The PDF sent by email is protected with a password predictably constructed from lower case letters of the name and a number, but

Title: 70yH]>™}mêÆíÝš<š!g_2ÓN°Úø−oˇQé½
Author: âÂævq\²˙)ΔȬKŒÁ‹Öˇ@(*õBS:2VÅ
Subject: Ý®§¹¿[‰ÉŒ@Ë˶(ÒaG î¢' œÉñ´€ðò
Keywords: ŸJô¼éN„®Bô¨.˜–A)ø 15&àD%4Ñ
Creator: ý1Jı¿6Ì;Ç˙0rz4˚—‘õh<†9_ªtôhâˇnnL"I)úv!¥˛fiÌÆ&â
Producer: y"a.Û�†ë˘łmS˚P\B cì¦%8˝ł�Þ˚› t⁄¹c‰6åóUÀ˛’fþô

#PortableDocumentFormat #Encryption #Password #InformationSecurity #InfoSec #CyberSecurity

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

https://thehackernews.com/2025/07/google-ai-big-sleep-stops-exploitation.html

Hey folks, I'm currently working on a thing for a company, and I need a brainstorm buddy as my team went on a corporate retreat.

It has to do with risk management.

Let's say we have a qualitatively assessed risk that was initially based mostly on vibes rather than solid data.

Now let's say we have an incident that stems from this specific risk. At the end of the incident, we need to re-assess the risk based on the data we collected.

Now, the requirement is a risk model that accommodates a shift from qualitative assessment to quantitative, starting with a single occurrence.

Anyone knows any papers on the topic or dealt with something similar? From my past experience quantitative risk in cybersec is mostly bullshit anyway and everyone just kind of makes up numbers, especially for probability/frequency, just so they can get a bigger budget approved, which kind of goes against the spirit of risk management in my eyes.

My current train of thought is the following:
The risk model should calculate the risk not based on the traditional impact * probability formula, but something more detailed, like a weighted score based on the threat characteristics multiplied by asset value divided by current defence capability multiplied by real-world statistics.
Based on the incident, we first adjust our threat model, possibly tweaking some numbers, then have a critical look at our capability and adjust that based on the results of the root cause analysis, and then add a statistical multiplier with the default value of 1.

Then for every incident within the same year we multiply the statistical multiplier by 2, and every year without this risk being triggered we divide it by 2.

Also every year a threat model gets reviewed based on OSINT, updated, risks get recalculated.

Also also every year the independent audit cycle happens, controls get assessed, maturity scores get updated, risks get recalculated.

At that point the risk team only needs to get threat modelling reports, audit reports, new asset inventories, and interview asset owners to verify there were no changes in asset value.

Thoughts?

#infosec #infosecurity #informationsecurity #cyber #cybersec #cybersecurity #riskmanagement

What is quishing?

https://www.cbc.ca/news/canada/qr-code-scams-quishing-1.7587253
- - -
Qu’est-ce l’hameçonnage par code 2D?

// Article en anglais //

#Phishing #Quishing #QRCode #Hameçonnage #Code2D #InfoSec #InformationSecurity #Cybersécurité

Can AI help you examine leaked data safely?
If you do it right, it can...

In this blog post, our Luke Davis looks at how internal chatbot systems, built on private large language models, can support forensic investigations.

He shows how AI can help find important information in big datasets and speed up analysis.

📌Read here: https://www.pentestpartners.com/security-blog/using-ai-chatbots-to-examine-leaked-data/

To make sure the AI output is correct, it should always be checked against the raw dataset.

#CyberSecurity #ArtificialIntelligence #DigitalForensics #ThreatIntelligence #DataSecurity #InformationSecurity

Co-op (United Kingdom 🇬🇧 ) has seen data of its 6.5 million members stolen. The hackers also left with the Active Directory Domain Services database 😬

https://www.bleepingcomputer.com/news/security/co-op-confirms-data-of-65-million-members-stolen-in-cyberattack/
- - -
Co-op (Royaume-Uni 🇬🇧 ) s’est vu dérober les données de ses 6,5 millions de membres. Les pirates sont également partis avec la base de données des services de domaine Active Directory 😬

// Article en anglais //

#UK #UnitedKingdom #RoyaumeUni #CoOp #InfoSec #InformationSecurity #Cybersécurité

Thousands of Afghans have been brought to Britain in secrecy after a data leak

LONDON (AP) — Thousands of Afghans, including many who worked with British forces, have been secretly resettled in…
#NewsBeep #News #Topstories #Afghanistan #Afghanistangovernment #Conservatism #Courts #Crime #Cybercrime #Generalnews #Headlines #Informationsecurity #JohnHealey #Lawenforcement #MartinChamberlain #SeanHumber #Taliban #UnitedKingdom #UnitedKingdomgovernment #Worldnews
https://www.newsbeep.com/3453/

📣Opgelet: ken of ben jij een Information Security Officer (ISO) ? Check dan onze #VACATURE: https://sidn.nl/werken-bij-sidn/information-security-officer-iso

📍𝗟𝗼𝗰𝗮𝘁𝗶𝗲: 𝗵𝘆𝗯𝗿𝗶𝗱𝗲, 𝗸𝗮𝗻𝘁𝗼𝗼𝗿 𝗶𝗻 𝗔𝗿𝗻𝗵𝗲𝗺
💰𝗦𝗮𝗹𝗮𝗿𝗶𝘀: € 𝟰.𝟬𝟰𝟬,- 𝘁𝗼𝘁 € 𝟱.𝟲𝟬𝟬,- 𝗼𝗽 𝗯𝗮𝘀𝗶𝘀 𝘃𝗮𝗻 𝟰𝟬 𝘂𝘂𝗿 𝗽/𝘄
☕𝗞𝗼𝗳𝗳𝗶𝗲 𝘀𝘁𝗮𝗮𝘁 𝗸𝗹𝗮𝗮𝗿 𝘃𝗼𝗼𝗿 𝗲𝗲𝗻 𝗼𝗿𝗶ë𝗻𝘁𝗲𝗿𝗲𝗻𝗱 𝗴𝗲𝘀𝗽𝗿𝗲𝗸

#iso #vacature #InformationSecurity #SIDN