ISACA – Can Hardening Reduce Cyberrisk?
“An often overlooked means to significantly reduce risk has been hardening systems, technologies, and network infrastructure. “
Cybersecurity Dive – Memory-unsafe code runs rampant in critical open-source projects
“CISA and the FBI are part of an international effort to eliminate memory-unsafe languages which were found in more than half of critical open-source projects.”
The Hacker New: New Research Warns About Weak Offboarding Management and Insider Risks
“Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to quickly and thoroughly remove access for departing employees introduces serious insider threats, leaving a company vulnerable to multiple kinds of risks, such as data breaches, intellectual property theft, and regulatory non-compliance. “
Axios: Generative AI’s privacy problem
“Privacy is the next battleground for the AI debate, even as conflicts over copyright, accuracy and bias continue.“
CSY – Over de risico’s van phishing e-mails en ransomware – Casus: de hack bij Maastricht University
Een overzicht van de UMaastricht rasomware aanval in 2019, dit in 14 handige slides (met enkele interessante tests).
TechCrunch – ChatGPT is violating Europe’s privacy laws, Italian DPA tells OpenAI
“OpenAI has been told it’s suspected of violating European Union privacy, following a multi-month investigation of its AI chatbot, ChatGPT, by Italy’s data protection authority.”
Helpnetsecurity – What makes ransomware victims less likely to pay up?
“There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more.”
De Tijd – Europa beschermt gevoelige technologie tegen China
“De concurrentie in sleuteltechnologie speelt ook een rol bij onderzoek bij universiteiten en onderzoeksinstellingen. ‘Lidstaten mogen niet blind zijn voor de risico’s die inherent zijn aan internationale samenwerking.’”
De Tijd – Hacking beurswaakhond SEC gebeurde door sim-swap
“De SEC zei ook dat de multifactorauthenticatie van zijn X-account afgelopen juli was uitgeschakeld en pas na het incident weer werd ingeschakeld. De multifactorauthenticatie is nu ingeschakeld op alle sociale media van de SEC, zegt de toezichthouder. “
De Tijd: Verbod op samenwerking met zeven risicovolle Chinese universiteiten
“Vlaanderen verbiedt de samenwerking van kennisinstellingen en universiteiten met zeven Chinese universiteiten, uit vrees dat ze gedeelde kennis inzetten voor militaire ontwikkelingen. “