Risk and Software - Cyber Security Informer

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks. For starters, he said, the app collects an awful lot of data about the user’s device.

Risk

Risk Artificial Intelligence Mobile Encryption

Regulating AI Behavior with a Hypervisor

Schneier on Security

APRIL 23, 2025

.” Abstract :As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. The basic idea is that many of the AI safety policies proposed by the AI community lack robust technical enforcement mechanisms.

Software

Software Architecture Healthcare Risk

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. Security Risk Advisors SCALR XDR is both a platform, built on Microsoft Azure and a 247 monitoring service with Microsoft Sentinel. Philadelphia, Pa., Philadelphia, Pa., To learn more: [link].

Risk

Risk Penetration Testing Marketing Technology

Critical Vulnerabilities in mySCADA myPRO Software Pose Significant Risk to Industrial Control Systems

Penetration Testing

DECEMBER 2, 2024

Researchers have disclosed critical vulnerabilities in mySCADA’s myPRO software, a widely deployed industrial automation platform.

Software

Software Risk Cybersecurity

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it.

Risk

The 2025 State of Application Risk Report: Understanding AI Risk in Software Development

Security Boulevard

MAY 9, 2025

Get details on the AI risks Legit unearthed in enterprises' software factories. The post The 2025 State of Application Risk Report: Understanding AI Risk in Software Development appeared first on Security Boulevard.

Risk

Risk Software

News alert: INE secures spot in G2’s 2025 Top 50 education software rankings

The Last Watchdog

FEBRUARY 25, 2025

This category of awards ranks the worlds top 50 software education products based on authentic reviews from more than 100 million G2 users. Warn “We are thrilled to be recognized for a second consecutive year by G2’s Best Software Awards, said Dara Warn, CEO of INE. Cary, NC, Feb.

Education

Education Software Small Business Cybersecurity

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

Government

Government Artificial Intelligence Banking Software

Ted Chiang on the Risks of AI

Schneier on Security

MAY 12, 2023

as a semi-autonomous software program that solves problems that humans ask it to solve, the question is then: how do we prevent that software from assisting corporations in ways that make people’s lives worse? Yet such software could easily still cause as much harm as McKinsey has. If you think of A.I. researchers.

Risk

Risk Software Technology Marketing

The Importance of User Roles and Permissions in Cybersecurity Software

By only giving users access to what they need for their job, you reduce the risk of data breaches and unauthorized modifications. You should restrict access to sensitive information and systems the same way you restrict access to your house. This is known as role-based access control or RBAC. Read the eBook to learn more!

Cybersecurity

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

SecureList

OCTOBER 29, 2024

The primary objective of these services is risk reduction. Policy violations by employees Most organizations focus on external threats; however, policy violations pose a major risk , with 51% of SMB incidents and 43% of enterprise incidents involving IT security policy violations caused by employees. aspx Backdoor.ASP.WEBS HELL.SM

Risk

Risk Antivirus Accountability Malware

News alert: Aptori’s AI-driven platform reduces risk, ensures compliance — now on Google Marketplace

The Last Watchdog

MARCH 12, 2025

This new agentic AI solution leverages semantic reasoning to analyze application code and logic in real time, delivering deterministic vulnerability detection, contextual risk prioritization, and automated remediation. San Jose, Calif., Aptoris AI-driven approach goes beyond traditional static analysis. Users can learn more at [link].

Risk

Risk Engineering Digital transformation Technology

DORA Compliance: A Practical Guide to Effective Third-Party Risk Management

Responsible Cyber

NOVEMBER 25, 2024

Effective from January 2025, DORA mandates that financial institutions implement robust measures to manage Information and Communication Technology (ICT) risks, with a significant emphasis on Third-Party Risk Management (TPRM). Contracts must clearly outline service expectations, security requirements, and compliance obligations.

Risk

Risk Cyber threats Technology Software

Apple AirPlay SDK devices at risk of takeover—make sure you update

Malwarebytes

MAY 1, 2025

Researchers found a set of vulnerabilities in Apples AirPlay SDK that put billions of users at risk of their devices being taking over. Rapid Security Response (RSR) is a type of software patch delivering security fixes between Apples regular, scheduled software updates. Learn how to update the software on your Apple TV.

Risk

Risk Wireless Software Mobile

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

Security Affairs

FEBRUARY 3, 2025

Ron Wyden warns of national security risks after Elon Musk s DOGE was given full access to sensitive Treasury systems. Ron Wyden warned of national security risks after Elon Musk s team, Department of Government Efficiency (DOGE), was granted full access to a sensitive U.S. Treasury payments system poses significant risks.

Risk

Risk Surveillance Cyber threats Marketing

Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US

WIRED Threat Level

MAY 5, 2025

The open source software easyjson is used by the US government and American companies. But its ties to Russias VK, whose CEO has been sanctioned, have researchers sounding the alarm.

Risk

Risk Government Software Hacking

How Spread Betting Platforms Safeguard Traders Against Cyber Risks

IT Security Guru

JANUARY 30, 2025

So, lets explore how spread betting platforms are rising to this challenge and ensuring that their platforms are cyber risk-free. Cyber Risks Facing Spread Betting Platforms Cyber threats are becoming more dangerous than ever, and spread betting platforms are a major target for most of these cyberattacks. Enable 2FA.

Cyber Risk

Cyber Risk Risk Penetration Testing Accountability

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Security teams will need to address the unique risks posed using LLMs in mission critical environments.

Cyber threats

Cyber threats CISO IoT Phishing

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software. Cary, NC, Oct.

Small Business

Small Business Data breaches Backups Passwords

How ToddyCat tried to hide behind AV software

SecureList

APRIL 7, 2025

Such software enjoys the trust of monitoring tools and doesn’t raise suspicions. Presumably, this is to allow the operator to verify that the tool was run without errors, so that the payload file can be moved without risk of detection. Monitoring tools track the installation of such drivers and check applications that perform it.

Software

Software Encryption Malware Firmware

Russian organizations targeted by backdoor masquerading as secure networking software updates

SecureList

APRIL 22, 2025

This will enable organizations that may be at risk of infection from the backdoor to take swift action to protect themselves from this threat. ViPNet is a software suite for creating secure networks. Impersonating a ViPNet update Our investigation revealed that the backdoor targets computers connected to ViPNet networks.

Software

Software Encryption Architecture Malware

Opportunities and risks of AI coding assistants

BH Consulting

DECEMBER 6, 2024

The rise of AI coding assistants marks a significant leap forward in software development. This blog will explore the advantages and risks these AI tools bring, along with actionable steps to integrate them responsibly into business practices. With capabilities that streamline tasks, these tools promise a new level of efficiency.

Risk

Risk Data privacy Information Security Software

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

Part three of a four-part series In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in encryption and software transparency raising the bar. Similarly, software bills of materials (SBOMs) underscore the need for better accountability in third-party software.

Cybersecurity

Cybersecurity CISO Risk Government

Attackers exploit SimpleHelp RMM Software flaws for initial access

Security Affairs

JANUARY 28, 2025

Threat actors exploit recently fixed SimpleHelp RMM software vulnerabilities to breach targeted networks, experts warn. “On 22 January 2025, Arctic Wolf began observing a campaign involving unauthorised access to devices running SimpleHelp RMM software as an initial access vector. ” reads the report published by Artic Wolf.

Software

Software Passwords Accountability Encryption

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches linked to the SolarWinds Orion hack, impacting investor trust and highlighting the critical importance of clear, truthful communication. SEC investigators gathered evidence that Unisys Corp.,

CISO

CISO CSO Risk Cyber threats

NSA on Supply Chain Security

Schneier on Security

NOVEMBER 4, 2022

The NSA (together with CISA) has published a long report on supply-chain security: “ Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software.

Software

Software Risk

Majority of SaaS Applications, AI Tools Unmanaged

Security Boulevard

OCTOBER 24, 2024

Unmanaged software as a service (SaaS) applications and AI tools within organizations are posing a growing security risk as vulnerabilities increase, according to a report from Grip Security. The post Majority of SaaS Applications, AI Tools Unmanaged appeared first on Security Boulevard.

Software

Software Risk Security Awareness Cybersecurity

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The “fud” bit stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances. “Ironically, the Manipulaters may create more short-term risk to their own customers than law enforcement,” DomainTools wrote.

Phishing

Phishing Cybercrime Advertising Malware

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

The Last Watchdog

OCTOBER 3, 2024

The rogue extensions can add pop-ups to the active webpage, such as fake software update prompts, tricking users into downloading malware. Ramachandran Vivek Ramachandran , Founder & CEO of SquareX , warned about the mounting risks: “Browser extensions are a blind spot for EDR/XDR and SWGs have no way to infer their presence.

Risk

Risk Password Management Malware Media

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. trillion, the risk of a data breach extends beyond immediate financial losses. trillion and $5.28

Retail

Retail Cyber Risk Risk DDOS

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk

Risk Threat Detection Technology Phishing

Key Takeaways from the CSA Understanding Data Security Risk Survey

Thales Cloud Protection & Licensing

MARCH 3, 2025

Key Takeaways from the CSA Understanding Data Security Risk Survey madhav Tue, 03/04/2025 - 04:32 As hybrid and multi-cloud environments become increasingly popular, identifying, prioritizing, and mitigating data security risks becomes increasingly complex. By gaining insight into how organizations handle risk.

Risk

Risk Encryption Digital transformation Marketing

Safer with Google: Advancing Memory Safety

Google Security

OCTOBER 15, 2024

Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between software and memory 1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities 2 in memory-unsafe codebases are due to memory safety bugs.

Computers and Electronics

Computers and Electronics Software Risk Architecture

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Security Boulevard

MARCH 21, 2025

Check out key findings and insights from the Tenable Cloud AI Risk Report 2025. And get the latest on open source software security; cyber scams; and IoT security. 1 - Tenable: Orgs using AI in the cloud face thorny cyber risks Using AI tools in cloud environments?

Risk

Risk IoT Cybersecurity Manufacturing

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

How to keep your email account safe There are a few things you can do to stay safe from the cookie thieves: Use security software on every device you use. Keep your devices and the software on them up to date, so there aren’t any known vulnerabilities on them. Is convenience worth the risk in this situation?

Accountability

Accountability Authentication Malware Banking

FBI Advising People to Avoid Public Charging Stations

Schneier on Security

APRIL 12, 2023

Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports. How much of a risk is this, really? Carry your own charger and USB cord and use an electrical outlet instead.

Malware

Malware Software Risk

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

SecureWorld News

OCTOBER 23, 2024

Check Point Software Technologies Ltd., The SEC charged the companies with "materially misleading disclosures regarding cybersecurity risks and intrusions." The SEC further noted that Unisys lacked proper internal controls to ensure accurate and timely reporting of such high-risk incidents. Check Point Software Technologies Ltd.

Cybersecurity

Cybersecurity Risk Hacking Software

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Security Affairs

APRIL 28, 2025

In the aftermath, several alternative forums emerged, some demanded entry fees, fueling confusion and raising the risk of scams or government-run honeypots. Rumors ranged from FBI raids and the arrest of the administrator. It served as a marketplace for threat actors to buy and sell stolen data, hacking tools, and compromised credentials. .”

Risk

Risk Hacking Cybercrime Scams

Amazon's Latest Data Breach a Ripple Effect of MOVEit

SecureWorld News

NOVEMBER 13, 2024

The group has been observed leaking stolen data, potentially putting individuals and businesses at risk. Security is a financial risk, especially if these vendors have access to your environment or if sensitive information (like PII) is shared." Shortly after the attacks, the SEC launched an investigation into Progress Software.

Data breaches

Data breaches Identity Theft Education Software

Top 15 Exploited Vulnerabilities of 2023

SecureWorld News

NOVEMBER 12, 2024

This advisory highlights specific vulnerabilities and offers guidance to mitigate risks for software developers and end-user organizations. These vulnerabilities span a range of technologies, from network security appliances to widely used software applications.

Software

Software Passwords Cyber threats Risk

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The charges result from an investigation conducted by the US government into public companies potentially impacted by the supply chain attack on SolarWinds’ Orion software. The federal securities laws prohibit half-truths, and there is no exception for statements in risk-factor disclosures.”

Hacking

Hacking Risk Cybersecurity Government

Let’s Talk About SaaS Risk – Again… This Time, Louder.

Security Boulevard

MAY 20, 2025

SaaS Is the New Enterprise Perimeter Weve long known our software supply chains carry risk. No One Gets to Hide Behind the Shared Responsibility Model Anymore Patrick Opet emphasized the need for a shift in how we approach SaaS security: Software providers must prioritize security over rushing features. And we need to.

Risk

Risk CISO Architecture Firewall

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

As we experienced last week, a single problem in a small piece of software can take large swaths of the internet and global economy offline. It’s not even clear that the information technology industry could exist in its current form if it had to take into account all the risks such brittleness causes.

Marketing

Marketing Software Internet Internet

Experts Flag Security, Privacy Risks in DeepSeek AI App

Regulating AI Behavior with a Hypervisor

Trending Sources

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

Critical Vulnerabilities in mySCADA myPRO Software Pose Significant Risk to Industrial Control Systems

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

The 2025 State of Application Risk Report: Understanding AI Risk in Software Development

News alert: INE secures spot in G2’s 2025 Top 50 education software rankings

DOGE as a National Cyberattack

Ted Chiang on the Risks of AI

The Importance of User Roles and Permissions in Cybersecurity Software

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

News alert: Aptori’s AI-driven platform reduces risk, ensures compliance — now on Google Marketplace

DORA Compliance: A Practical Guide to Effective Third-Party Risk Management

Apple AirPlay SDK devices at risk of takeover—make sure you update

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US

How Spread Betting Platforms Safeguard Traders Against Cyber Risks

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

How ToddyCat tried to hide behind AV software

Russian organizations targeted by backdoor masquerading as secure networking software updates

Opportunities and risks of AI coding assistants

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Attackers exploit SimpleHelp RMM Software flaws for initial access

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

NSA on Supply Chain Security

Majority of SaaS Applications, AI Tools Unmanaged

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Key Takeaways from the CSA Understanding Data Security Risk Survey

Safer with Google: Advancing Memory Safety

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

FBI Advising People to Avoid Public Charging Stations

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Amazon's Latest Data Breach a Ripple Effect of MOVEit

Top 15 Exploited Vulnerabilities of 2023

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Let’s Talk About SaaS Risk – Again… This Time, Louder.

The CrowdStrike Outage and Market-Driven Brittleness

Stay Connected