Fernando Sanz de Galdeano Sanz

Reverse engineering Ecovacs vacuum and lawn mowing robots and using Bluetooth RCE to turn them into moving webcams. 👩🏽‍🦯💥👁️🥷 Hardware security expert Dennis Giese shared with the community his method for disassembling, analyzing, and finding vulnerabilities and security issues in home robots. This time, he focused on Ecovacs products like vacuum cleaners, lawn mowing robots, and more. Apart from a very interesting research path and highly effective results, the author shows how easily a device with a camera and connectivity can be turned into a surveillance tool that streams video directly to the attacker's device. The fun fact is: the products are still affected because the company was not interested in fixing them. 🤷‍♂️ Spread the word, and make sure you don’t expose yourself to such threats. Stay safe and secure. More details: Reverse engineering and hacking Ecovacs robots: the bad and the really bad [PDF]: https://lnkd.in/d4eSzD9G #technology #privacy #surveillance #cybersecurity #hacking #Bluetooth #ecovacs #robots #CCTV #cyber

492

1 comentario

🔴Are you still requiring password resets every 90 days?🔴 NIST recommends not doing that. Many orgs are not aware of the most recent NIST password requirements: • Longer is better: 15 characters minimum for single-factor authentication • No mandatory resets every X days: Force change only during risk events • No more complexity rules: Stop forcing users into “P@ssw0rd!123” patterns • Yes to password managers: encourage the use of password managers • Enforce Blocklists: Ban weak/common/breached passwords with an automated blocklist solution Keep in mind that other compliance standards or cyber insurance may have different requirements. In contrast, Microsoft 365 Secure Score still recommends requiring users to change their password every 60 days. Even better, require passwordless solutions. NIST SP 800-63B: https://lnkd.in/ek5_emeU #CyberSecurity #NIST #IdentityProtection #PasswordPolicy #MFA #IdentitySecurity #Entra #ActiveDirectory

390

60 comentarios

Most graphs of the #DigitalIdentity focuses on wallets, authentic sources, and Relying Parties — but often overlooks a crucial piece of the puzzle: Trust Service Providers (#TSP). #TSPs, listed on trusted lists across the EU, are the heart of the #eIDAS ecosystem. They ensure the security model, enable trust, and guarantee that Electronic Attestations of Attributes (#EAAs) are reliable. Their role doesn’t stop at #EAA issuance. #TrustServices also manage the entire lifecycle of each EAA: issuance, suspension, and revocation. #ElectronicAttestation issuers will come in different forms — qualified, public sector, or non-qualified. Yet all of them will operate with the status of a #TrustService, subject to strict security supervision under #eIDAS2. The future of digital identity in Europe rests on this foundation of trust. Without it, the #EUDIWallet cannot work.

98

12 comentarios

🌟 2025-2028: An era of transformation for #CISOs Based on discussions with numerous cyber professionals in the #US 🇺🇸 and #Europe 🇪🇺, I believe the next three years will be defining for my #CISO friends and clients. The role of Chief Information Security Officers will undergo profound changes. Let's delve into four pivotal shifts: 1️⃣ Skyrocketing salaries 💵: The ongoing talent shortage and the still-less-than-glamorous appeal of the #cybersecurity sector will drive salaries through the roof. The job's immense pressure and the need to prepare for personal cyber-liability insurance coverage (when not covered by D&O insurance policies) will further fuel this trend. Additionally, expect increased scrutiny by regulators around CISO equity and bonuses💰 to ensure CISOs remain motivated to report incidents transparently. 2️⃣ Splitting the #CISO Role 👥: The system of lines of defense is gaining popularity across all sectors, not just finance. Many CISOs are shifting to a second-line role focused on strategy, risk management, and assurance/testing 🔎. Consequently, we're seeing the emergence of technology-focused CISOs under the #CIO, responsible for execution. For years, we've debated whether the CISO should report to the risk officer or the CIO. Now, it's both... with two distinct individuals 📈 3️⃣ #CISO Stratification 🧭: Companies are increasingly choosing their CISOs based on their current cybersecurity posture. Post-incident? They call in crisis CISOs to manage the fallout🔥 Facing regulatory pressure? They hire remediation CISOs to build large-scale cybersecurity plans. In stable times, BaU CISOs keep things running smoothly. This shift is creating clear tiers within the profession, with distinct profiles emerging 👥 - and driving faster turnover as organizations switch leaders to fit the moment. It’s especially true in U.S. banks, where the average CISO tenure is now just 30 months! 4️⃣ Evolution to #CSO: Cybersecurity functions are increasingly overlapping with other security domains like product security, e-fraud, IT risk, and operational resilience 🌐. Businesses are demanding more coherence in security practices, and some areas like #InsiderThreat are managed inconsistently. In the next three years, we'll likely see key services extending beyond cybersecurity, such as Fusion Centers (an evolution of SOCs🔎) and Business Intelligence (an extension of #ThreatIntelligence). The good news is that the CSO is now perfectly positioned to integrate #IAM, which has been neglected for years in the organization ;-) These predictions are not just about salary or minor changes but signal a paradigm shift in how we perceive and value the role of cybersecurity leaders 📈. #CISOs are not just tech guardians; they are strategic business enablers and risk managers! Let's watch these predictions unfold in the next three years and prepare to support our CISO community! 🎯 #GetReady #Transformation

114

7 comentarios

"Explained: GPAI Code of Practice - Safety & Security Chapter 1", co-prepared by Matthias Samwald, Marta Ziosi, Alexander Zacherl, Yoshua Bengio, Daniel Privitera, Nitarshan R., Marietje Schaake, Anka Reuel, & Markus Anderljung, and published now in July 2025 by AI & Partners. 👇 This report outlines the safety and security practices set out in the #GPAI Code of Practice. The document details commitments and measures for systemic risk assessment, mitigation, and reporting. It outlines evaluation protocols, defines responsibilities, and promotes a strong risk culture. It also includes appendices on model evaluations, risk scenarios, and robust security mitigation #strategies. Link: https://lnkd.in/d8zUpErq #artificialera #web3 #web4 #web5 #fintech #digitalera #digitaltransformation #ailaw #machinelearning #deeplearning #generativeAI #trustworthyAI #explainableAI #aiethics #artificialintelligence #explainableAI #responsibleAI #foundationmodels #GPAI #GAI #LLMs #NLPs #GenAI #frontierAI #narrowAI #AGI #ethicalAI #adversarialAI #RAG #agenticAI #AIagents

93