Tag: risk
-
Why outsourced cyber defenses create systemic risks
Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trustRisk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…
-
Bescherung Cybercrime
Vor allem mittelständische Unternehmen geraten an den Feiertagen verstärkt ins Visier von Cyberkriminellen. Besonders betroffen sind Handel, Logistik, Hotellerie und Gastronomie sowie Produktionsbetriebe. Mit wenigen, gezielten Maßnahmen lässt sich das Risiko jedoch deutlich senken. Die Tage rund um Weihnachten und den Jahreswechsel zählen aus Sicht von Cyberkriminellen zu den besonders attraktiven Zeiträumen für Angriffe auf…
-
Wenn jeder Zugang ein Risiko ist: Insider-Bedrohungen im Zeitalter der Cloud
Das wirft eine entscheidende Frage auf: Wenn ein Gerät durch Malware übernommen wird und der Angreifer dieselben Rechte wie ein legitimer User hat, ist das dann ein Insider-Angriff? Aus Sicht des Zugriffs eindeutig ja. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-jeder-zugang-ein-risiko-ist-insider-bedrohungen-im-zeitalter-der-cloud/a43259/
-
Agentic AI already hinting at cybersecurity’s pending identity crisis
Agentic AI’s identity crisis: Authentication and agentic experts interviewed, three of whom estimate that less than 5% of enterprises experimenting with autonomous agents have deployed agentic identity systems, say the reasons for this lack of security hardening are varied.First, many of these efforts are effectively shadow IT, where a line of business (LOB) executive has…
-
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns.To that end, the agency has added to its Covered List Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country, and all communications and video surveillance…
-
Der Aufstieg des Chief Trust Officers: Wo passt der CISO hinein?
Tags: ai, ceo, cio, ciso, compliance, cyersecurity, finance, governance, grc, office, risk, risk-management, soc, software, vulnerabilityDer Chief Trust Officer steht für einen Wandel von der Verteidigung von Systemen hin zur Sicherung der Glaubwürdigkeit.Immer mehr Unternehmen heben Vertrauen als Unterscheidungsmerkmal für ihr Geschäft hervor. Durch Datenschutzverletzungen, Bedenken hinsichtlich der Produktsicherheit und Unsicherheiten in Bezug auf künstliche Intelligenz hat das Vertrauen der Kunden in den vergangenen Jahren stark gelitten.Wie aus dem Edelman…
-
OpenAI says AI browsers may always be vulnerable to prompt injection attacks
OpenAI says prompt injections will always be a risk for AI browsers with agentic capabilities, like Atlas. But the firm is beefing up its cybersecurity with an ‘LLM-based automated attacker.’ First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/22/openai-says-ai-browsers-may-always-be-vulnerable-to-prompt-injection-attacks/
-
2025 Year in Review at Cloud Security Podcast by Google
Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
NIST issues guidance on securing smart speakers
Smart home devices, such as voice-activated digital assistants, are increasingly used in home health care, with risks involved. An attacker could change a prescription, steal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/22/nist-securing-smart-speakers/
-
UK Government Data Stolen in Cyberattack
Government data has been stolen in a cyberattack, though officials say the risk to individuals remains low, according to a UK minister. The incident has prompted an ongoing investigation and renewed warnings from cybersecurity experts about the long-term risks of state-linked digital espionage. Trade Minister Chris Bryant confirmed the breach in an interview with BBC…
-
Top 10 CERT-In Empanelled Auditors in India in 2026
Organisations today are increasingly exposed to cyber risks originating from unchecked network scanning and unpatched vulnerabilities. At the same time, the rise of malicious large language models like WormGPT and FraudGPT has lowered the barrier for hackers, enabling even less-skilled actors to launch phishing campaigns, create malware, and exploit security gaps with alarming ease. For……
-
Reduzierung menschlicher Fehler als Erfolgsfaktor zur Senkung der IT-Risiken
Tags: riskFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/reduzierung-mensch-fehler-erfolgsfaktor-senkung-it-risiken
-
Senate Intel Chair Warns of Open-Source Security Risks
Top Lawmaker Urges White House to Review Foreign Influence in Open-Source Code. A top Republican in the U.S. Senate warned the White House that foreign adversaries are exploiting trusted open-source software used across federal networks and defense systems, urging the National Cyber Director to lead efforts to monitor contributors and reduce supply chain risk. First…
-
Why Smart Glasses in Hospitals Are Not a Bright Idea
Smart eyewear such as Meta-AI Ray Ban glasses – which sport microphones, cameras and can connect to artificial intelligence – pose emerging patient privacy and other risks especially when worn in healthcare settings, said Garrett Zickgraf of consulting firm LBMC. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/smart-glasses-in-hospitals-are-bright-idea-i-5509
-
Identity Fraud Among Home-Care Workers Puts Patients at Risk
Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/identity-fraud-among-home-care-workers-puts-patients-at-risk
-
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management
Large enterprises today find themselves stuck in the “messy middle” of digital transformation, managing legacy on-premise firewalls from Palo Alto, Check Point, and Fortinet while simultaneously governing fast-growing cloud environments…. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/4-pillars-of-network-risk-reduction-a-guide-to-network-security-risk-management/
-
Cloud Atlas Exploits Office Vulnerabilities to Execute Malicious Code
The Cloud Atlas threat group, active since 2014, continues to pose a significant risk to organizations in Eastern Europe and Central Asia through sophisticated attacks leveraging legacy Microsoft Office vulnerabilities. Security researchers have documented the group’s expanded arsenal and evolving infection chains deployed throughout the first half of 2025, revealing previously undescribed implants and attack…
-
ISMG Editors’: When KYC No Longer Signals Trust
Also: Cyber Insurers Brace for AI Risk, Shopping Agents Rewrite E-commerce. In this week’s ISMG Editors’ Panel, four editors examine how artificial intelligence is quietly reshaping trust, risk and decision-making, from identity verification and cyber insurance to the rise of AI agents in online shopping. The ISMG Editors’ Panel runs weekly. First seen on govinfosecurity.com…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say
Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerabilityFormerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
-
OWASP Drops First AI Agent Risk List
These aren’t simple chatbots anymore”, these AI agents access data and tools and carry out tasks, making them infinitely more capable and dangerous. The post OWASP Drops First AI Agent Risk List appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-owasp-ai-agent-risk-list/
-
Top lawmaker asks White House to address open-source software risks
The Senate Intelligence Committee’s chairman voiced concern about foreign adversaries tampering with code. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/open-source-security-tom-cotton-letter-white-house/808379/
-
Amazon Detects North Korean IT Infiltrator via Latency Clues
Amazon uncovered a North Korean IT infiltrator through keystroke latency, highlighting risks in remote hiring and the need for stronger identity controls. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/amazon-detects-north-korean-it-infiltrator-via-latency-clues/
-
Identity Fraud Among Home Care Workers Puts Patients at Risk
Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/identity-fraud-among-home-care-workers-puts-patients-at-risk
-
UK confirms Foreign Office hacked, says ‘low risk’ of impact to individuals
The British government confirmed on Friday that data held on a Foreign Office system was compromised in a cyber incident this fall that media outlets have attributed to a China-based hacking group. First seen on therecord.media Jump to article: therecord.media/uk-foreign-office-hacked-china
-
Managed Security Service Provider – gestern, heute und künftig – Risiken beim Einsatz von MSSP
First seen on security-insider.de Jump to article: www.security-insider.de/managed-security-service-provider-mssp-risiken-dora-drittparteien-a-c2bd4a62ca9a9188a4a23041e203fcac/