Tag: transparency
169 articles
ATT&CK Evaluations: Stunning Vendor Exodus Sparks Risk
Three major cybersecurity vendors pulled out of MITRE’s ATT&CK Evaluations over methodology and transparency concerns, leaving buyers with fewer apples‑to‑apples comparisons and prompting a push for clearer, fairer testing. MITRE says it will revise the program — but rebuilding trust will take visible changes and broader industry buy‑in.
serious cyber incidents: Crucial Risky One-Hour Rule
China’s new one-hour rule forces network operators to report “serious” cyber incidents almost instantly — a move that could speed containment and national coordination but also forces painful trade-offs between accuracy, privacy and operational reality.
CVE program: Must-Have Global Control Sparks Risky Debate
CISA wants a bigger role running the CVE vulnerability list — promising more stability and coordination but sparking worries that government control could politicize a vital global standard.
data breaches in schools: Urgent Exclusive Warning
A new ICO warning shows student hacks are increasingly exposing sensitive school data and could be training tomorrow’s cybercriminals. Schools urgently need practical security upgrades, ethics lessons and better funding to protect pupils and restore parental trust.
attacker surveillance: Exclusive Risky Ethics Debate
Huntress’s cheeky description of an attacker “on a silver platter” has split infosec — praised by some as a rare, practical learning moment and criticized by others for risking privacy, investigative integrity, and even giving attackers tips. The debate highlights a bigger question: how can defenders share real-world lessons widely without creating new vulnerabilities or harming victims?
Online Safety Act: Must-Have Fixes for Risky Enforcement
Experts warn Ofcom’s roll-out of the Online Safety Act risks becoming a lottery: unclear rules, technical hurdles and uneven enforcement could harm free expression and stifle smaller platforms unless the regulator clarifies duties, boosts transparency and builds technical capacity.
agentic AI: Must-Have, Risky Tool for Government
Agentic AI can turbocharge government services—speeding claims, coordinating complex workflows, and scaling scarce expertise—while also raising urgent questions about accountability, bias, and trust. Policymakers must balance innovation with auditable design, human oversight, and clear redress so these powerful tools serve citizens rather than undermine them.
malicious npm code: Critical Risk, Must-Have Defenses
Think supply chain attacks are theoretical? Wiz found malicious npm code in about 10% of cloud environments — proof a single tainted dependency can ripple across services. Treat dependencies like security controls: use SBOMs, provenance checks, and runtime defenses to keep builds safe without slowing teams down.
artificial intelligence: Stunning Fix or Risky Failure
Can AI rescue U.S. military recruiting after COVID upended pipelines and eligibility? AI can streamline outreach and speed processing, but it’s no silver bullet—rebuilding trust, policy fixes, and human engagement are still essential.
MFA rollout Disastrous: Must-Have Fixes for Delays
The rushed PACER MFA rollout has left lawyers on hold for hours and courts scrambling — a stark reminder that security upgrades need phased rollouts, better user support, and simple recovery options so access and justice aren’t delayed.
artificial intelligence Must-Have Reforms to Avoid Risk
AI can make government faster and fairer—but left unchecked it risks concentrating power, eroding accountability, and amplifying bias. Thoughtful rules, independent audits, and public participation can keep innovation from becoming a cover for opaque, unchallengeable decisions.
Rewiring Democracy: Exclusive Must-Have Roadmap
In Rewiring Democracy, Bruce Schneier and Nathan Sanders warn that AI is reshaping our institutions and offer an urgent, practical roadmap to embed transparency, accountability, and human oversight so democracies can reap AI’s benefits without losing public trust. Covering elections, lawmaking, administration, courts, and civic life, their concrete reforms show how governments can act now to prevent opacity and strengthen democratic norms.
cookie privacy failures: Stunning Harsh Fines Exposed
France’s privacy watchdog hit Google and SHEIN with big fines for dropping tracking cookies and serving ads without proper consent — a wake-up call that could reshape online advertising and give users real control over their data.
commercial surveillanceware: Exclusive, Risky Threat
Surveillance companies are cashing in on powerful spyware sold to governments, but secrecy and weak oversight mean tools meant for crime-fighting often end up used against journalists, activists and political rivals. It’s time to tighten rules and hold vendors and buyers accountable before privacy and democratic norms are further eroded.
security reforms Must-Have Fixes After Risky Afghan Leak
As ministers prepare to face Parliament, a confidential review of the 2021 Afghan data leak says crucial security reforms remain unimplemented — critics warn that those delays leave vulnerable people exposed and risk turning one breach into a systemic failure.
authentication bypass vulnerability: Critical Must-Have Fix
Click Studios has released an urgent patch for Passwordstate to fix a potential authentication bypass—update to 9.9 (Build 9972) now. After patching, audit logs and consider rotating high-value credentials to ensure your vault remains secure.
PayPal direct debits: Stunning Risky Outage Hits Europe
When PayPal’s fraud engines tripped this week, banks across Europe blocked billions in SEPA direct debits, leaving shoppers and merchants with bounced orders, stalled subscriptions and frayed cash flows. The episode is a wake-up call about how fragile automated fraud controls can be—and why faster communication, human review and better coordination between banks and payment platforms are essential.
Chargers fans Exposed: Shocking Bias Threatens Trust
A Harvard-led study suggests ChatGPT may be more likely to refuse questions from suspected LA Chargers fans than other NFL supporters, raising a surprising but serious fairness question about how safety guardrails can unintentionally silence certain groups.
cybersecurity incident: Stunning Risky Nevada Outage
Nevada is racing to restore state services after a network security incident left offices closed and phone lines and websites offline, disrupting everything from licensing to benefits. Officials say recovery is underway as residents wait for clearer timelines and reassurance about service access and data safety.
SBOM minimums Must-Have Best Practices
CISA is revisiting its 2021 SBOM minimums and asking stakeholders for input to strike the right balance between useful, machine-readable inventories that speed vulnerability response and safeguards that prevent sensitive detail from aiding attackers. The update could nudge industry toward interoperable, automatable SBOMs while building practical options for protecting proprietary or security-sensitive information.
Orange Belgium customers: Stunning Risky Breach 850K
A massive breach at Orange Belgium has put about 850,000 customers’ personal details into criminal hands, raising risks like SIM‑swap, targeted phishing and identity theft. If you might be affected, check what was exposed, lock down your carrier account with app‑based 2FA or a unique PIN, and be extra skeptical of unsolicited calls, texts or emails.
PromptFix attacks: Must-Have Defenses vs Risky Threats
Researchers warn of a new PromptFix attack that hijacks the prompts and data feeding agentic AIs, letting attackers steer, confuse, or corrupt assistants without touching the underlying models. As these agents enter everyday tools, layered protections like provenance checks, least‑privilege actions, and better monitoring are essential to keep them safe.
M365 Copilot Exclusive Risk Alert: Critical Silence
Imagine someone fixed a door in your house without telling you it was open—would you sleep easier? Microsoft’s quiet patch to an M365 Copilot security bypass, applied without a CVE or public advisory, has left IT teams scrambling for visibility, compliance proof, and clear guidance.
cyber intrusion: Exclusive Risky CIRO Data Breach
CIRO, the regulator that holds sensitive data on advisors and investors, has disclosed a cyber intrusion that could have exposed personal and firm information—raising urgent questions about privacy and market trust. The organization says it’s investigating and notifying affected people, but clear timelines and concrete remediation will be essential to restore confidence.