Banking Risk Internet

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

The Last Watchdog

MAY 20, 2022

Managed security services (MSS) refer to a service model that enable the monitoring and managing of security technologies, systems, or even software-as-a-service (SaaS) products. An MSSP can assist with data collection and report generation to establish compliance during audits or in the aftermath of a possible incident.

Marketing

Marketing Digital transformation Technology IoT

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

The Last Watchdog

JUNE 13, 2022

Many of the startups attempting to tackle this vexing problem are offering the promise of data science and machine learning to automate the process of managing identities, although none of them even have the data collected to prove the accuracy and robustness of their proposed solutions.

Cybersecurity

Cybersecurity Artificial Intelligence Software Marketing

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

It’s often difficult for small businesses to invest significantly in data privacy compliance or security measures because they don’t have large budgets. In fact, many SMBs have to choose between investing in new technology and making payroll.

Data privacy

Data privacy Small Business Data collection Cyber Risk

Decoupled SIEM: Brilliant or Stupid?

Anton on Security

NOVEMBER 6, 2023

In my mind, “Decoupled SIEM” is a way to deliver Security Information and Event Management (SIEM) technology where the data management (a) and threat analysis (b) are provided by different vendors. So, the topic is so-called “decoupled SIEM” (I probably made up the term, but …hey… at least this is not an acronym like EDR so YMMV).

Engineering

Engineering Data collection Threat Detection Technology

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

OCTOBER 10, 2022

As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. Related: The case for regulating facial recognition.

Risk

Risk Data privacy Data collection Technology

SOC Technology Failures?—?Do They Matter?

Security Boulevard

DECEMBER 10, 2021

SOC Technology Failures?—?Do Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure. Hence this blog was born. Let’s stick to mostly technology focused failures. SOC should not spend time / resources managing such technologies. Do They Matter? img src: [link].

Technology

Technology CISO Data collection Threat Detection

GUEST ESSAY: Cisco-Splunk merger will boost Snowflake – here’s how security teams can benefit.

The Last Watchdog

OCTOBER 23, 2023

Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories. With this shift, you can take advantage of modern innovations in storage architectures while simultaneously gaining access to specialized detection and response innovations.

Architecture

Architecture Threat Detection Engineering Data collection

Fixing Data Breaches Part 1: Education

Troy Hunt

DECEMBER 17, 2017

Before I left DC, I promised the folks there that I'd come back with recommendations on how we can address the root causes of data breaches. I'm going to do that in a five-part, public blog series over the course of this week. People Don't Know What They Don't Know. They may deny the usefulness of the skill. "god rights").

Data breaches

Data breaches Education Penetration Testing Passwords

The Dark Side of AI: Data Harvesting Explained (Is this the Future?)

SecureWorld News

OCTOBER 2, 2024

Perhaps you have even found content from your personal blog replicated in Google AI summaries. Our personal photos, private messages, and sensitive data are being used without our knowledge or consent to train AI systems. Request to see the data they have collected and ask them to delete it where possible.

Artificial Intelligence

Artificial Intelligence Data collection Data privacy Technology

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Last Watchdog

NOVEMBER 21, 2018

International regulations have also played a significant role in the privacy discussion, specifically following enforcement of the GDPR (General Data Privacy Regulation) in the European Union (EU). At the forefront of privacy-law related issues are very visible and widely used big technology companies. If the U.S.

Data privacy

Data privacy Data collection Big data Government

Making authentication faster than ever: passkeys vs. passwords

Google Security

MAY 5, 2023

The technology behind the former (“same device passkey”) is not new: it was originally developed within the FIDO Alliance and first implemented by Google in August 2019 in select flows. This technology behind passkeys allows users to log in to their account using any form of device-based user verification, such as biometrics or a PIN code.

Authentication

Authentication Passwords Technology Password Management

Learning from Near Misses

Adam Shostack

JANUARY 2, 2025

[no description provided] [Update: Steve Bellovin has a blog post ] One of the major pillars of science is the collection of data to disprove arguments. That data gathering can include experiments, observations, and, in engineering, investigations into failures.

InfoSec

InfoSec Data collection Engineering Cyber Attacks

Threat Report Portugal: Q2 2021

Security Affairs

JULY 22, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Threat Report Portugal: Q4 2020

Security Affairs

JANUARY 26, 2021

The Threat Report Portugal: Q4 2020 compiles data collected on the malicious campaigns that occurred from October to December, Q4, of 2020. Next, was Retail and Technology, as the most sectors affected in this season. The submissions were classified as either phishing or malware. Pierluigi Paganini.

Threat Reports

Threat Reports Phishing Malware Banking

Threat Report Portugal: Q1 2021

Security Affairs

MAY 2, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Data collection

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” Related video: Using the NIST framework as a starting point.

Financial Services

Financial Services Data collection Manufacturing Cyber Attacks

Google Chronicle announced Backstory to protect businesses

Security Affairs

MARCH 5, 2019

Organizations will store their petabytes of “internal security telemetry” on Google cloud platform and use Google machine learning and data analytics technologies to analyze it and scan for malicious activities. Companies could use this data to quickly detect malicious activities. Your data remains private?—?it

DNS

DNS Cyber threats Advertising Data collection

A chink in the armor of China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

As a result, Nickel achieved long-term access to several targets, allowing the group to conduct activities such as regularly scheduled exfiltration of data. Microsoft Threat Intelligence Center (MSTIC) observed Nickel perform frequent and scheduled data collection and exfiltration from victim networks. International cooperation.

Hacking

Hacking Malware Surveillance Data collection

How boards can manage digital governance in the age of AI

BH Consulting

MARCH 26, 2025

If there is one statistic that sums up the increasing pace of technological change, it might well be this. Gartner forecasts that by 2026, more than 80 per cent of businesses will implement Generative AI in their production environments. To put this into context, GenAI use in business was just 5 per cent in 2023, the research company said.

Government

Government Artificial Intelligence Risk Digital transformation

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

OCTOBER 13, 2021

Check out the examples below from Forrester’s blog. First-party” data is different from zero-party data. First-party data is based on inference collected from either implicit or explicit events that are collected internally. Data collection red flags. All of this leads us to “third-party” data.

eCommerce

eCommerce Data collection Consumer Protection Advertising

Malicious ads for restricted messaging applications target Chinese users

Malwarebytes

JANUARY 25, 2024

While we don’t know the threat actor’s true intentions, data collection and spying may be one of their motives. In this blog post, we share more information about the malicious ads and payloads we have been able to collect. Malicious ads Visitors to google.cn are redirected to google.com.hk

Malware

Malware Advertising Accountability Encryption

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

Privacy and Cybersecurity Law

JUNE 29, 2020

Risk # 3: Excessive collection of personal data. The breadth of personal data collection in digital solutions in smart city projects makes it difficult to contain it to what is necessary for specific purposes. Risk # 5: Data Monetization. Receive our latest blog posts by email. Share on Facebook.

Surveillance

Surveillance Data collection Data breaches Risk

Threat Report Portugal: Q3 2021

Security Affairs

NOVEMBER 14, 2021

The Threat Report Portugal: Q3 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q3, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Cisco Security

JULY 5, 2021

7] Cisco Secure Endpoint employs a robust set of preventative technologies to stop malware, in real-time, protecting endpoints against today’s most common attacks. It prevents command and control call-backs for data exfiltration and stops execution of ransomware encryption. 4 and DE.AE-5] Resources: Cisco Secure Endpoint User Guide.

Malware

Malware Risk Mobile Technology

Wiz’s Security GraphDB vs. DeepTempo’s LogLM

Security Boulevard

APRIL 1, 2025

A friendly Eye of Sauron helps everyWizard In this blog I dive a little bit into how Wiz builds and uses its Security Graph, how it uncovers toxic combinations of risk and prioritizes CVEs and other vulnerabilities by exploitability and context. Another example: imagine a database containing sensitive customer data.

Risk

Risk Internet Internet Cybersecurity

Tom Cruise,?TikTok?and Fraud: How to combat?DeepFakes

CyberSecurity Insiders

APRIL 30, 2021

Wh at’s more , the creator of the videos said in an interview recently that he created them in order to ‘ raise awareness to the continued evolution of the technology that can create incredibly realistic fake videos of people’. . They are made to look and sound authentic by u sing deep learning technology and AI algorithms. .

Technology

Technology Authentication Media Accountability

Microsoft disrupts China-based hacking group Nickel

Malwarebytes

DECEMBER 7, 2021

As a result, Nickel achieved long-term access to several targets, allowing the group to conduct activities such as regularly scheduled exfiltration of data. Microsoft Threat Intelligence Center (MSTIC) observed Nickel perform frequent and scheduled data collection and exfiltration from victim networks. International cooperation.

Hacking

Hacking Malware Surveillance Data collection

ICFR Best Practices: How to Design and Maintain Strong Financial Controls

Centraleyes

APRIL 17, 2025

Accurate Data Collection: Use reliable systems to collect financial data. Integrated Systems: Modern ICFR accounting software can help ensure all data is up-to-date and accessible. Flexibility: Ensure your controls can adapt to changes in your business, such as growth, new technologies, or evolving regulations.

Risk

Risk Technology Accountability Cybersecurity

McAfee Enterprise Continues to be a Leader in CASB and Cloud Security

McAfee

NOVEMBER 22, 2021

Cloud Security Gateways (CSGs) are one of the hottest and most sought-after technologies in the market today, driven by the adoption of cloud services for business transformation and the acceptance of hybrid workforce policies. The post McAfee Enterprise Continues to be a Leader in CASB and Cloud Security appeared first on McAfee Blogs.

Digital transformation

Digital transformation Data collection Technology Mobile

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

They all must have unique identifiers and the ability to collect and transfer data over networks to enable monitoring, surveillance, and execution of decisions based on the collected data with little or no human intervention. But making the IoT work requires trust in the devices and the data they collect.

IoT

IoT Data collection Encryption eCommerce

Preparing for IT/OT convergence: Best practices

CyberSecurity Insiders

SEPTEMBER 21, 2021

This blog was written by a colleague from Tenable. Modern-day industrial and critical infrastructure organizations rely heavily on the operational technology (OT) environment to produce their goods and services. Meanwhile, OT staff are used to working with legacy technologies, many of which pre-date the internet era. Conclusion.

Energy and Utilities

Energy and Utilities Manufacturing Threat Detection Technology

The state of generative AI in 2024

Webroot

OCTOBER 3, 2024

Generative AI has taken the world by storm, transforming how individuals and businesses interact with and trust this new technology. Steps to safeguard your privacy The survey reveals that consumers are increasingly aware of the need to protect their personal data when using generative AI.

Education

Education Passwords Password Management Authentication

6 Business functions that will benefit from cybersecurity automation

CyberSecurity Insiders

OCTOBER 28, 2021

This blog was written by an independent guest blogger. Many security professionals spend hours each day manually administering tools to protect enterprise data. For many organizations, spending so much time collecting data is not conducive to innovation and growth. Data privacy. Conclusion.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Digital technology and connected IoT devices have proliferated across industries and into our daily lives. Thales IoT security solutions can help you defend against attacks and data loss, reduce operational costs, and protect revenue and reputation. Critical Success Factors to Widespread Deployment of IoT. Tue, 02/16/2021 - 16:33.

IoT

IoT Manufacturing Energy and Utilities Data collection

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

The Last Watchdog

JULY 30, 2018

The painful impact of cyber attacks on businesses is worsening despite advances in technology aimed at protecting enterprises from malicious network traffic, insider threats, malware, denial of service attacks and phishing campaigns. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.

CISO

CISO Cyber Attacks Data collection Cybersecurity

SOC Technology Failures?—?Do They Matter?

Inside the DemandScience by Pure Incubation Data Breach

Trending Sources

On Surveillance in the Workplace

Serious Privacy Podcast – RegTech: Using the Power of Technology for Good (with Shub Nandi)

Senators Urge FTC to Probe ID.me Over Selfie Data

114 Million US Citizens and Companies Found Unprotected Online

Cyber Playbook: Information Technology vs Operational Technology – How to Leverage IT to Secure Your OT Systems

Emerging security challenges for Europe’s emerging technologies

OpenAI Is Not Training on Your Dropbox Documents—Today

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

SHARED INTEL: VCs pumped $21.8 billion into cybersecurity in 2021 — why there’s more to come

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

Decoupled SIEM: Brilliant or Stupid?

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

SOC Technology Failures?—?Do They Matter?

GUEST ESSAY: Cisco-Splunk merger will boost Snowflake – here’s how security teams can benefit.

Fixing Data Breaches Part 1: Education

The Dark Side of AI: Data Harvesting Explained (Is this the Future?)

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

Making authentication faster than ever: passkeys vs. passwords

Learning from Near Misses

Threat Report Portugal: Q2 2021

Threat Report Portugal: Q4 2020

Threat Report Portugal: Q1 2021

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

Google Chronicle announced Backstory to protect businesses

A chink in the armor of China-based hacking group Nickel

How boards can manage digital governance in the age of AI

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

Malicious ads for restricted messaging applications target Chinese users

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

Threat Report Portugal: Q3 2021

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Wiz’s Security GraphDB vs. DeepTempo’s LogLM

Tom Cruise,?TikTok?and Fraud: How to combat?DeepFakes

Microsoft disrupts China-based hacking group Nickel

ICFR Best Practices: How to Design and Maintain Strong Financial Controls

McAfee Enterprise Continues to be a Leader in CASB and Cloud Security

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Preparing for IT/OT convergence: Best practices

The state of generative AI in 2024

6 Business functions that will benefit from cybersecurity automation

Critical Success Factors to Widespread Deployment of IoT

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

Stay Connected