Risk - Cyber Security Informer

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks. For starters, he said, the app collects an awful lot of data about the user’s device.

Risk

Risk Artificial Intelligence Mobile Encryption

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

The Last Watchdog

FEBRUARY 25, 2025

Related: Weaponizing Microsoft’s co-pilot Until now, lackluster enterprise search capabilities kept many security risks in checkemployees simply couldnt find much of the data they were authorized to access. Over-provisioned access The risks of excessive access are nothing new.

Risk

Risk CISO Engineering

The Independent Op-Ed: Australia’s social media ban won’t protect kids – it’ll put them more at risk

Joseph Steinberg

DECEMBER 21, 2024

To read the piece that appeared today in The Independent , please see: Australias social media ban wont protect kids itll put them more at risk on The Independent ‘s web site.

Media

Media Risk Artificial Intelligence Government

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

OCTOBER 31, 2024

This is a good point : Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of threats, and so on, that are not ranked for risks. Here is one big one: Do not use or rely on un-risk-ranked lists.

Cybersecurity

Cybersecurity Risk Authentication

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Digital nomads and risk associated with the threat of infiltred employees

Security Affairs

MARCH 4, 2025

Companies face the risk of insider threats, worsened by remote work. The insider threat, or the risk that an employee could harm the company, is a growing concern. The insider threat, or the risk that an employee could harm the company, is a growing concern. North Korean hackers infiltrate firms via fake IT hires, stealing data.

Risk

Risk Education Scams VPN

See No Risk, Hear No Warning, Speak No Breach: The Cybersecurity Trap for Small Businesses

Jane Frankland

APRIL 10, 2025

Just like the three wise monkeys , some small business owners are unintentionally following a philosophy of see no risk, hear no warning, speak no threat when it comes to cybersecurity. Why Small Business Cybersecurity Matters More Than Ever In a supply chain world, your weakest link is someone elses risk exposure. Here’s how: 1.

Small Business

Small Business Risk Cybersecurity Cyber Risk

All Gmail users at risk from clever replay attack

Malwarebytes

APRIL 22, 2025

We don’t just report on threats – we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headline. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.

Risk

Risk Scams Phishing Accountability

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

eSecurity Planet

MARCH 24, 2025

Beyond mass data exposure, there are heightened risks of credential compromise, corporate espionage, and potential extortion. The post Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked appeared first on eSecurity Planet. The consequences of this breach are severe.

Risk

Risk Passwords Hacking Encryption

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. May 18th, 2023 at 9:30 am PDT, 12:30 pm EDT, 5:30 pm BST

Cryptocurrency

News alert: Aptori’s AI-driven platform reduces risk, ensures compliance — now on Google Marketplace

The Last Watchdog

MARCH 12, 2025

This new agentic AI solution leverages semantic reasoning to analyze application code and logic in real time, delivering deterministic vulnerability detection, contextual risk prioritization, and automated remediation. San Jose, Calif., Aptoris AI-driven approach goes beyond traditional static analysis. Users can learn more at [link].

Risk

Risk Engineering Digital transformation Technology

Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties

The Hacker News

JULY 4, 2025

Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China.

Risk

Risk Data collection

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Security Affairs

MAY 16, 2025

Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise growing concerns over data security and privacy risks. While these tools deliver clear productivity gains, they also expose businesses to complex new risks, particularly around data security and privacy. While valuable, these efforts are not enough.

Risk

Risk Artificial Intelligence Government Hacking

Cyber Risk in U.S. Healthcare: Tackling HIPAA, Vendors, and Human Error – A Free Webinar With Joseph Steinberg and Chip Witt

Joseph Steinberg

APRIL 23, 2025

healthcare organizations are under relentless cyber pressure and the risks to patient safety have never been higher. The post Cyber Risk in U.S. Healthcare Cybersecurity And How to Fix It. From ransomware and cloud misconfigurations to vulnerable medical devices, U.S. Youll walk away with: – Lessons from real-world U.S.

Healthcare

Healthcare Cyber Risk Risk Artificial Intelligence

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders.

Risk

White House Bans WhatsApp

Schneier on Security

JUNE 26, 2025

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.”

Encryption

Encryption Risk Cybersecurity

Taiwan flags security risks in popular Chinese apps after official probe

Security Affairs

JULY 7, 2025

Taiwan warns Chinese apps like TikTok and WeChat pose security risks due to excessive data collection and data transfers to China. These apps pose cybersecurity risks beyond normal data practices. This creates major privacy and security risks for Taiwanese users. Using the v4.0 ” continues the announcement.

Risk

Risk Data collection InfoSec Mobile

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

“We have looked into the matter and there was not a risk to our systems,” a MasterCard spokesperson wrote. “Before making any public disclosure, I ensured that the affected domain was registered to prevent exploitation, mitigating any risk to MasterCard or its customers. “This typo has now been corrected.”

DNS

DNS Internet Internet Risk

Shared Intel Q&A: Can risk-informed patching finally align OT security with real-world threats?

The Last Watchdog

JUNE 9, 2025

Related: The evolution of OT security And yet, many utility companies remain trapped in a compliance-first model that often obscures real risks rather than addressing them. In practice, Huff says, they too often force asset owners to blindly chase updates with little regard for exploitability, threat intelligence, or operational risk.

Risk

Risk Energy and Utilities Data collection Cybersecurity

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Advertiser: Revenera

This IDC report addresses several key topics: Risks involved with using open-source software (OSS) How to manage these risks, including OSS license compliance Business benefits to the organization beyond risk mitigation Software supply chain best practices Key trends in industry and government regulation

Risk

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

The Hacker News

JULY 1, 2025

It’s also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices create a risk surface that most security stacks weren’t designed to handle. Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser.

Risk

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The Last Watchdog

MAY 13, 2025

Can you briefly explain what makes Strategic Performance Intelligence different from current governance, risk and compliance ( GRC ) or dashboard approaches? Unfortunately, Im seeing more cases where the CISO is quietly replaced by a Head of Cybersecurity with a mandate to manage risk and compliance. Its a structural one.

CISO

CISO Risk Cybersecurity Government

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

Malwarebytes

JUNE 2, 2025

We don’t just report on threats – we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headline. Disabling JavaScript will stop that from happening, but it has the disadvantage that it will break many websites that you visit regularly.

Risk

Risk Identity Theft Scams Malware

MY TAKE: Microsoft takes ownership of AI risk — Google, Meta, Amazon, OpenAI look the other way

The Last Watchdog

JUNE 17, 2025

And more than that, he acknowledged the growing risk of jailbreak-style attacks that can trick AI systems into revealing sensitive content or misbehaving in ways they were explicitly designed to avoid. Microsoft isn’t pretending it can eliminate all the risks—but it is showing what it looks like to take those risks seriously.

Risk

Risk Architecture Engineering Internet

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

Uncover and mitigate various security risks that put sensitive customer and business data at risk — including identifying misconfigured SaaS settings and suspicious or malicious behavior. By focusing on SaaS security posture management, your team can finally accomplish the following: Discover both known and unknown SaaS apps.

Risk

RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible

The Last Watchdog

MAY 30, 2025

At RSAC 2025, Eades unveiled Human Link Pro , a new product aimed at closing the loop between non-human and human credential risks. The post RSAC Fireside Chat: Human and machine identity risks are converging and theyre finally visible first appeared on The Last Watchdog. LW provides consulting services to the vendors we cover.)

Risk

Risk Cyber Insurance Accountability Insurance

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Security teams will need to address the unique risks posed using LLMs in mission critical environments.

Cyber threats

Cyber threats CISO IoT Phishing

On Generative AI Security

Schneier on Security

FEBRUARY 5, 2025

Automation can help cover more of the risk landscape. LLMs amplify existing security risks and introduce new ones. You don’t have to compute gradients to break an AI system. AI red teaming is not safety benchmarking. The human element of AI red teaming is crucial. Responsible AI harms are pervasive but difficult to measure.

Risk

MediaTek July 2025 Security Bulletin: Heap Overflows, WLAN Flaws, and Bluetooth Risks Threaten Billions of Devices

Penetration Testing

JULY 8, 2025

The post MediaTek July 2025 Security Bulletin: Heap Overflows, WLAN Flaws, and Bluetooth Risks Threaten Billions of Devices appeared first on Daily CyberSecurity.

Risk

Risk Cybersecurity IoT

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization.

Risk

URGENT Chrome Update: High-Risk CVE-2025-4664 Flaw Actively Exploited In The Wild – Patch Immediately!

Penetration Testing

MAY 14, 2025

114 for Windows The post URGENT Chrome Update: High-Risk CVE-2025-4664 Flaw Actively Exploited In The Wild Patch Immediately! Google has released a critical Stable Channel Update for Chrome Desktop, bumping the version to 136.0.7103.113/.114 appeared first on Daily CyberSecurity.

Risk

Risk Cybersecurity

Pairwise Authentication of Humans

Schneier on Security

FEBRUARY 10, 2025

To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.

Authentication

Authentication Mobile Risk

Regulating AI Behavior with a Hypervisor

Schneier on Security

APRIL 23, 2025

.” Abstract :As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society.

Architecture

Architecture Healthcare Software Risk

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks

Penetration Testing

JULY 10, 2025

The post SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks appeared first on Daily CyberSecurity.

Risk

Risk Cybersecurity

IT Leadership Agrees AI is Here, but Now What?

This whitepaper offers real strategies to manage risks and position your organization for success. IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow.

Cybersecurity

Signal Blocks Windows Recall

Schneier on Security

MAY 23, 2025

This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data.

Risk

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

OCTOBER 30, 2024

And because that administrator account can do anything to that serverread the sensitivity data, hack the web server to install malware on people who visit its web pages, or anything else I might care to dothe private key on my laptop represents a security risk for that server. But if I delete that private key, the vulnerability goes away.

Accountability

Accountability Risk Hacking Malware

Safety and Security in Automated Driving

Adam Shostack

JANUARY 2, 2025

Lets explore the risks associated with Automated Driving. Contrary to the commonly used definition of an [minimal risk condition, (MRC)], which describes only a standstill, this publication expands the definition to also include degraded operation and takeovers by the vehicle operator. million people were seriously injured.

Risk

Risk Architecture Manufacturing Cybersecurity

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Unisys, for instance, was found to have framed cyber risks hypothetically even though its systems had already been breached, exfiltrating gigabytes of data. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. Want to stay out of trouble?

CISO

CISO CSO Risk Government

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

A well-structured training program fosters true behavioral change, reducing the risk of cyber threats. explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content. Discover more on phished.io

Cyber threats

Communications Backdoor in Chinese Power Inverters

Schneier on Security

MAY 16, 2025

This is a weird story : U.S.

Firewall

Firewall Risk

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

The Hacker News

JUNE 25, 2025

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions.

Risk

Risk Cybersecurity

NCSC Guidance on “Advanced Cryptography”

Schneier on Security

MAY 2, 2025

However, there are a number of factors to consider before deploying a solution based on Advanced Cryptography, including the relative immaturity of the techniques and their implementations, significant computational burdens and slow response times, and the risk of opening up additional cyber attack vectors.

Encryption

Encryption Cyber Attacks Authentication Risk

News alert: Reflectiz expands Datadog’s security scope to cover client-side web vulnerabilities

The Last Watchdog

JULY 9, 2025

The partnership introduces the Reflectiz Security Integration within Datadog’s platform, enabling joint customers to proactively identify and remediate risks across their entire web ecosystem: from first-party applications to complex third-party and supply chain dependencies. Director of Strategic Alliances at Reflectiz. “By

Risk

Risk Financial Services Healthcare Threat Detection

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. Register now to save your seat!

Risk

Experts Flag Security, Privacy Risks in DeepSeek AI App

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

Trending Sources

The Independent Op-Ed: Australia’s social media ban won’t protect kids – it’ll put them more at risk

Roger Grimes on Prioritizing Cybersecurity Advice

ERM Program Fundamentals for Success in the Banking Industry

Digital nomads and risk associated with the threat of infiltred employees

See No Risk, Hear No Warning, Speak No Breach: The Cybersecurity Trap for Small Businesses

All Gmail users at risk from clever replay attack

Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked

Everything You Need to Know About Crypto

News alert: Aptori’s AI-driven platform reduces risk, ensures compliance — now on Google Marketplace

Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Cyber Risk in U.S. Healthcare: Tackling HIPAA, Vendors, and Human Error – A Free Webinar With Joseph Steinberg and Chip Witt

The Power of Storytelling in Risk Management

White House Bans WhatsApp

Taiwan flags security risks in popular Chinese apps after official probe

MasterCard DNS Error Went Unnoticed for Years

Shared Intel Q&A: Can risk-informed patching finally align OT security with real-world threats?

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

Victims risk AsyncRAT infection after being redirected to fake Booking.com sites

MY TAKE: Microsoft takes ownership of AI risk — Google, Meta, Amazon, OpenAI look the other way

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

On Generative AI Security

MediaTek July 2025 Security Bulletin: Heap Overflows, WLAN Flaws, and Bluetooth Risks Threaten Billions of Devices

Successful Change Management with Enterprise Risk Management

URGENT Chrome Update: High-Risk CVE-2025-4664 Flaw Actively Exploited In The Wild – Patch Immediately!

Pairwise Authentication of Humans

Regulating AI Behavior with a Hypervisor

SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks

IT Leadership Agrees AI is Here, but Now What?

Signal Blocks Windows Recall

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Safety and Security in Automated Driving

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Communications Backdoor in Chinese Power Inverters

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

NCSC Guidance on “Advanced Cryptography”

News alert: Reflectiz expands Datadog’s security scope to cover client-side web vulnerabilities

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Stay Connected