Schneier on Security

DECEMBER 7, 2022

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function.

Architecture 251

Architecture Authentication 251

Schneier on Security

OCTOBER 22, 2021

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.

Telecommunications 344

Telecommunications Architecture Mobile Hacking 344

Schneier on Security

MARCH 12, 2021

Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by attackers to footprint and later attack an organization.

Architecture 361

Architecture Software 361

The Last Watchdog

OCTOBER 23, 2023

Splunk’s inability to migrate to a modern cloud-native architecture makes it difficult to take advantage of these cost-saving benefits or implement advanced data science use cases critical for threat detection. Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories.

Architecture 261

Architecture Threat Detection Engineering Data collection 261

Schneier on Security

JULY 30, 2021

ESP introduces a new client-side encryption architecture that includes a novel format-preserving image encryption algorithm, an encrypted thumbnail display mechanism, and a usable key management system. We have created Easy Secure Photos (ESP) to enable users to protect their photos on cloud photo services such as Google Photos.

Encryption 363

Encryption Architecture Mobile 363

Schneier on Security

OCTOBER 11, 2022

We conclude that machine-learning model security requires assurance of provenance along the entire technical pipeline, including the data, model architecture, compiler, and hardware specification.

Architecture 363

Architecture Software 363

PCI perspectives

NOVEMBER 18, 2024

Recently, PCI SSC published a new information supplement called PCI DSS Scoping and Segmentation Guidance for Modern Network Architectures. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council.

Architecture 109

Architecture 109

Malwarebytes

MARCH 19, 2024

How does a company navigate over 80 years of technical debt? Which tools do a security team of 5 rely on everyday? What threats are considered most dangerous?

Architecture 114

Architecture Cybersecurity Technology 114

Schneier on Security

NOVEMBER 29, 2024

If the stop button isn’t pressed, then ‘Second Thoughts’ is triggered. What’s interesting here is that the model itself isn’t being exploited.

Architecture 295

Architecture Artificial Intelligence 295

Tech Republic Security

SEPTEMBER 14, 2023

Red Box provides the open architecture for data capture. Uniphore then feeds that data into U-Capture, its conversational AI automation tool.

Data collection 195

Data collection Architecture Artificial Intelligence Big data 195

Cisco Security

JUNE 13, 2024

According to AppOmni’s 2023 State of SaaS Security report, 79% of organizations reported a SaaS security incident during the preceding 12-month period. As enterprises incrementally store and process more sensitive data in SaaS applications, it is no surprise that the security of these applications has come into greater focus.

Architecture 104

Architecture 104

Schneier on Security

MAY 16, 2022

It took us a couple of decades to fully understand von Neumann computer architecture. I’m sure it will take years of working with a functional quantum computer to fully understand the limits of that architecture. And some things that we think of as computationally hard today will turn out not to be.

Architecture 241

Architecture Cybersecurity Encryption 241

Schneier on Security

JUNE 10, 2021

Second, we show that our markpainting technique is transferable to models that have different architectures or were trained on different datasets, so watermarks created using it are difficult for adversaries to remove. This can be designed to reconstitute a watermark if the editor had been trying to remove it.

Architecture 338

Architecture Software 338

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity 322

Cybersecurity Engineering CISO Architecture 322

The Last Watchdog

JUNE 5, 2024

Seclore facilitates data protection in a global productivity ecosystem that’s constantly shifting between on-premises, hybrid and cloud architectures. “We can ensure that only authorized users have access and can perform specific actions such as reading, editing, or printing,” he says.

Architecture 289

Architecture Marketing Internet Internet 289

Schneier on Security

JUNE 30, 2022

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities.

Malware 226

Malware DNS Architecture Hacking 226

Kali Linux

OCTOBER 21, 2024

The i386 architecture has long been obsolete, and from this week, support for i386 in Kali Linux is going to shrink significantly: i386 kernel and images are going away. Some terminology first Let’s start with the terms used in Kali Linux to talk about CPU architectures. amd64 refers to the x86-64 architecture, ie.

Architecture 144

Architecture Software 144

Schneier on Security

AUGUST 8, 2022

It took a couple of decades to fully understand von Neumann computer architecture; expect the same learning curve with quantum computing. Our current understanding of quantum computing architecture will change, and that could easily result in new cryptanalytic techniques. The second uncertainly is in the algorithms themselves.

Encryption 358

Encryption Architecture Engineering Information Security 358

The Last Watchdog

JULY 19, 2023

Yokohama added that the first step CISOs must take is to thoughtfully establish a meaningful security architecture, one that addresses the organization’s distinctive needs and also takes into account operations and governance. the architecture must come first, and then they can decide which product choices they would prefer.”

CISO 244

CISO Architecture Cloud Migration Network Security 244

Krebs on Security

DECEMBER 1, 2022

.” However, LastPass maintains that its “customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” But that same architecture theoretically means that hackers who might break into LastPass’s networks can’t access that information either.

Phishing 284

Phishing Architecture Passwords Accountability 284

WIRED Threat Level

JULY 4, 2024

Here’s how Apple’s unique AI architecture compares to the “hybrid” approach adopted by Samsung and Google. Generative AI is seeping into the core of your phone, but what does that mean for privacy?

Architecture 138

Architecture 138

The Hacker News

FEBRUARY 26, 2024

More than 8,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing.

Architecture 145

Architecture 145

The Hacker News

MARCH 15, 2024

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions.

Architecture 145

Architecture 145

The Hacker News

FEBRUARY 9, 2024

The backdoor, codenamed RustDoor by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures. Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023.

Architecture 145

Architecture 145

The Hacker News

AUGUST 16, 2024

Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures. Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems.

Architecture 143

Architecture Cryptocurrency Cybercrime Malware 143

The Hacker News

AUGUST 8, 2024

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions.

Architecture 142

Architecture Risk 142

Penetration Testing

FEBRUARY 19, 2024

Autodesk AutoCAD, a widely used CAD software across engineering, architecture, and manufacturing industries, has been found to contain 40 zero-day vulnerabilities.

Penetration Testing 140

Penetration Testing Architecture Manufacturing Engineering 140

The Hacker News

JUNE 11, 2024

The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale." Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud.

Artificial Intelligence 141

Artificial Intelligence Architecture 141

The Hacker News

NOVEMBER 6, 2024

is an advanced malicious framework that offers comprehensive functionality, a stable architecture, and efficient control over numerous online endpoints to execute

Architecture 137

Architecture Malware Cybersecurity 137

The Hacker News

OCTOBER 25, 2024

PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is

Architecture 140

Architecture Marketing Technology 140

The Hacker News

JULY 22, 2024

Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google

Phishing 137

Phishing Architecture 137

The Hacker News

JUNE 24, 2024

The Naptime architecture is centered around the interaction between an AI agent and a target codebase," Google Project Zero researchers Sergei Glazunov and Mark Brand said. The agent is provided

Architecture 139

Architecture 139

The Hacker News

AUGUST 13, 2024

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite.

Architecture 138

Architecture Information Security 138

The Hacker News

OCTOBER 25, 2024

The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture," CERT-UA said. The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities.

Architecture 135

Architecture Government 135

The Hacker News

AUGUST 30, 2023

Microsoft's container architecture (and by extension, New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework.

Architecture 145

Architecture Malware 145

The Last Watchdog

NOVEMBER 8, 2021

Access controls are the nexus of security and the expanding perimeter, and zero trust is the architecture that encompasses it. Zero trust is an all-inclusive security and privacy architecture. The network security perimeter is dynamically created and policy-based, and must be guarded by secure and highly managed access controls.

Healthcare 268

Healthcare Technology Architecture IoT 268

The Hacker News

SEPTEMBER 23, 2023

Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a.NET assembly," ESET said in a new report shared with The Hacker News. This combination

Architecture 144

Architecture Malware Cybersecurity 144