Event and Risk - Cyber Security Informer

Another Event-Related Spyware App

Schneier on Security

NOVEMBER 15, 2022

This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Last month, we were warned not to install Qatar’s World Cup app because it was spyware.

Spyware

Spyware Technology Encryption Government

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

The Last Watchdog

JANUARY 15, 2025

15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. Silver Spring, MD, Jan. 28 and headlined by industry luminary Kevin Mandia. Users can visit aembit.io

Accountability

Accountability Software Risk Marketing

Risk Talk at JPL

Adam Shostack

JANUARY 2, 2025

The first part of the talk puts threat modeling in context for engineering secure systems, while the second part considers why we do what we do and asks some questions about how we think about risk. The biggest of those questions starts from the observation that many of the ways weve learned to use math in risk involve iteration.

Risk

Risk Insurance Engineering Marketing

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. Security Risk Advisors SCALR XDR is both a platform, built on Microsoft Azure and a 247 monitoring service with Microsoft Sentinel. Philadelphia, Pa., Philadelphia, Pa., To learn more: [link].

Risk

Risk Penetration Testing Marketing Technology

AI Risks

Schneier on Security

OCTOBER 9, 2023

Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them. Some are concerned about far-future risks that sound like science fiction. AI could destroy humanity or pose a risk on par with nukes.

Risk

Risk Technology Artificial Intelligence Surveillance

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Unisys, for instance, was found to have framed cyber risks hypothetically even though its systems had already been breached, exfiltrating gigabytes of data. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. Want to stay out of trouble?

CISO

CISO CSO Risk Cyber threats

COVID-19 Risks of Flying

Schneier on Security

JUNE 24, 2020

This is all a prelude to saying that I have been paying a lot of attention to the COVID-related risks of flying. There are no superspreader events involving airplanes. I think that most of the risk is pre-flight, in the airport: crowds at the security checkpoints, gates, and so on. That did happen with SARS.)

Risk

GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risks

The Last Watchdog

JUNE 23, 2022

Securities and Exchange Commission (SEC) is taking steps to crack down on insufficient cyber risk reporting. Related : Making third-party risk audits actionable. The new rules urge companies to build more robust cyber risk management programs. Disclosing policies and procedures for risk management.

Cyber Risk

Cyber Risk Risk Cybersecurity Cyber threats

Cyber Risk in U.S. Healthcare: Tackling HIPAA, Vendors, and Human Error – A Free Webinar With Joseph Steinberg and Chip Witt

Joseph Steinberg

APRIL 23, 2025

healthcare organizations are under relentless cyber pressure and the risks to patient safety have never been higher. The post Cyber Risk in U.S. Healthcare Cybersecurity And How to Fix It. From ransomware and cloud misconfigurations to vulnerable medical devices, U.S. Youll walk away with: – Lessons from real-world U.S.

Healthcare

Healthcare Cyber Risk Artificial Intelligence Risk

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

SecureList

OCTOBER 29, 2024

The primary objective of these services is risk reduction. Policy violations by employees Most organizations focus on external threats; however, policy violations pose a major risk , with 51% of SMB incidents and 43% of enterprise incidents involving IT security policy violations caused by employees.

Risk

Risk Antivirus Accountability Malware

Andor: Insider Threats

Adam Shostack

JUNE 2, 2025

A decade-long project thats at risk is made more at risk by the investigation.) That led the keyboard to trigger a key send event via Bluetooth. The interplay of risk management by the spy and the handler is exceptionally well-written. Short form: An executives priority take precedence.

Risk

Risk Accountability Cybersecurity

From Compliance to Confidence: How AI Is Reshaping Third-Party Risk

SecureWorld News

MAY 13, 2025

As geopolitical instability, supply chain disruption, and cyber threats continue to escalate, third-party risk management (TPRM) is evolving from a compliance function to a strategic business imperative. According to the EY survey , 87% of organizations have experienced a third-party risk incident in the past three years.

Risk

Risk Cyber Risk Artificial Intelligence Technology

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

Thales Introduces Data Risk Intelligence, Bringing Organizations Risk Profile Front and Center

Thales Cloud Protection & Licensing

DECEMBER 3, 2024

Thales Introduces Data Risk Intelligence, Bringing Organizations Risk Profile Front and Center madhav Tue, 12/03/2024 - 09:32 When Thales finalized the acquisition of Imperva in January 2024, our aim was clear: to empower organizations to protect data and secure all paths to it. Want to dive deeper?

Risk

Risk Digital transformation Encryption Software

Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published

Penetration Testing

APRIL 6, 2025

A security researcher has recently disclosed technical details and proof-of-concept (PoC) exploit code for a vulnerability in the Linux kernel’s Performance Events system component. indicating a high severity risk. This flaw, identified as CVE-2023-6931, carries a CVSS score of 7.8,

Risk

Risk Cybersecurity

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

The Last Watchdog

OCTOBER 3, 2024

The extensions are capable of hooking into login events to redirect users to a page disguised as a password manager login. Ramachandran Vivek Ramachandran , Founder & CEO of SquareX , warned about the mounting risks: “Browser extensions are a blind spot for EDR/XDR and SWGs have no way to infer their presence. Singapore, Oct.

Risk

Risk Password Management Malware Media

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

“The SEC’s order against Unisys finds that the company described its risks from cybersecurity events as hypothetical despite knowing that it had experienced two SolarWinds-related intrusions involving exfiltration of gigabytes of data. ” reads the press release published by SEC.

Hacking

Hacking Risk Cybersecurity Government

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

The Last Watchdog

APRIL 17, 2023

Here are a few of the top security weaknesses that threaten organizations today: Poor risk management. A lack of a risk management program or support from senior management is a glaring weakness in your cybersecurity strategy. Logging events is the first step in understanding which services or systems are used within an organization.

Risk

Risk Cybersecurity Data breaches Cyber Attacks

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. INE Security recommends establishing a routine for updating and patching software, which can significantly reduce the risk of a breach. Cary, NC, Oct.

Small Business

Small Business Data breaches Backups Passwords

Upcoming Speaking Engagements

Schneier on Security

SEPTEMBER 14, 2021

This is a current list of where and when I am scheduled to speak: I’m keynoting CIISec Live —an all-online event—September 15-16, 2021. I’m speaking at the fourth annual Managing Cyber Risk from the C-Suite conference—a virtual event conducted through Webex—on October 5, 2021. Details to come.

Data privacy

Data privacy Cyber Risk Risk Cybersecurity

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk

Risk Threat Detection Technology Phishing

Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks

Security Boulevard

JULY 12, 2024

We're primed to face another Y2K-like event: Q-Day, the point at which quantum computers become capable of breaking traditional encryption, totally upending security as we know it. The post Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks appeared first on Security Boulevard.

Risk

Risk Encryption Security Awareness Government

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Security Affairs

APRIL 28, 2025

In the aftermath, several alternative forums emerged, some demanded entry fees, fueling confusion and raising the risk of scams or government-run honeypots. —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 Hello everyone, We would like to provide an update on recent events over the past two weeks. breachforums[.]st.

Risk

Risk Hacking Cybercrime Scams

How to safely change your name without putting your identity at risk

Security Boulevard

MAY 13, 2025

Changing your namewhether due to marriage, divorce, or personal choiceis a significant life event. The post How to safely change your name without putting your identity at risk appeared first on Security Boulevard. At Avast, we prioritize your digital security.

Identity Theft

Identity Theft Risk

Best Practices for Hospitals To Manage Risks To CyberSecurity Created By Medical Technology And Information Systems: A Webinar With The CIA’s Former CyberSecurity Director And The Top CyberSecurity Columnist

Joseph Steinberg

OCTOBER 12, 2022

Join Bonnie Stith, former Director of the CIA’s Center for Cyber Intelligence , and and Joseph Steinberg, renowned cybersecurity expert witness and columnist , for a special, free educational webinar, Best Practices for Asset Risk Management in Hospitals. The discussion will cover: * How IT asset risks have evolved.

Cybersecurity

Cybersecurity Technology Risk Artificial Intelligence

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

The Last Watchdog

FEBRUARY 11, 2024

From identity theft to greater oversight on risk management, internal IT teams will be taking the brunt of these incoming regulations. Other tactics firms can employ include the adoption of new tools such as security incident and event monitoring (SIEM), real-time vulnerability scanning, endpoint detection and response (EDR) and many others.

Cyber Risk

Cyber Risk Risk Financial Services Cyber threats

News alert: Halo Security’s attack surface management platform wins MSP Today’s top award

The Last Watchdog

JUNE 18, 2025

Miami, June 18, 2025, CyberNewswire — Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms.

Penetration Testing

Penetration Testing Technology Media Marketing

How Outsourcing Cybersecurity Crashed the World’s IT: A Webinar With Columbia University Faculty

Joseph Steinberg

JULY 23, 2024

During this webinar, you will learn how this global outage happened, what other security risks may be on the horizon, what lessons we can all learn from recent events, and what individuals, businesses, and governments can do to avoid similar disasters in the future.

Artificial Intelligence

Artificial Intelligence Cybersecurity Government Technology

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

Troy Hunt

MARCH 15, 2020

That sucks for you because you end up both missing out on events and sooner or later, suffering from cabin fever (I've always found that difficult across many years of remote work). It also sucks for companies like NDC Conferences whose entire livelihood is running the very events that people are now avoiding at all costs. Crisitunity!

Hacking

Hacking Technology Software Risk

ISACA impressions: AI, risk and resilience feature at the 2025 conference

BH Consulting

APRIL 16, 2025

I had the incredible opportunity to attend the event, and heres a reflection on the powerful sessions I attended. Paul Hare of Deloitte kicked off the event with a warm welcome, setting the tone for a day packed with innovation, responsibility, and forward thinking. Dr. Ng emphasised the balancing act between innovation and risk.

Risk

Risk Government Ransomware Retail

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

The Last Watchdog

JANUARY 3, 2023

Even events like the World Cup are being used by cyber criminals to target unsuspecting victims through things like fake streaming sites designed to steal private information. With more and more people working remotely, unsecured home or public WiFi networks represent a security risk not only to individuals but to their companies as well.

Risk

Risk Cybersecurity Antivirus Phishing

How threat actors can use generative artificial intelligence?

Security Affairs

DECEMBER 1, 2024

Deepfakes are media content—such as videos, images, or audio—created using GAI to realistically manipulate faces, voices, or even entire events. Attackers can use them to fabricate events, impersonate influential figures, or create scenarios that manipulate public opinion. Generative Artificial Intelligence is a double-edged sword.

Artificial Intelligence

Artificial Intelligence Phishing Media Cybercrime

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

Joseph Steinberg

JULY 8, 2021

Ironically, while many larger enterprises purchase insurance to protect themselves against catastrophic levels of hacker-inflicted damages, smaller businesses – whose cyber-risks are far greater than those of their larger counterparts – rarely have adequate (or even any) coverage.

Insurance

Insurance Cyber Insurance Cybersecurity Small Business

News Alert: INE Security outlines top 5 training priorities emerging from RSAC 2025

The Last Watchdog

MAY 13, 2025

AI Risk Management Becomes Business-Critical AI security solutions dominated RSAC this year, signaling that as organizations adopt advanced response technologies, comprehensive training must keep pace. This gap highlights a growing disconnect between perceived and actual risk in cloud deployments.

Architecture

Architecture Risk Cybersecurity Cyber Attacks

White House Announces AI Cybersecurity Challenge

Schneier on Security

AUGUST 21, 2023

Interested would-be competitors can now submit their proposals to the Small Business Innovation Research program for evaluation and, eventually, selected teams will participate in a 2024 “qualifying event.” In other words: the government wants software that is capable of identifying and mitigating risks by itself.

Cybersecurity

Cybersecurity Small Business Government Software

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Proactive monitoring of Windows event logs, specifically from the “Microsoft-Windows-BitLocker-API/Management” source, can help organizations detect early stages of BitLocker attacks, such as when attackers test encryption capabilities. ” concludes the report.

Ransomware

Ransomware Encryption Passwords Backups

One policy to rule them all

SecureList

JANUARY 31, 2025

This story examines how cybercriminals exploit group policies as an attack vector, what risks attacks like these pose, and what measures can be taken to protect against potential threats. Such changes can be tracked using event 5136 , which is generated whenever an AD object is modified.

System Administration

System Administration Ransomware Malware Technology

BSidesLV24 – Breaking Ground – My Terrible Roommates: Discovering The FlowFixation Vulnerability & The Risks Of Sharing A Cloud Domain

Security Boulevard

APRIL 14, 2025

Originating from the conferences events located at the Tuscany Suites & Casino ; and via the organizations YouTube channel. Permalink The post BSidesLV24 – Breaking Ground – My Terrible Roommates: Discovering The FlowFixation Vulnerability & The Risks Of Sharing A Cloud Domain appeared first on Security Boulevard.

Risk

Risk Education Cybersecurity

Innovation in the Fast Lane: Lessons from Motorsport and Cybersecurity

Trend Micro

JUNE 10, 2025

Move faster than your adversaries with powerful purpose-built XDR, cyber risk exposure management, and zero trust capabilities Learn more Extend Your Team Extend Your Team.

Cybersecurity

Cybersecurity Cyber Risk Risk Artificial Intelligence

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Adam Levin

JUNE 4, 2021

Practice the 3Ms: Minimize your risk of exposure: Don’t take unnecessary risks and invest in cyber defenses and education. Manage the damage: Plan ahead in the event of a successful cyberattack and have a cyber liability insurance plan to help offset the costs. . We are in the midst of an ongoing ransomware epidemic.

Ransomware

Ransomware Backups Insurance Healthcare

Defending against Identity-Based Threats using the Shared Signals Framework

Duo's Security Blog

FEBRUARY 13, 2025

Most recently, in December of 2024, we attended the Gartner IAM conference interoperability event, where we demonstrated the power of Shared Signals in detecting and preventing session theft, a top security concern for our customers. With Cisco Secure Access, Shared Signals can help Duo communicate risk to cut off access to the network.

Authentication

Authentication Accountability Passwords Risk

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

MAY 16, 2022

This complexity can be compounded by the effects of world events like COVID-19 or a war, resulting in manufacturing slowdowns and lockdowns. Such events have led to parts shortages that force the use of older and less-secure replacement parts to meet schedules, which emphasizes the need for innovation and for additional suppliers.

Cyber Attacks

Cyber Attacks Firmware Manufacturing Artificial Intelligence

Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections

Security Affairs

JULY 25, 2024

According to the latest risk assessment published by Resecurity, terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks, as well as to conduct recruitment and establish anonymous communication channels (using apps like Session and their alternatives).

Risk

Risk Financial Services Education Banking

Shifting from Business Continuity to Continuous Business in Cyber

Jane Frankland

OCTOBER 25, 2024

Attending their annual global event series, SHIFT , in London recently, he redefined the future of business resilience in his keynote address and positioned the concept of continuous business—a ground-breaking state of perpetual availability and robustness which revolves around four pivotal elements: 1.

Cyber Risk

Cyber Risk CISO Cyber threats Risk

Another Event-Related Spyware App

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

Trending Sources

Risk Talk at JPL

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

AI Risks

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

COVID-19 Risks of Flying

GUEST ESSAY: New SEC rules aim to help C-levels, board members quantify cyber risks

Cyber Risk in U.S. Healthcare: Tackling HIPAA, Vendors, and Human Error – A Free Webinar With Joseph Steinberg and Chip Witt

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Andor: Insider Threats

From Compliance to Confidence: How AI Is Reshaping Third-Party Risk

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Thales Introduces Data Risk Intelligence, Bringing Organizations Risk Profile Front and Center

Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Upcoming Speaking Engagements

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Q-Day Prepping: What Businesses Can Do Now to Address Quantum Security Risks

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

How to safely change your name without putting your identity at risk

Best Practices for Hospitals To Manage Risks To CyberSecurity Created By Medical Technology And Information Systems: A Webinar With The CIA’s Former CyberSecurity Director And The Top CyberSecurity Columnist

GUEST ESSAY: Why internal IT teams are ill-equipped to adequately address cyber risks

News alert: Halo Security’s attack surface management platform wins MSP Today’s top award

How Outsourcing Cybersecurity Crashed the World’s IT: A Webinar With Columbia University Faculty

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

ISACA impressions: AI, risk and resilience feature at the 2025 conference

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

How threat actors can use generative artificial intelligence?

CyberSecurity Is Not Enough: Businesses Must Insure Against Cyber Losses

News Alert: INE Security outlines top 5 training priorities emerging from RSAC 2025

White House Announces AI Cybersecurity Challenge

Bitdefender released a decryptor for the ShrinkLocker ransomware

One policy to rule them all

BSidesLV24 – Breaking Ground – My Terrible Roommates: Discovering The FlowFixation Vulnerability & The Risks Of Sharing A Cloud Domain

Innovation in the Fast Lane: Lessons from Motorsport and Cybersecurity

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Defending against Identity-Based Threats using the Shared Signals Framework

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections

Shifting from Business Continuity to Continuous Business in Cyber

Stay Connected