Adam Shostack

JANUARY 2, 2025

Adam Shostack's review of the book Practical Cybersecurity Architecture There's an insightful comment , "Everybody has a testing environment. Similarly, everybody has both enterprise and product architecture. All in all, worth your time if what you do touches architecture, and more so if you had thought architecture a dirty word.

Architecture 130

Architecture Cybersecurity Risk 130

Adam Shostack

JANUARY 2, 2025

What's the legible architecture of a system? One of the advantages that cloud architectures bring is the opportunity to sweep away some of that historical complexity, and to create comprehensible models. As your threat modeling evolves, it's important to ask: what's the legible architecture of these systems? It's a tool.

Architecture 130

Architecture 130

Schneier on Security

APRIL 3, 2025

The next layer up is the file system architecture: the way those binary sequences are organized into structured files and directories that a computer can efficiently access and process. At the foundation level, bits are stored in computer hardware. creates the trusted environment that AI systems require to operate reliably.

Artificial Intelligence 255

Artificial Intelligence Architecture Internet Internet 255

Security Boulevard

SEPTEMBER 9, 2024

For today’s IT organizations, establishing a zero-trust (ZT) architecture is an ongoing process of refinements for existing networks, resources, methods and security capabilities. The post The Foundation of Zero-Trust Security Architecture appeared first on Security Boulevard.

Architecture 121

Architecture Security Awareness Cybersecurity 121

Adam Shostack

JANUARY 2, 2025

[no description provided] For Threat Model Thursday, I want to use current events here in Seattle as a prism through which we can look at technology architecture review. Let's transition from the housing crisis here in Seattle to the architecture crisis that we face in technology. Seattle has a housing and homelessness crisis.

Architecture 130

Architecture Marketing Technology Software 130

Adam Shostack

JANUARY 2, 2025

I last discussed this in " Architectural Review and Threat Modeling ".) It's hard to face the mirror and say 'could I have done that better?' That's human nature. Sometimes, it can be easier to learn from an analogy, and I'll again go to physical buildings as a source. (I

Architecture 130

Architecture 130

Schneier on Security

JULY 25, 2024

I am the Chief of Security Architecture at Inrupt, Inc. , This week, we announced a digital wallet based on the Solid architecture. the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. Right now, there are hundreds of different wallets, but no standard.

Architecture 321

Architecture Data privacy 321

The Last Watchdog

APRIL 16, 2025

Audrey Adeline , Researcher Audrey currently leads the Year of Browser Bugs (YOBB) project at SquareX which has disclosed multiple major architectural browser vulnerabilities to date. As part of the Year of Browser Bugs (YOBB) project, SquareX commits to continue disclosing at least one major architectural browser vulnerability every month.

Architecture 147

Architecture Ransomware Data breaches Education 147

The Last Watchdog

APRIL 16, 2025

And if this near-shutdown rattled operations, it also exposed an underlying architectural flaw. New architecture needed? Cipollone isnt just observing the problemhes actively rethinking the architecture. The entire system is too centralized, too brittle.

Architecture 130

Architecture Risk Cybersecurity Internet 130

Lohrman on Security

SEPTEMBER 15, 2024

While the federal government deadline has arrived on implementing a zero-trust cybersecurity model, many state and local governments have committed to zero-trust architecture as well.

Government 291

Government Architecture Cybersecurity 291

Tech Republic Security

MARCH 18, 2024

Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.

Architecture 194

Architecture Artificial Intelligence Software Network Security 194

Schneier on Security

FEBRUARY 13, 2025

Second, data exposure: Beyond accessing personal information and transaction records, these operators can copy entire system architectures and security configurations—in one case, the technical blueprint of the country’s federal payment infrastructure.

Government 363

Government Artificial Intelligence Banking Software 363

The Last Watchdog

APRIL 22, 2025

A strong argument can be made that with attacks increasing in speed and sophistication, segmentation is no longer optionalits an essential piece of modern zero trust security architectures. For a full drill down, please give the accompanying podcast a listen.

Architecture 147

Architecture Internet Internet Ransomware 147

Schneier on Security

DECEMBER 7, 2022

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function.

Architecture 261

Architecture Authentication 261

Schneier on Security

OCTOBER 22, 2021

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.

Telecommunications 361

Telecommunications Architecture Mobile Hacking 361

Adam Shostack

JANUARY 2, 2025

I also like Figure 27 & 28 (shown), showing risks associated with a generic architecture. Words like "risk" and "risk management" encompass a lot, and this figure is a nice side contribution of the paper. Having this work available allows systems builders to consider the risks to various components they're working on.

Risk 189

Risk Architecture Manufacturing Cybersecurity 189

Schneier on Security

MARCH 12, 2021

Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by attackers to footprint and later attack an organization.

Architecture 363

Architecture Software 363

The Last Watchdog

OCTOBER 23, 2023

Splunk’s inability to migrate to a modern cloud-native architecture makes it difficult to take advantage of these cost-saving benefits or implement advanced data science use cases critical for threat detection. Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories.

Architecture 261

Architecture Threat Detection Engineering Data collection 261

Malwarebytes

OCTOBER 30, 2024

Technical details One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. Previous Chrome vulnerabilities reported by Apple turned out to be exploited by a commercial spyware vendor.

Spyware 143

Spyware Architecture Advertising Engineering 143

SecureWorld News

NOVEMBER 19, 2024

Technical leaders are uniquely positioned to embed trustworthiness into the organizational architecture, leveraging their expertise in systems thinking to drive sustained value and resilience. Every day, we manage complex architectures, ensuring each component works together to keep the organization running smoothly.

Marketing 113

Marketing Architecture Manufacturing Technology 113

Schneier on Security

JULY 30, 2021

ESP introduces a new client-side encryption architecture that includes a novel format-preserving image encryption algorithm, an encrypted thumbnail display mechanism, and a usable key management system. We have created Easy Secure Photos (ESP) to enable users to protect their photos on cloud photo services such as Google Photos.

Encryption 363

Encryption Architecture Mobile 363

Schneier on Security

OCTOBER 11, 2022

We conclude that machine-learning model security requires assurance of provenance along the entire technical pipeline, including the data, model architecture, compiler, and hardware specification.

Architecture 363

Architecture Software 363

The Last Watchdog

MARCH 18, 2025

Throughout 2025, SquareXs research team will disclose at least one critical web attack per month as part of the YOBB project, focusing on vulnerabilities that exploit architectural limitations of the browser and incumbent solutions. Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies.

Cybersecurity 130

Cybersecurity Architecture Media Password Management 130

Security Affairs

DECEMBER 17, 2024

In this latest campaign, our investigation also uncovered prebuilt Hiatus binaries that target new architectures such as Arm, Intel 80386, and x86-64 and previously targeted architectures such as MIPS, MIPS64, and i386. reads the report published by Black Lotus Labs.

Architecture 107

Architecture Internet Internet Malware 107

The Last Watchdog

APRIL 10, 2025

The groups three core missions: Deepen scientific understanding of how AI models learn and predict; Create controllable AI environments using experimental physics models; Embed trust into the architecture itselfnot as an afterthought. If that sounds lofty, it is. Were now deep into that shift.

Artificial Intelligence 162

Artificial Intelligence Architecture Media Internet 162

Security Affairs

OCTOBER 30, 2024

Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple.

Engineering 132

Engineering Architecture Hacking Information Security 132

Tech Republic Security

SEPTEMBER 14, 2023

Red Box provides the open architecture for data capture. Uniphore then feeds that data into U-Capture, its conversational AI automation tool.

Data collection 198

Data collection Architecture Artificial Intelligence Big data 198

Schneier on Security

MAY 16, 2022

It took us a couple of decades to fully understand von Neumann computer architecture. I’m sure it will take years of working with a functional quantum computer to fully understand the limits of that architecture. And some things that we think of as computationally hard today will turn out not to be.

Architecture 252

Architecture Cybersecurity Encryption 252

Schneier on Security

JUNE 10, 2021

Second, we show that our markpainting technique is transferable to models that have different architectures or were trained on different datasets, so watermarks created using it are difficult for adversaries to remove. This can be designed to reconstitute a watermark if the editor had been trying to remove it.

Architecture 359

Architecture Software 359

Malwarebytes

JANUARY 21, 2025

404 Media says the company trained GeoSpy on millions of images from around the world and can recognize distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships. Using the tool to determine anyones location requires virtually no training, so anybody can do it.

Media 143

Media Artificial Intelligence Identity Theft Surveillance 143

Malwarebytes

APRIL 25, 2025

Heres the reasoning step by step:” Architectural Clues: The old stone building in the foreground has Georgian-style windows and masonry , which are common in parts of the British Isles, especially in Ireland and the UK. The picture was part of a selfie taken through a window of an office building in Cork.

Architecture 100

Architecture Media Artificial Intelligence Identity Theft 100

Security Affairs

FEBRUARY 15, 2025

“we have explored a suspicious (and quite common) architecture where authentication is enforced at a proxy later but then the request is passed through a second layer with different behavior.” ” reads the report published by Assetnote.

Firewall 101

Firewall Authentication Architecture Risk 101

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity 338

Cybersecurity CISO Engineering Architecture 338

SecureWorld News

APRIL 16, 2025

Shared memory, shared risk This is the big one: GPUs rely on shared memory architectures. Researchers have demonstrated attacks that can extract neural network architecture and weights by observing GPU memory access patterns. This isn't science fiction. Orchestrators that expose internal metadata via unauthenticated endpoints.

Architecture 96

Architecture Artificial Intelligence Passwords Risk 96

Schneier on Security

JUNE 30, 2022

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities.

Malware 244

Malware DNS Architecture Hacking 244

Security Affairs

APRIL 2, 2025

The most interesting characteristic of the Triada Trojan is its modular architecture, which gives it theoretically a wide range of abilities. Triada was designed with the specific intent to implement financial frauds, typically hijacking financial SMS transactions.

Malware 120

Malware Cryptocurrency Mobile Firmware 120

IT Security Guru

JANUARY 9, 2025

Organisations should prioritise solutions built on zero-trust and zero-knowledge architectures for maximum security, privacy and control. Organisations should seek PAM solutions built on a zero-trust and zero-knowledge architectures to ensure the highest levels of security, privacy and control over sensitive data.

Cybersecurity 114

Cybersecurity Cyber threats Architecture Digital transformation 114