NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

⚠️ Update Your Site

I've noticed that many sites on the Fediverse are running very outdated versions of Mastodon or Misskey — sometimes more than a year old.

Software updates don’t just add new features — they also include important security fixes. To keep your site secure and running smoothly, make sure you're using the latest version of your platform.

#Mastodon #Missykey #Fediverse #ActivityPub #PixelFed #PeerTube #Loops #InfoSec #Security #InfoSecurity

NEW, by me, the one some of you have been asking about:

Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records

https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.

#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA

@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs

⚠️ Daq yIchu' Fediverse Daq law' qettaH Mastodon ghap Misskey — rut puS wa' DIS. chu' features neH chel software updates, 'ach je potlh Hung tI' ngaS. Daq SoH ngaq 'ej Qapchu' Qapchu', latest version platform yIlo'! #Mastodon #Missykey #Fediverse #ActivityPub #PixelFed #PeerTube #Loops #InfoSec #Security #InfoSecurity

⚠️ Update Your Site

I've noticed that many sites on the Fediverse are running very outdated versions of Mastodon or Misskey — sometimes more than a year old.

Software updates don’t just add new features — they also include important security fixes. To keep your site secure and running smoothly, make sure you're using the latest version of your platform.

#Mastodon #Missykey #Fediverse #ActivityPub #PixelFed #PeerTube #Loops #InfoSec #Security #InfoSecurity

Hey folks, I'm currently working on a thing for a company, and I need a brainstorm buddy as my team went on a corporate retreat.

It has to do with risk management.

Let's say we have a qualitatively assessed risk that was initially based mostly on vibes rather than solid data.

Now let's say we have an incident that stems from this specific risk. At the end of the incident, we need to re-assess the risk based on the data we collected.

Now, the requirement is a risk model that accommodates a shift from qualitative assessment to quantitative, starting with a single occurrence.

Anyone knows any papers on the topic or dealt with something similar? From my past experience quantitative risk in cybersec is mostly bullshit anyway and everyone just kind of makes up numbers, especially for probability/frequency, just so they can get a bigger budget approved, which kind of goes against the spirit of risk management in my eyes.

My current train of thought is the following:
The risk model should calculate the risk not based on the traditional impact * probability formula, but something more detailed, like a weighted score based on the threat characteristics multiplied by asset value divided by current defence capability multiplied by real-world statistics.
Based on the incident, we first adjust our threat model, possibly tweaking some numbers, then have a critical look at our capability and adjust that based on the results of the root cause analysis, and then add a statistical multiplier with the default value of 1.

Then for every incident within the same year we multiply the statistical multiplier by 2, and every year without this risk being triggered we divide it by 2.

Also every year a threat model gets reviewed based on OSINT, updated, risks get recalculated.

Also also every year the independent audit cycle happens, controls get assessed, maturity scores get updated, risks get recalculated.

At that point the risk team only needs to get threat modelling reports, audit reports, new asset inventories, and interview asset owners to verify there were no changes in asset value.

Thoughts?

#infosec #infosecurity #informationsecurity #cyber #cybersec #cybersecurity #riskmanagement