Book and Risk - Cyber Security Informer

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

Malwarebytes

JUNE 2, 2025

According to Malwarebytes research , 40% of people book travel through a general online search, creating a lot of opportunities for scammers. Even if you think youre looking at an actual booking website, this is not the kind of instructions youre expected to follow. com (booking.)badgustrewivers.com[.]com com (booking.)property-paids[.]com

Risk

Risk Identity Theft Scams Malware

LLM Summary of My Book Beyond Fear

Schneier on Security

SEPTEMBER 15, 2023

Claude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear. Then lay out the most salient criticisms of the book. Key Arguments: Analyze risks empirically using evidence, statistics, and probability rather than intuition. It’s interesting.

Data collection

Data collection Risk Surveillance Manufacturing

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

MasterCard.com relies on five shared Domain Name System (DNS) servers at the Internet infrastructure provider Akamai [DNS acts as a kind of Internet phone book, by translating website names to numeric Internet addresses that are easier for computers to manage]. “This typo has now been corrected.”

DNS

DNS Internet Internet Risk

Risk Talk at JPL

Adam Shostack

JANUARY 2, 2025

The first part of the talk puts threat modeling in context for engineering secure systems, while the second part considers why we do what we do and asks some questions about how we think about risk. The biggest of those questions starts from the observation that many of the ways weve learned to use math in risk involve iteration.

Risk

Risk Insurance Engineering Marketing

Digital nomads and risk associated with the threat of infiltred employees

Security Affairs

MARCH 4, 2025

Companies face the risk of insider threats, worsened by remote work. The insider threat, or the risk that an employee could harm the company, is a growing concern. The insider threat, or the risk that an employee could harm the company, is a growing concern. North Korean hackers infiltrate firms via fake IT hires, stealing data.

Risk

Risk Education Scams VPN

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The Last Watchdog

MAY 13, 2025

This is the backdrop for The CISO on the Razors Edge , a new book by Steve Tout , longtime identity strategist and advisor to Fortune 500 security leaders. I spoke with Steve to explore what pushed him to write this book now, how GenAI changes the game, and what security leaders must do to escape the scapegoat cycle. Tout: Thank you.

CISO

CISO Risk Cybersecurity Government

Public Hearing on IoT Risks

Schneier on Security

APRIL 3, 2018

The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. The information received from the public hearing will be used to inform future Commission risk management work. The information received from the public hearing will be used to inform future Commission risk management work.

IoT

IoT Risk Internet Internet

New Book Coming in September: "Click Here to Kill Everybody"

Schneier on Security

JANUARY 5, 2018

My next book is still on track for a September 2018 publication. Risks are Becoming Catastrophic. It also needs to telegraph: "everyone needs to read this book." In the book I need a word for the Internet plus the things connected to it plus all the data and processing in the cloud. Norton is still the publisher.

Internet

Internet Internet Government Authentication

Worthwhile Books Q4 2022

Adam Shostack

JANUARY 2, 2025

Books that I read in the fourth quater that are worth your time include several about safety with lessons for cybersecurity Cyber Both of my so-called cyber books are not about cyber — if you judge a book by its cover. The excellent book by Ms. But both have some pretty important lessons for us.

Cybersecurity

Cybersecurity Engineering Risk

Fire Doesn't Innovate by Kip Boyle (Book Review)

Adam Shostack

JANUARY 2, 2025

An unexpected book review. I hate reviewing books by people I know, because I am a picky reader, and if you can't say anything nice, don't say anything at all. I also tend to hate management books, because they often substitute jargon for crisp thinking. It is not a book for the CSO. Fire" doesn't do that.

CSO

CSO Cyber Risk Backups Risk

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

What follows is a set of basic security hygiene steps that will significantly reduce your risk online. The more fringe the site, the higher the risk of bad things happening while you’re there. These are the diet and exercise of the computer safety world. So, I decided to update the advice myself. Automatic Logins Using Lastpass.

Risk

Risk Password Management Passwords Accountability

Booking.com reservation abused as cybercriminals steal from travelers

Malwarebytes

JUNE 6, 2025

Robert Woodford, a recruitment marketing specialist, recently shared on LinkedIn how he fell victim to a highly sophisticated scam while booking a hotel in Verona through Booking.com, providing a striking example of how attacks on the hospitality industry affect travelers. Report suspicious messages to the booking platform immediately.

Scams

Scams Malware Banking Risk

News alert: Seraphic launches BrowserTotal™ — a free AI-powered tool to stress test browser security

The Last Watchdog

JUNE 9, 2025

The launch coincides with the Gartner Security & Risk Management Summit 2025, where Seraphic will be showcasing the new platform with live demos at booth #1257. ” Attendees of the Gartner Security & Risk Management Summit 2025 can experience Browser Total firsthand at booth #1257.

Marketing

Marketing Risk CISO Architecture

Click Here to Kill Everybody Sale

Schneier on Security

JANUARY 15, 2021

The book just disappears somewhere in the process. At this price, international orders are at the buyer’s risk. I have 500 copies of the book available. Note that I have had occasional problems with international shipping. When they’re gone, the sale is over and the price will revert to normal.

Risk

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Here’s how it works: Cybercriminals send a fake Booking.com email to a hotels email address, asking them to confirm a booking. Dear Team, You have received a new booking. However, there are a few things you can do to lower your risk. How to protect your data online Don’t store your card details.

Phishing

Phishing Malware Passwords Password Management

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Joseph Steinberg

NOVEMBER 17, 2021

He has written books ranging from Cybersecurity for Dummies to the advanced Official (ISC)2® Guide to the CISSP®-ISSMP® CBK®. His opinions are also frequently cited in books, law journals, security publications, and general interest periodicals. “We are thrilled to have Joseph as our newest advisory board member. .

Cybersecurity

Cybersecurity Artificial Intelligence Government Information Security

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

The Last Watchdog

FEBRUARY 1, 2021

The cybersecurity operational risks businesses face today are daunting, to say the least. Ted Harrington’s new book Hackable: How To Do Application Security Right argues for making application security a focal point, while laying out a practical framework that covers many of the fundamental bases. But where to start?

Risk

Risk Social Engineering Software Password Management

I spoke to a task scammer. Here’s how it went

Malwarebytes

MARCH 5, 2025

Beginning the message with emojis, Birdie started the chat… Group invitation on X [emoji intro] Hello, I am a third-party agency from the UK, specializing in providing ranking and likes services for Booking+Airbnb hotel applications. create an account on a fake booking(dot)com site Here’s that site. It isn’t.)

Scams

Scams Accountability Mobile Cryptocurrency

Amy Zegart on Spycraft in the Internet Age

Schneier on Security

FEBRUARY 8, 2022

Amy Zegart has a new book: Spies, Lies, and Algorithms: The History and Future of American Intelligence. In the digital age, however, secrecy is bringing greater risk because emerging technologies are blurring nearly all the old boundaries of geopolitics. I have not yet read the book.

Internet

Internet Internet Technology Government

Weekly Update 339

Troy Hunt

MARCH 17, 2023

I found the discussion around IoT door locks especially interesting as it's a real nexus of security, usability and a bit of critical thinking about real world risks. Book a demo today. That term "security absolutism" that came up in the comments is gold, I hope you enjoy watching this episode.

IoT

IoT Financial Services Data breaches Risk

News alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scale

The Last Watchdog

JUNE 13, 2025

Arsen’s Vishing Simulation helps companies identify risk exposure and train employees to respond confidently and securely in real time. To learn more or book a demo of the Vishing Simulation module, users can visit [link]. It’s accessible as a standalone module, and can be bundled into current licensing agreements.

Phishing

Phishing Social Engineering Engineering CISO

ISACA impressions: AI, risk and resilience feature at the 2025 conference

BH Consulting

APRIL 16, 2025

Dr. Ng emphasised the balancing act between innovation and risk. Cloud calls for cooperation in a changed risk landscape Has computing really changed with the cloud? Although the core architecture hasnt shifted drastically, he said the risk landscape has.

Risk

Risk Government Ransomware Retail

Ransomware Attack Ends a 150 Year Company

Security Boulevard

MARCH 5, 2025

This terribly unfortunate event is a good example of how cybersecurity matters to every company that depends on digital technology - even if it is to run your books or manage your logistics. It is a dynamic adversarial endeavor where risk must be continually managed. The other point is that cybersecurity is not binary.

Ransomware

Ransomware Cybersecurity Risk Technology

News alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platform

The Last Watchdog

DECEMBER 3, 2024

Book a meeting with Sweet Security at AWS re:Invent 2024 in Las Vegas here. Its GenAI-infused technology cuts through the noise and delivers actionable recommendations on critical, real-time cloud risks. For too long we’ve been content with mediocre visibility into our most important assets.

CISO

CISO Threat Detection Media Technology

Generative-AI apps & ChatGPT: Potential risks and mitigation strategies

The Hacker News

JUNE 22, 2023

Continue reading to understand the potential risks and how to minimize them. Book a Generative-AI According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow.

Risk

News alert: Sweet Security rolls out its advanced runtime detection and response platform for AWS

The Last Watchdog

NOVEMBER 11, 2024

AWS customers visiting AWS re:Invent 2024 in Las Vegas can book a meeting to learn more here. Vulnerability management enriched with runtime insights, reducing CVEs by 99% and putting only the critical risks in front of security personnel. For more information, please visit [link].

Threat Detection

Threat Detection CISO Technology Risk

Cybersecurity in Aviation: Rising Threats and Modernization Efforts

SecureWorld News

JUNE 9, 2025

The attack vectors are diverse: fraudulent websites mimicking airline booking portals, phishing campaigns targeting airline staff, distributed denial-of-service (DDoS) attacks crippling airport websites malware infiltrating maintenance system, ransomware encrypting critical backend databases, and more.

Cybersecurity

Cybersecurity Social Engineering Computers and Electronics Risk

1 in 10 people do nothing to stay secure and private on vacation

Malwarebytes

MARCH 17, 2025

The findings reveal that the public approaches cybersecurity as a patchwork quilt, implementing some best practices while forgoing others, and engaging in a few behaviors that carry significant risk online. A safer option for vacationers is to book travel directly with an airline or hotel chain.

Passwords

Passwords VPN Scams Backups

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

FEBRUARY 15, 2021

Mistakes online by one family member can lead to compromises in a household’s network, placing computers, personal data, and perhaps even work-related content at risk. Do you have a corporate book club? I’ve also been brought in to host Virtual Reading Events with the book for corporate programs. Send gifts to clients?

Education

Education CISO Security Awareness Cybersecurity

Opening vs. Closing is a False Dichotomy

Daniel Miessler

APRIL 29, 2020

I’m not a health or policy expert, but I do know a lot about risk. Much of risk comes down to balancing variables. But there’s risk there, and the compensating controls seem to be behavior control, vaccination/treatment, testing, and contact tracing. Reality and risk are nuanced, and our policies have to be as well.

Risk

Risk Marketing Software Information Security

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

The Last Watchdog

JANUARY 13, 2021

Once children have identified the rewards of being part of the online world and the risks they want to avoid, they can come up with ways to help protect and care for themselves. I’ve also been brought in to host virtual reading events with the book for corporate and nonprofit efforts. Encourage privacy behaviors. About the essayist.

Scams

Scams Education Password Management Passwords

A Unified Approach to Exposure Management: Introducing Tenable One Connectors and Customized Risk Dashboards

Security Boulevard

MAY 15, 2025

Learn how the new Tenable One connectors and unified dashboards give you a comprehensive view of your attack surface, help you streamline decision-making and empower your teams to uncover hidden risks, prioritize critical exposures and respond to threats with confidence. And we didnt stop there.

Risk

Risk CISO Cyber Risk IoT

Electronic Sales Suppression Tools are cooking the books

Malwarebytes

DECEMBER 12, 2022

From ATO Deputy Commissioner John Ford : These dodgy sales suppression tools allow retailers to keep a separate set of books and launder the money in one transaction. Cybersecurity risks should never spread beyond a headline. So-called Electronic Sales Suppression Tools (ESST) were outlawed in Australia back in 2018.

Software

Software Retail Cryptocurrency Phishing

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Joseph Steinberg

DECEMBER 11, 2023

He has led organizations within the cybersecurity industry for over 25 years, and has written books ranging from the best-selling Cybersecurity for Dummies to the official study guide from which many CISOs study for certification exams in advanced information security management. patent filings.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Technology

Threats, To The Supply Chain

Adam Shostack

JANUARY 2, 2025

The threats book is in the supply chain, inconsistently. More seriously, ebook is now here [as of Jan 26] and audio book is forthcoming. Books are complex products. Each of those people works on multiple books, and theres staging and pipelining so that everyone stays busy. And so the physical books are flowing.

Marketing

Marketing Software Risk

Zoom attack tricks victims into allowing remote access to install malware and steal money

Malwarebytes

APRIL 24, 2025

Then they used a third-party booking system called Calendly to arrange the call. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline. After receiving an invitation to appear on “Bloomberg Crypto,” he suspected something was amiss.

Malware

Malware Media Accountability Cryptocurrency

Application and AI roundup - May

Adam Shostack

JANUARY 2, 2025

A group led by Gadi Evron released Generative AI and ChatGPT Enterprise Risks. OpenAI released a GPT-4 System Card , an extended writeup of its safety and security risks. Kai Greshake has an article, The Dark Side of LLMs: We Need to Rethink Large Language Models with the subtitle We cannot deploy the current crop of LLMs safely.

Passwords

Passwords Encryption Risk Advertising

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

SecureWorld News

FEBRUARY 17, 2025

We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks. This led to a reactive approach where organizations were more focused on regulatory adherence than on actual security risk management.

Government

Government Cybersecurity Risk CISO

New warning issued over toll fee scams

Malwarebytes

MAY 28, 2025

The FTCs 2024 Annual Data Book shows that 16% of the reported fraud attempts were text-based, with a criminal revenue of some $470 Million. We dont just report on phone securitywe provide it Cybersecurity risks should never spread beyond a headline. Reportedly , in April of 2025 alone, Americans received 19.2

Scams

Scams Mobile Phishing Internet

Hi, robot: Half of all internet traffic now automated

Malwarebytes

APRIL 16, 2025

These bots pull tricks such as pretending to book airline seats online and abandoning the purchase at the last minute, which skews seat pricing. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline. The report also found bots targeting specific sectors.

Internet

Internet Internet Passwords Artificial Intelligence

Review: Practical Cybersecurity Architecture

Adam Shostack

JANUARY 2, 2025

Adam Shostack's review of the book Practical Cybersecurity Architecture There's an insightful comment , "Everybody has a testing environment. And that brings me to the only book on security architecture that I've ever enjoyed, Practical Security Architecture by Diana Kelley and Ed Moyle.

Architecture

Architecture Cybersecurity Risk

Review: Practical Security Architecture

Adam Shostack

MAY 26, 2021

And that brings me to the only book on security architecture that I’ve ever enjoyed, Practical Security Architecture by Diana Kelley and Ed Moyle. The property I enjoy most about this book is a focus on what we might call a YAGNI approach to architecture, doing only what is needed to serve some customer need.

Architecture

Architecture Risk

How to Use Your Asset Management Software to Reduce Cyber Risks

CyberSecurity Insiders

APRIL 29, 2022

Identify assets and their associated risks. The best asset management software sets up a stock of your organization’s assets, phases of their entire life cycles, most recent software upgrades, the risks they could face, and the approaches to ensure their security. . . Handle the threats’ possible risks. .

Cyber Risk

Cyber Risk Software Risk IoT

Combined SOC Webinar Q&A: From EDR to ITDR and ASO … and ChatGPT

Anton on Security

DECEMBER 15, 2022

Think about it, a book library is a collection of content for people to read while a use case library is a collection of use case content for the detection tools to run. To me, the more interesting part of your question is a question about risks of threat hunting.

Engineering

Engineering Risk Technology Information Security

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

LLM Summary of My Book Beyond Fear

Trending Sources

MasterCard DNS Error Went Unnoticed for Years

Risk Talk at JPL

Digital nomads and risk associated with the threat of infiltred employees

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

Public Hearing on IoT Risks

New Book Coming in September: "Click Here to Kill Everybody"

Worthwhile Books Q4 2022

Fire Doesn't Innovate by Kip Boyle (Book Review)

10 Behaviors That Will Reduce Your Risk Online

Booking.com reservation abused as cybercriminals steal from travelers

News alert: Seraphic launches BrowserTotal™ — a free AI-powered tool to stress test browser security

Click Here to Kill Everybody Sale

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

I spoke to a task scammer. Here’s how it went

Amy Zegart on Spycraft in the Internet Age

Weekly Update 339

News alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scale

ISACA impressions: AI, risk and resilience feature at the 2025 conference

Ransomware Attack Ends a 150 Year Company

News alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platform

Generative-AI apps & ChatGPT: Potential risks and mitigation strategies

News alert: Sweet Security rolls out its advanced runtime detection and response platform for AWS

Cybersecurity in Aviation: Rising Threats and Modernization Efforts

1 in 10 people do nothing to stay secure and private on vacation

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

Opening vs. Closing is a False Dichotomy

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

A Unified Approach to Exposure Management: Introducing Tenable One Connectors and Customized Risk Dashboards

Electronic Sales Suppression Tools are cooking the books

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Threats, To The Supply Chain

Zoom attack tricks victims into allowing remote access to install malware and steal money

Application and AI roundup - May

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

New warning issued over toll fee scams

Hi, robot: Half of all internet traffic now automated

Review: Practical Cybersecurity Architecture

Review: Practical Security Architecture

How to Use Your Asset Management Software to Reduce Cyber Risks

Combined SOC Webinar Q&A: From EDR to ITDR and ASO … and ChatGPT

Stay Connected