Blog and Risk - Cyber Security Informer

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

The Last Watchdog

FEBRUARY 25, 2025

Related: Weaponizing Microsoft’s co-pilot Until now, lackluster enterprise search capabilities kept many security risks in checkemployees simply couldnt find much of the data they were authorized to access. Over-provisioned access The risks of excessive access are nothing new.

Risk

Risk CISO Engineering

On Risk-Based Authentication

Schneier on Security

OCTOBER 5, 2020

A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. I’ve blogged about risk-based authentication before. Paper’s website.

Authentication

Authentication Risk Passwords

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale

Penetration Testing

MAY 15, 2025

JPCERT/CC has issued a vulnerability note disclosing multiple security flaws in a-blog cms, a popular content management system The post High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale appeared first on Daily CyberSecurity.

Risk

Risk Cybersecurity

On Generative AI Security

Schneier on Security

FEBRUARY 5, 2025

” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful: Understand what the system can do and where it is applied. Automation can help cover more of the risk landscape. LLMs amplify existing security risks and introduce new ones.

Risk

AI Risks

Schneier on Security

OCTOBER 9, 2023

Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them. Some are concerned about far-future risks that sound like science fiction. AI could destroy humanity or pose a risk on par with nukes.

Risk

Risk Artificial Intelligence Technology Surveillance

AI Security Risk Assessment Tool

Schneier on Security

MAY 11, 2021

” Details on their blog. Microsoft researchers just released an open-source automation tool for security testing AI systems: “ Counterfit.”

Risk

Risk Artificial Intelligence

Security Risks of AI

Schneier on Security

APRIL 27, 2023

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Many AI products are deployed without institutions fully understanding the security risks they pose.

Risk

Risk Government Cybersecurity Engineering

Security Risks of Client-Side Scanning

Schneier on Security

OCTOBER 15, 2021

I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s Ross Anderson wrote a great blog post on the paper. (It’s It’s not a cryptographic backdoor, but it’s still a backdoor — and brings with it all the insecurities of a backdoor.

Risk

Risk Encryption

NCSC Guidance on “Advanced Cryptography”

Schneier on Security

MAY 2, 2025

However, there are a number of factors to consider before deploying a solution based on Advanced Cryptography, including the relative immaturity of the techniques and their implementations, significant computational burdens and slow response times, and the risk of opening up additional cyber attack vectors. NCSC blog entry.

Encryption

Encryption Cyber Attacks Authentication Risk

DORA Compliance: A Practical Guide to Effective Third-Party Risk Management

Responsible Cyber

NOVEMBER 25, 2024

Effective from January 2025, DORA mandates that financial institutions implement robust measures to manage Information and Communication Technology (ICT) risks, with a significant emphasis on Third-Party Risk Management (TPRM). Contracts must clearly outline service expectations, security requirements, and compliance obligations.

Risk

Risk Cyber threats Technology Software

The Hidden Cyber Risks in Your Executive Team’s Digital Footprint

Security Boulevard

MAY 26, 2025

Executive Teams Digital Footprint Exposure Is Real Executives, board members, and other high-profile users carry more than just influence they carry risk. With access to strategic assets, critical systems, and high-trust communications, these individuals are prime targets for threat actors.

Cyber Risk

Cyber Risk Risk

LLM04: Data & Model Poisoning – FireTail Blog

Security Boulevard

JUNE 6, 2025

Jun 06, 2025 - Lina Romero - LLM04: Data & Model Poisoning Excerpt: In this blog series, we’re breaking down the OWASP Top 10 risks for LLMs and explaining how each one manifests and can be mitigated. Today’s risk is #4 on the list: Data and Model Poisoning.

Risk

Opportunities and risks of AI coding assistants

BH Consulting

DECEMBER 6, 2024

This blog will explore the advantages and risks these AI tools bring, along with actionable steps to integrate them responsibly into business practices. Key security and privacy risks Despite these benefits, there are inherent risks in relying on AI coding assistants. Establish an AI usage policy.

Risk

Risk Data privacy Information Security Software

Third-Party Risk Management: Gartner’s Best Practices for CCEOs

Responsible Cyber

NOVEMBER 23, 2024

However, with every partnership comes potential risk. As networks expand to include third, fourth, and even fifth parties, the complexities of managing these risks multiply. For CCEOs and senior leaders, effective third-party risk management (TPRM) is not just a necessity—it’s a strategic imperative.

Risk

Risk Government Education Technology

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

The top reason, chosen from a proved list of ten, was ‘increased cyber security risks’, followed by the related concern, ‘new and/or increased data privacy regulations’. Context of risk. The Ukraine-Russia war is a grim example of geopolitical risk intersecting with cyber security risk. Cyber in a silo?

Cyber Risk

Cyber Risk Risk Marketing Data privacy

The C-Suite Power Shift: Why CIOs, CTOs, and CISOs Must Realign to Survive

Jane Frankland

JUNE 8, 2025

However, the lines are blurring and if these executive roles don’t realign—clearly and deliberately—the result will be friction, inefficiency, and exposure to security and reputational risks that no organisation can afford. That’s what this blog is all about. Risks slip through the cracks. Projects stall.

CISO

CISO Technology Government Accountability

Sharing Information with AI and Understanding the Risks

ZoneAlarm

JANUARY 30, 2025

But as AI grows, so do the risks of sharing information with it. A new AI system called DeepSeek, developed in China, has raised fresh concerns about how information is … The post Sharing Information with AI and Understanding the Risks appeared first on ZoneAlarm Security Blog.

Risk

Risk Artificial Intelligence Data privacy

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software

Software Risk Artificial Intelligence Cyber Attacks

Apple AirPlay SDK devices at risk of takeover—make sure you update

Malwarebytes

MAY 1, 2025

Researchers found a set of vulnerabilities in Apples AirPlay SDK that put billions of users at risk of their devices being taking over. On top of that, these vulnerabilities may allow unauthorized access to sensitive data and local files, making them a serious risk that demands immediate attention.

Risk

Risk Wireless Software Mobile

The Dangers of AI Acceleration: Why a Deregulatory Stance Threatens Humanity

Jane Frankland

MAY 30, 2025

Everyone’s talking about AI aren’t they, and when I gave a keynote on Artificial Intelligence and cybersecurity recently, I relayed how the rise of AI has brought us to a pivotal moment in historya moment brimming with both extraordinary opportunity and unparalleled risk. Thats what this blog is all about. Yet the U.S.A,

Artificial Intelligence

Artificial Intelligence Risk Government Technology

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Security Boulevard

MARCH 31, 2025

This blog will explore why these vulnerabilities are so difficult to detect, the limitations of current security tools, and the implications for businesses relying on API-driven applications. The post Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk appeared first on Wallarm.

Risk

Risk Authentication

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail

Retail Cyber Risk Risk DDOS

Conquering complexity and risk with data security posture insights

Thales Cloud Protection & Licensing

JUNE 3, 2025

What is Data Security Risk? Risks are introduced to the databases, file servers, data lakes, cloud repositories, and storage devices through all the access paths to and from these systems. Why does complexity factor into data security risk? Many factors drive organizations growth and at the same time security complexity.

Risk

Risk Technology Government Cyber Risk

Closing the Loop: Continuous API Security Testing – FireTail Blog

Security Boulevard

MAY 15, 2025

API testing can fall into lots of different categories, even if only focusing on security testing of APIs: Each of these categories of tests will check for a different set of security risks. The post Closing the Loop: Continuous API Security Testing – FireTail Blog appeared first on Security Boulevard.

Internet

Internet Internet Data breaches Authentication

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

NOVEMBER 14, 2024

It focuses on distilling data related to shares configured with excessive privileges to better understand their relationships and risk. For those interested in the previous PowerHuntShares release, here is the blog and presentation. Risk Scoring “Be honest, how bad is it?” Let the pseudo-TLDR/release notes begin!

Passwords

Passwords Risk Data collection Backups

Taxonomy of Generative AI Misuse

Schneier on Security

AUGUST 12, 2024

Interesting paper: “ Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data “: Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. image, text, audio, video) in the wild.

Artificial Intelligence

Artificial Intelligence Risk

Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights

Heimadal Security

JANUARY 16, 2025

With its stringent requirements for managing cyber risks, securing supply chains, and reporting incidents, its essential for organizations to ensure compliance.

Cyber Risk

Cyber Risk Risk Cybersecurity

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Security Boulevard

MARCH 21, 2025

Check out key findings and insights from the Tenable Cloud AI Risk Report 2025. 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments? 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments?

Risk

Risk IoT Cybersecurity Manufacturing

Adidas customers’ personal information at risk after data breach

Graham Cluley

MAY 27, 2025

Read more in my article on the Hot for Security blog. Lovers of Adidas clothes would be wise to be on their guard against phishing attacks, after the German sportswear giant revealed that a cyber attack had exposed the personal information of customers.

Data breaches

Data breaches Risk Cyber Attacks Phishing

AI avalanche: Taming software risk with True Scale Application Security

Security Boulevard

APRIL 28, 2025

The post AI avalanche: Taming software risk with True Scale Application Security appeared first on Blog. The post AI avalanche: Taming software risk with True Scale Application Security appeared first on Security Boulevard.

Software

Software Risk Network Security

ISACA impressions: AI, risk and resilience feature at the 2025 conference

BH Consulting

APRIL 16, 2025

Dr. Ng emphasised the balancing act between innovation and risk. Cloud calls for cooperation in a changed risk landscape Has computing really changed with the cloud? Although the core architecture hasnt shifted drastically, he said the risk landscape has.

Risk

Risk Government Ransomware Retail

Introducing User Trust Levels: Calculating Identity Risk to Improve Security Outcomes

Duo's Security Blog

MARCH 25, 2025

This innovative approach helps organizations manage user-related risks more efficiently by assigning trust levels based on a comprehensive evaluation of user behavior and context. The User Trust Level is a dynamic assessment of risk associated with each user in your organization. The algorithm first sets out a framework of risk types.

Risk

Risk Accountability Threat Detection Firewall

Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps

Security Boulevard

NOVEMBER 22, 2024

Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. OWASP — the Open Worldwide Application Security Project — released its first “Top 10 Risks for LLMs” last year. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely.

Cyber Risk

Cyber Risk Risk Artificial Intelligence Cybersecurity

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

From identity theft to greater oversight on risk management, internal IT teams will be taking the brunt of these incoming regulations. Regulatory overload Firms in the financial services industry are staring down the bottom of the regulatory barrel coming into 2024.

Cyber Risk

Cyber Risk Risk Financial Services Cyber threats

What Rebels Teach us About Stronger Cyber Defence

Jane Frankland

APRIL 25, 2025

While this progress is impressive and efficient, it comes with substantial risks. We need cybersecurity leadersCISOs, cyber risk owners, and IT decision makerswho are willing to challenge the norm, think critically, and make ethical decisions to protect our organisations, and world. Thats essentially the position were in today.

Technology

Technology Cyber threats Risk Cybersecurity

GUEST ESSAY: The key role static code analyzers play in detecting coding errors, eliminating flaws

The Last Watchdog

DECEMBER 3, 2024

Such incidents not only harm users but also undermine trust in technology in general, and pose reputational risks to companies. Therefore, regular code checks help protect information in advance and minimize risks. This not only saves developers’ resources but also reduces financial risks for the company.

Software

Software Risk Education Cyber Attacks

AI and the Future of Cybersecurity: Opportunities and Risks

Security Boulevard

APRIL 1, 2025

But as this software garners more attention, we must separate the hype from the Continue reading AI and the Future of Cybersecurity: Opportunities and Risks The post AI and the Future of Cybersecurity: Opportunities and Risks appeared first on Assura, Inc.

Risk

Risk Cybersecurity Software

Human Risk Management: The Next Security Challenge

Security Boulevard

MAY 29, 2025

Nisos Human Risk Management: The Next Security Challenge Human risk isnt new. The post Human Risk Management: The Next Security Challenge appeared first on Nisos by Nisos The post Human Risk Management: The Next Security Challenge appeared first on Security Boulevard.

Risk

MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain

The Last Watchdog

APRIL 16, 2025

The system that underpins vulnerability disclosurethe nervous system of cybersecurity risk managementis showing signs of structural fatigue. The CVE program isnt just a list of numbersits a Rosetta Stone that security teams rely on to identify, prioritize, and communicate risk. Far from it. Cipollones response?

Architecture

Architecture Risk Cybersecurity Internet

Risk Management in Higher Education: Top Challenges and Proven Solutions

Centraleyes

MAY 21, 2025

Leading a university also means managing a very complex set of risks: cyberattacks, financial instability, regulatory shifts, and reputational fallout, just to name a few. These risks threaten an institutions ability to educate, innovate, and serve its community. Top Challenges in Risk Management for Colleges and Universities 1.

Education

Education Risk Cyber Insurance Insurance

Smart Home Data Breach Exposes 2.7 Billion Records

ZoneAlarm

FEBRUARY 23, 2025

This breach has raised serious concerns about the security of internet-connected devices and the potential risks for consumers. Billion Records appeared first on ZoneAlarm Security Blog. Smart home devices, including security cameras, smart locks, and voice assistants, … The post Smart Home Data Breach Exposes 2.7

Data breaches

Data breaches IoT Internet Internet

Why the 2025 PyPI Attack Signals a New Era in Cloud Risk

Security Boulevard

APRIL 16, 2025

The post Why the 2025 PyPI Attack Signals a New Era in Cloud Risk appeared first on Security Boulevard. The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats.

Risk

Risk Cyber Attacks Cybersecurity

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks. “Read the GreyNoise Labs blog for technical analysis and deeper insight into how Sift helped discover these zero-day vulnerabilities.” ” concludes the report.

Firmware

Firmware Manufacturing IoT Healthcare

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

On Risk-Based Authentication

Trending Sources

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale

On Generative AI Security

AI Risks

AI Security Risk Assessment Tool

Security Risks of AI

Security Risks of Client-Side Scanning

NCSC Guidance on “Advanced Cryptography”

DORA Compliance: A Practical Guide to Effective Third-Party Risk Management

The Hidden Cyber Risks in Your Executive Team’s Digital Footprint

LLM04: Data & Model Poisoning – FireTail Blog

Opportunities and risks of AI coding assistants

Third-Party Risk Management: Gartner’s Best Practices for CCEOs

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The C-Suite Power Shift: Why CIOs, CTOs, and CISOs Must Realign to Survive

Sharing Information with AI and Understanding the Risks

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Apple AirPlay SDK devices at risk of takeover—make sure you update

The Dangers of AI Acceleration: Why a Deregulatory Stance Threatens Humanity

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Conquering complexity and risk with data security posture insights

Closing the Loop: Continuous API Security Testing – FireTail Blog

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

Taxonomy of Generative AI Misuse

Your Ultimate Guide to NIS2 Compliance: Key Steps and Insights

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Adidas customers’ personal information at risk after data breach

AI avalanche: Taming software risk with True Scale Application Security

ISACA impressions: AI, risk and resilience feature at the 2025 conference

Introducing User Trust Levels: Calculating Identity Risk to Improve Security Outcomes

Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

What Rebels Teach us About Stronger Cyber Defence

GUEST ESSAY: The key role static code analyzers play in detecting coding errors, eliminating flaws

AI and the Future of Cybersecurity: Opportunities and Risks

Human Risk Management: The Next Security Challenge

MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain

Risk Management in Higher Education: Top Challenges and Proven Solutions

Smart Home Data Breach Exposes 2.7 Billion Records

Why the 2025 PyPI Attack Signals a New Era in Cloud Risk

PTZOptics cameras zero-days actively exploited in the wild

Stay Connected