Jane Frankland

JANUARY 16, 2024

In last week’s blog I started to explore the pros and cons of using an MDR provider and whether it’s better choosing a boutique provider over that of a traditional big brand. This week, I’m focused on the second feature – contract terms. Core Feature #2.

Marketing 130

Marketing CISO Cybersecurity Technology 130

Schneier on Security

MAY 24, 2022

The new policy states explicitly the longstanding practice that “the department’s goals for CFAA enforcement are to promote privacy and cybersecurity by upholding the legal right of individuals, network owners, operators, and other persons to ensure the confidentiality, integrity, and availability of information stored in their information systems.”

Hacking 242

Hacking Cybercrime Accountability Cybersecurity 242

Troy Hunt

OCTOBER 19, 2023

I did it again - I tweeted about Twitter doing something I thought was useful and the hordes did descend on Twitter to tweet about how terrible Twitter is. Ironically, continuing to use Twitter to have a rant about stuff just shows that Twitter is just the same as it always was 🤣 References Sponsored by: Got Linux?

Marketing 241

Marketing Accountability 241

Security Boulevard

FEBRUARY 15, 2024

The Federal Trade Commission is warning AI companies against secretly changing their security and privacy policies in hopes of leveraging the data they collect from customers to feed models they use to develop their products and services.

Data privacy 120

Data privacy Security Awareness Mobile Cybersecurity 120

Schneier on Security

MAY 7, 2021

One local told the Chunichi Shimbun newspaper that while the statue may be effective in the long run, the money could have been used for “urgent support,” such as for medical staff and long-term care facilities. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

205

205

Schneier on Security

AUGUST 7, 2023

A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. I think we are grossly underestimating the long-term results of the SolarWinds attacks. News articles.

Authentication 225

Authentication Government Hacking Accountability 225

Malwarebytes

OCTOBER 2, 2023

Meta has likely been using those posts to train its AI, according to the company's top policy executive. In an interview with Reuters , Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large language model) that feeds into its new Meta AI virtual assistant.

Media 142

Media Artificial Intelligence Risk Cybersecurity 142

Security Boulevard

APRIL 11, 2024

Apple reportedly is alerting iPhone users in 92 countries that they may have been the targets of attacks using “mercenary spyware,” a term that the company is now using in such alerts in place of “state-sponsored” malware.

Spyware 67

Spyware Malware Data privacy Security Awareness 67

Security Boulevard

NOVEMBER 30, 2022

Cloud security is broad and complex by nature – but it comes with a lot of specific terms and acronyms. That’s why we put together this continuously growing glossary of cloud security terms. Use this as a guide to help you unravel the nuances of cloud security and successfully navigate through the field.

124

124

CyberSecurity Insiders

OCTOBER 3, 2022

There is a confusion among a few that the terms Information Security and Cybersecurity are the same as the two areas take the same strides to a large extent. The term InfoSec aka Information Security is often used to determine availability of the systems and to protect the data integrity and confidentiality.

Information Security 128

Information Security Cybersecurity Computers and Electronics InfoSec 128

The Hacker News

SEPTEMBER 11, 2023

With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren’t familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software development.

Software 121

Software 121

WIRED Threat Level

NOVEMBER 28, 2023

Musk’s recent use of the term “Q*Anon” is his most explicit endorsement of the movement to date. Conspiracists have since spent days dissecting its meaning and cheering on his apparent support.

100

100

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. 9, 2024, U.S.

Social Engineering 305

Social Engineering Mobile Cybercrime Passwords 305

Schneier on Security

AUGUST 18, 2023

Interesting research: “ An Empirical Study & Evaluation of Modern CAPTCHAs “: Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve.

Accountability 197

Accountability 197

Security Affairs

APRIL 26, 2024

This included search terms used in their health encyclopedia. In a notice filed with the US government, the integrated managed care consortium disclosed a data breach impacting 13.4 Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States.

Data breaches 120

Data breaches Healthcare Mobile Advertising 120

Schneier on Security

JANUARY 19, 2023

As another, we demonstrate a compression-based side-channel attack that recovers users’ long-term private keys through observation of the size of Threema encrypted back-ups. The app uses a custom-designed encryption protocol in contravention of established cryptographic norms.

Encryption 292

Encryption Authentication Advertising Government 292

CyberSecurity Insiders

DECEMBER 28, 2022

Most of you connected to the world of data are in a misconception that both the terms data privacy and data security are same and are just the synonyms. So, never mix up both the terms to be same i.e., Data Security and Data Privacy as they technically way apart.

Data privacy 114

Data privacy Data breaches Cyber Attacks Encryption 114

Joseph Steinberg

FEBRUARY 2, 2022

As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure. Yes, 200 seconds for a de facto prototype vs multiple millennia for a mature super computer.

Encryption 346

Encryption Artificial Intelligence Risk Engineering 346

Security Boulevard

DECEMBER 6, 2023

The Ostrich platform provides both an innovative control framework assessment solution and a fully Open FAIR™ compliant CRQ tool to model risk in financial terms. We look forward to jointly delivering solutions to the cybersecurity community to effectively address cyber risk in quantifiable terms.” Learn more here.

Cyber Risk 109

Cyber Risk Risk Cybersecurity Cyber threats 109

Troy Hunt

JANUARY 29, 2024

That's the analogy I often use to describe the data breach "personal stash" ecosystem, but with one key difference: if you trade a baseball card then you no longer have the original card, but if you trade a data breach which is merely a digital file, it replicates. Ashley Madison.

Data breaches 273

Data breaches Passwords Advertising Personal Security 273

Anton on Security

JANUARY 3, 2023

to me, this reminds the security teams and SOCs in particular that in the cloud they need to move at cloud speed… A short-term system compromise is still compromise — and you are still owned, even if you are owned 1000 times of 10 minutes each :-)] “Threat actors diversified their initial access vectors. . — to

Cybersecurity 185

Cybersecurity Backups DDOS Accountability 185

Bleeping Computer

DECEMBER 7, 2023

As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company. [.]

Data breaches 87

Data breaches 87

The Last Watchdog

JUNE 23, 2022

Seeking to minimize cybersecurity threat effects, the SEC has proposed several amendments requiring organizations to report on cyber risk in a “fast, comparable, and decision-useful manner.”. Cyber risk officers can use FAIR to quantify cyber risk in financial terms, a language familiar to business executives and boards of directors.

Cyber Risk 221

Cyber Risk Risk Cybersecurity Cyber threats 221

Schneier on Security

DECEMBER 19, 2023

If OpenAI are training on data that they said they wouldn’t train on, or if Facebook are spying on us through our phone’s microphones, they should be hauled in front of regulators and/or sued into the ground. On a personal level we risk losing out on useful tools. At least, in the US. Here’s CNBC. Here’s Boing Boing.

Government 250

Government Banking Risk Internet 250

Security Boulevard

APRIL 11, 2024

What you will not see in these papers is anything to do with robot rebellion or some such long-term potential threats. experts on this here and they’re not us. From turnkey to custom: Tailor your AI risk governance to help build confidence” covers shared responsibility for securing AI across several scenarios (very useful!)

Artificial Intelligence 62

Artificial Intelligence Government Risk Technology 62

The State of Security

MAY 17, 2022

A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I don’t blame the family member for using it, I’ve seen it used hundreds of times over the past few years and I’ve seen IT and […]… Read More.

Media 117

Media Accountability Hacking 117

CyberSecurity Insiders

APRIL 23, 2023

In recent years, the term “offensive cyber capabilities” has become increasingly common in discussions around national security and military strategies. Such capabilities can be used to disable an adversary’s critical systems, such as communication networks or power grids, without ever setting foot on their territory.

Cyber Attacks 121

Cyber Attacks Technology Government Ransomware 121

Security Boulevard

MARCH 12, 2024

The terms "machine learning" and "artificial intelligence" are frequently used in cybersecurity, often interchangeably, leading to confusion about their precise meanings and applications. What are the disparities between them? And how do these technologies converge to bolster cyber resilience?

Artificial Intelligence 67

Artificial Intelligence Cybersecurity Technology 67

Security Boulevard

NOVEMBER 27, 2023

Shift Left… it’s a term used almost ubiquitously across application security by both security practitioners implementing programs, regardless of scale, as well as just about every vendor selling an application security solution.

Software 103

Software Risk 103

CSO Magazine

NOVEMBER 2, 2021

Used to simplify complex terminology or boost sales and marketing campaigns, buzzwords are an inescapable reality for an innovative and fast-paced industry like information security. However, such terms are not always helpful and can be inaccurate, outdated, misleading, or even risk causing harm. Sign up for CSO newsletters. ].

Cybersecurity 143

Cybersecurity CSO Marketing Information Security 143

Security Affairs

AUGUST 7, 2023

Zoom changed its terms of service requiring users to allow AI to train on all their data without giving them an opt-out option. Zoom updated its terms of service and informed users that it will train its artificial intelligence models using some of its data. Service Generated Data; Consent to Use. “ 10.2

Artificial Intelligence 98

Artificial Intelligence Data collection Software Marketing 98

Security Affairs

DECEMBER 31, 2023

Google has agreed to settle a $5 billion privacy lawsuit, which alleged that the company monitored individuals using the Chrome “incognito” mode. Google agreed to settle a $5 billion privacy lawsuit over claims that the company monitored online activity of people who used the ‘incognito’ mode in its Chrome web browser.

Data collection 127

Data collection Advertising Hacking Technology 127

Security Boulevard

MAY 23, 2022

While the terms might be more familiar to fans of old-fashioned cowboy films, “white hat” and “black hat” have found modern relevance in the world of computer hacking. Today, these terms are now used to identify two types of hackers : white hat hackers and black hat hackers. .

Cybersecurity 109

Cybersecurity Hacking 109

Security Boulevard

JULY 11, 2023

The license stipulates the terms and conditions for using the software and outlines the rights and responsibilities of both the software publisher and the user. Software licensing is a critical aspect of every software purchase decision.

Software 98

Software 98

Bleeping Computer

NOVEMBER 17, 2022

Microsoft has urged developers still using the long-term support (LTS) release of .NET NET Core 3.1 to migrate to the latest.NET Core versions until it reaches the end of support (EOS) next month. [.].

97

97

CSO Magazine

SEPTEMBER 16, 2021

This is highlighted in a new McAfee report about a long-term compromise discovered on a customer network that started out as a simple malware infection investigation. The group behind the attack was using Winnti, a custom backdoor program that's believed to be shared by multiple Chinese APT groups.

Manufacturing 118

Manufacturing Malware 118

Malwarebytes

APRIL 22, 2024

Scraping and selling data about minors, especially without consent, is illegal in most parts of the world, including the US. If we determine that violations of our Terms of Service and Community Guidelines have occurred, we will take appropriate steps to enforce our policies. It’s available for anyone on the regular web.

Cryptocurrency 117

Cryptocurrency Internet Internet Accountability 117