Security Boulevard

SEPTEMBER 9, 2024

For today’s IT organizations, establishing a zero-trust (ZT) architecture is an ongoing process of refinements for existing networks, resources, methods and security capabilities. The post The Foundation of Zero-Trust Security Architecture appeared first on Security Boulevard.

Architecture 121

Architecture Security Awareness Cybersecurity 121

Adam Shostack

JANUARY 2, 2025

[no description provided] For Threat Model Thursday, I want to use current events here in Seattle as a prism through which we can look at technology architecture review. Let's transition from the housing crisis here in Seattle to the architecture crisis that we face in technology. Seattle has a housing and homelessness crisis.

Architecture 130

Architecture Marketing Technology Software 130

Schneier on Security

JULY 25, 2024

I am the Chief of Security Architecture at Inrupt, Inc. , This week, we announced a digital wallet based on the Solid architecture. the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. Right now, there are hundreds of different wallets, but no standard.

Architecture 323

Architecture Data privacy 323

Adam Shostack

JANUARY 2, 2025

I last discussed this in " Architectural Review and Threat Modeling ".) It's hard to face the mirror and say 'could I have done that better?' That's human nature. Sometimes, it can be easier to learn from an analogy, and I'll again go to physical buildings as a source. (I

Architecture 130

Architecture 130

PCI perspectives

SEPTEMBER 9, 2024

The PCI Security Standards Council (PCI SSC) has published a new Information Supplement:  PCI DSS Scoping and Segmentation Guidance for Modern Network Architectures. This

Architecture 117

Architecture 117

Schneier on Security

FEBRUARY 13, 2025

Second, data exposure: Beyond accessing personal information and transaction records, these operators can copy entire system architectures and security configurations—in one case, the technical blueprint of the country’s federal payment infrastructure.

Government 363

Government Artificial Intelligence Banking Software 363

Lohrman on Security

SEPTEMBER 15, 2024

While the federal government deadline has arrived on implementing a zero-trust cybersecurity model, many state and local governments have committed to zero-trust architecture as well.

Government 255

Government Architecture Cybersecurity 255

Tech Republic Security

MARCH 18, 2024

Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.

Architecture 185

Architecture Artificial Intelligence Software Network Security 185

Schneier on Security

DECEMBER 7, 2022

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function.

Architecture 262

Architecture Authentication 262

The Last Watchdog

MARCH 18, 2025

Throughout 2025, SquareXs research team will disclose at least one critical web attack per month as part of the YOBB project, focusing on vulnerabilities that exploit architectural limitations of the browser and incumbent solutions. Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies.

Cybersecurity 130

Cybersecurity Architecture Media Password Management 130

Schneier on Security

OCTOBER 22, 2021

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.

Telecommunications 362

Telecommunications Architecture Mobile Hacking 362

Adam Shostack

JANUARY 2, 2025

I also like Figure 27 & 28 (shown), showing risks associated with a generic architecture. Words like "risk" and "risk management" encompass a lot, and this figure is a nice side contribution of the paper. Having this work available allows systems builders to consider the risks to various components they're working on.

Risk 189

Risk Architecture Manufacturing Cybersecurity 189

Schneier on Security

MARCH 12, 2021

Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by attackers to footprint and later attack an organization.

Architecture 363

Architecture Software 363

The Last Watchdog

OCTOBER 23, 2023

Splunk’s inability to migrate to a modern cloud-native architecture makes it difficult to take advantage of these cost-saving benefits or implement advanced data science use cases critical for threat detection. Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories.

Architecture 261

Architecture Threat Detection Engineering Data collection 261

Malwarebytes

OCTOBER 30, 2024

Technical details One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. Previous Chrome vulnerabilities reported by Apple turned out to be exploited by a commercial spyware vendor.

Spyware 142

Spyware Architecture Advertising Engineering 142

Schneier on Security

JULY 30, 2021

ESP introduces a new client-side encryption architecture that includes a novel format-preserving image encryption algorithm, an encrypted thumbnail display mechanism, and a usable key management system. We have created Easy Secure Photos (ESP) to enable users to protect their photos on cloud photo services such as Google Photos.

Encryption 363

Encryption Architecture Mobile 363

SecureWorld News

NOVEMBER 19, 2024

Technical leaders are uniquely positioned to embed trustworthiness into the organizational architecture, leveraging their expertise in systems thinking to drive sustained value and resilience. Every day, we manage complex architectures, ensuring each component works together to keep the organization running smoothly.

Marketing 112

Marketing Architecture Manufacturing Technology 112

Schneier on Security

OCTOBER 11, 2022

We conclude that machine-learning model security requires assurance of provenance along the entire technical pipeline, including the data, model architecture, compiler, and hardware specification.

Architecture 363

Architecture Software 363

Security Boulevard

MARCH 18, 2025

Companies are increasingly leveraging the scalability and operational efficiency of serverless architectures. We understand the complexity and critical importance of managing and securing NHIs and their secrets. [] The post How do I mitigate risks associated with NHIs in serverless architectures? appeared first on Entro.

Architecture 59

Architecture Risk Cybersecurity 59

Security Affairs

OCTOBER 30, 2024

Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple.

Engineering 132

Engineering Architecture Hacking Information Security 132

Schneier on Security

MAY 16, 2022

It took us a couple of decades to fully understand von Neumann computer architecture. I’m sure it will take years of working with a functional quantum computer to fully understand the limits of that architecture. And some things that we think of as computationally hard today will turn out not to be.

Architecture 252

Architecture Cybersecurity Encryption 252

Schneier on Security

JUNE 10, 2021

Second, we show that our markpainting technique is transferable to models that have different architectures or were trained on different datasets, so watermarks created using it are difficult for adversaries to remove. This can be designed to reconstitute a watermark if the editor had been trying to remove it.

Architecture 360

Architecture Software 360

Tech Republic Security

SEPTEMBER 14, 2023

Red Box provides the open architecture for data capture. Uniphore then feeds that data into U-Capture, its conversational AI automation tool.

Data collection 196

Data collection Architecture Artificial Intelligence Big data 196

Malwarebytes

JANUARY 21, 2025

404 Media says the company trained GeoSpy on millions of images from around the world and can recognize distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships. Using the tool to determine anyones location requires virtually no training, so anybody can do it.

Media 142

Media Artificial Intelligence Identity Theft Surveillance 142

Security Affairs

FEBRUARY 15, 2025

“we have explored a suspicious (and quite common) architecture where authentication is enforced at a proxy later but then the request is passed through a second layer with different behavior.” ” reads the report published by Assetnote.

Firewall 102

Firewall Authentication Architecture Risk 102

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity 340

Cybersecurity CISO Engineering Architecture 340

Schneier on Security

JUNE 30, 2022

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities.

Malware 244

Malware DNS Architecture Hacking 244

IT Security Guru

JANUARY 9, 2025

Organisations should prioritise solutions built on zero-trust and zero-knowledge architectures for maximum security, privacy and control. Organisations should seek PAM solutions built on a zero-trust and zero-knowledge architectures to ensure the highest levels of security, privacy and control over sensitive data.

Cybersecurity 113

Cybersecurity Cyber threats Architecture Digital transformation 113

Security Affairs

FEBRUARY 19, 2025

we have explored a suspicious (and quite common) architecture where authentication is enforced at a proxy later but then the request is passed through a second layer with different behavior. Fundamentally, these sorts of architectures lead to things like header smuggling and path confusion, which can result in many impactful bugs!

Firewall 105

Firewall Authentication Architecture Internet 105

Security Boulevard

JANUARY 24, 2025

While zero-trust architecture (ZTA) has many benefits, it can be challenging for companies because of a static mindset, increased costs and continuous maintenance.it can be challenging for companies because of a static mindset, increased costs and continuous maintenance.

Government 82

Government Architecture Security Awareness Cybersecurity 82

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software.

Malware 120

Malware Advertising Antivirus Cybercrime 120

The Last Watchdog

JUNE 5, 2024

Seclore facilitates data protection in a global productivity ecosystem that’s constantly shifting between on-premises, hybrid and cloud architectures. “We can ensure that only authorized users have access and can perform specific actions such as reading, editing, or printing,” he says.

Architecture 289

Architecture Marketing Internet Internet 289

The Last Watchdog

JANUARY 7, 2025

SCALR uses a security data lake architecture to minimize SIEM costs, maximizing the user’s ability to store security events, and accelerate search and hunting capabilities. Security Risk Advisors SCALR XDR is both a platform, built on Microsoft Azure and a 247 monitoring service with Microsoft Sentinel.

Risk 130

Risk Penetration Testing Marketing Technology 130

Adam Shostack

JANUARY 30, 2025

On the other side is a whiteboard with a software architecture diagram Image by Midjourney: Today in one of our classes, a student compared starting to threat model to cleaning, home of a hoarder, boxes and books and stacks of paper to the cielings, hard to see evocative analogy, conversation.

Architecture 147

Architecture Engineering Software 147

Krebs on Security

DECEMBER 1, 2022

.” However, LastPass maintains that its “customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” But that same architecture theoretically means that hackers who might break into LastPass’s networks can’t access that information either.

Phishing 300

Phishing Architecture Passwords Accountability 300

The Last Watchdog

DECEMBER 18, 2024

Tipirneni Ratan Tipirneni , CEO, Tigera To maximize GenAI’s value, enterprises will customize models using proprietary data and Retrieval-Augmented Generation (RAG) architectures tailored to their specific needs.

Risk 173

Risk Threat Detection Technology Phishing 173

Kali Linux

OCTOBER 21, 2024

The i386 architecture has long been obsolete, and from this week, support for i386 in Kali Linux is going to shrink significantly: i386 kernel and images are going away. Some terminology first Let’s start with the terms used in Kali Linux to talk about CPU architectures. amd64 refers to the x86-64 architecture, ie.

Architecture 144

Architecture Software 144