Adam Shostack

JANUARY 2, 2025

Exploring supply chain threat modeling with Alexa Amazon has released a set of documents, " Updates to Device Security Requirements for Alexa Built-in Products." More precisely, since I don't have an Amazon developer account, I'm going to look at the blog post, and infer some stuff about the underlying documentation.)

IoT 130

IoT Engineering Architecture Accountability 130

SC Magazine

FEBRUARY 10, 2021

Forescout tested 11 TCP/IP stacks used in IoT devices — seven open-source, four commercial — to see if any were still vulnerable to a Mitnick attack. The problem in part, said Daniel dos Santos, research manager at Forescout, is that developing a stack that can be used on IoT devices can limit the ability to create pseudo-random numbers.

IoT 114

IoT Architecture Software Media 114

eSecurity Planet

JUNE 22, 2022

A document security system reads scanned documents with Optical Character Recognition to identify personally identifiable information. An increasing push toward remote work, IoT devices, and multi-cloud architectures now have organizations scrambling to protect their most important assets.

Cybersecurity 135

Cybersecurity Artificial Intelligence Architecture Technology 135

Security Boulevard

SEPTEMBER 20, 2024

CISA will be in charge of the project, which it detailed in the document “ Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan ,” announced this week. Hackers working for Flax Typhoon created the botnet by breaching 260,000-plus consumer IoT devices in the U.S. and abroad has been dismantled.

Cybersecurity 97

Cybersecurity IoT Hacking Risk 97

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. And what then are the tools and knowledge that you need to get started hacking IoT devices. Funny thing.

IoT 52

IoT Hacking Internet Internet 52

ForAllSecure

APRIL 22, 2021

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. The next day I cut the string, There's a parallel here to IoT light bulbs that change colors. And what then are the tools and knowledge that you need to get started hacking IoT devices. Funny thing.

IoT 52

IoT Hacking Internet Internet 52

The Last Watchdog

NOVEMBER 30, 2021

Indeed, APIs have opened new horizons of cloud services, mobile computing and IoT infrastructure, with much more to come. This summer Gartner designated API security as a stand-alone pillar in its security reference architecture, not just an add-on component to other systems. Indeed, API security has become a red-hot topic.

Big data 240

Big data Digital transformation Accountability Hacking 240

IT Security Guru

JUNE 13, 2022

With an expanding number of APIs in use, and added complexity arising from service oriented architecture (SOA,) the cloud, and containers/Kubernetes, enabling full life-cycle API security is an enormous challenge that’s often made harder by false security perceptions. They also require runtime protection to defend against bad actors.

Penetration Testing 96

Penetration Testing Artificial Intelligence Architecture Data breaches 96

Adam Shostack

JANUARY 2, 2025

Were used to talking about software and classic enterprise architectures. Today, we also need to think about operational, mobile app, and IoT threats. Some questions to ask might include: Did we document the work and the threats we discovered? Are documents in the right place? What are we working on?

Education 130

Education Technology IoT Software 130

The Last Watchdog

APRIL 18, 2019

But that assignment led Fida and Perez to re-architecture the platform around graph databases and knowledge graphs. Originally designed to digitize paper documents, relational databases remain in universal use in enterprise settings. An early version of their platform was already live.

Digital transformation 113

Digital transformation Cyber Risk Risk Penetration Testing 113

SecureWorld News

JULY 17, 2024

Increased attack surface The 2024 Paris Olympics will involve a massive digital infrastructure, including ticketing systems, live-streaming platforms, and IoT devices used in venues. Diverse technologies: The integration of various technologies, from traditional IT systems to newer IoT devices, increases the complexity of securing the event.

Cybersecurity 127

Cybersecurity Phishing Mobile Media 127

eSecurity Planet

APRIL 11, 2022

The ability to administer and distribute deceptive data, like Word documents and database tables/entries and files, in decoy host deceptions. Acalvio’s Deception Farm architecture and ShadowPlex application centralizes the deception process. Decoys mimic hosts running operating systems as well as IoT (Internet of Things) hosts.

Technology 131

Technology Passwords Architecture IoT 131

The Last Watchdog

NOVEMBER 4, 2019

Efforts are underway to develop and someday widely deploy public blockchains that could decentralize how legal documents are issued; distribute and keep track of digital IDs for impoverished people ; and divide and distribute fragmented payments to participants in supply chains. A ton of innovation is under way.

Technology 179

Technology Cryptocurrency Internet Internet 179

Veracode Security

NOVEMBER 16, 2020

Generic to entire Java Cryptography Architecture (JCA). Looking at what we discussed in How to Get Started Using Java Cryptography Securely post, the central theme of Java Cryptography Architecture (JCA) [11] ??defining Oracle/Java Documentation: 1. Java Architectural Documentations: 11. HowTo: Design and Code It?

Encryption 82

Encryption Authentication Architecture Engineering 82

eSecurity Planet

APRIL 7, 2023

IoT (printers, IP phones, security cameras, etc.) An organization will need to study documentation carefully or work with partners to determine the full environment required. Although the features beyond network access control and services can be valuable, they are beyond the scope of this review and will not be covered further here.

IoT 98

IoT Technology Energy and Utilities Wireless 98

CyberSecurity Insiders

APRIL 24, 2023

Understanding these common characteristics are essential as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process and deliver data with velocity, volume, and variety, unlike anything we’ve previously seen.

Energy and Utilities 94

Energy and Utilities Retail Manufacturing IoT 94

eSecurity Planet

DECEMBER 7, 2023

Yet, Internet of Things (IoT) devices tend to be designed with the minimum computing resources required to accomplish the designed task of the device (security camera, printer, TV, etc.). While less computationally constrained than IoT, mobile devices constrain computations to avoid consuming power and draining battery life.

Encryption 113

Encryption Passwords IoT Firewall 113

Thales Cloud Protection & Licensing

JANUARY 24, 2024

Fraudulent Manipulation of legal history and digital evidence These types of attacks relate to the use of a recovered private key to create or manipulate digitally signed data such as transactions or documents that have some legal value. Furthermore, a recovered private key could be used to create or manipulate digital evidence.

Risk 87

Risk Encryption Technology Architecture 87

eSecurity Planet

MARCH 22, 2023

Policies typically will be written documents that detail the requirements that will be enforced, such as password complexity. Some applications, cloud infrastructure, networking equipment, or Internet of Things (IoT) devices may require more sophisticated ITAM or additional tools to detect them.

Firewall 109

Firewall Network Security Penetration Testing Encryption 109

eSecurity Planet

MAY 12, 2023

How to use this template: Comments intended to guide understanding and use of this template will be enclosed in brackets “[…]” and the ‘company’ will be listed as [eSecurity Planet] throughout the document. This policy will reflect a generic IT infrastructure and needs. Policy defines what MUST be done, not HOW it must be done.

Penetration Testing 109

Penetration Testing Risk Firmware Software 109

Thales Cloud Protection & Licensing

DECEMBER 4, 2023

DDoS attacks are getting larger and more complex, are moving towards mobile networks and IoT, and are used to provide support of additional means in the context of a conflict. Document the communication flows, both internal and with partners, including response and notification procedures during an incident.

Social Engineering 77

Social Engineering Backups Manufacturing DDOS 77

Cisco Security

AUGUST 21, 2023

Secure and manage your applications, users, policies, and devices with Duo API Duo’s developer-centric approach, comprehensive documentation, SDKs, OpenAPI specifications (coming soon!), testing environment, and support resources make it easy for developers to integrate Duo’s security solutions into their zero trust architecture.

Authentication 98

Authentication Technology Small Business Architecture 98

Duo's Security Blog

APRIL 29, 2022

By having modern design principles fundamentally built into a company’s strategic architecture, a cohesive brand vision, voice, and aesthetic can then be customized as needed to help encourage audience engagement, communicate effectively, and set overall expectations for everyone who engages with the business’ touchpoints.

Marketing 98

Marketing InfoSec Architecture Authentication 98

SC Magazine

JULY 1, 2021

In fact, the latest Armis report shows 63% of health care delivery organizations have been impacted by a security incident caused by unmanaged devices or IoT in the last two years. The Armis report findings show multiple areas that reflect the state of IoT and conceptual understanding of health care device ecosystems.

Security Awareness 68

Security Awareness IoT Risk Healthcare 68

IT Security Guru

DECEMBER 19, 2024

The industry is now aware of API security risks, but action on deployed applications has lagged due to a critical blind spot: teams often dont know where vulnerabilities exist in their current architecture. API resilience is key to any overall performance improvements seen and API documentation goes a long way to achieve that.

Architecture 45

Architecture Healthcare Digital transformation Accountability 45

eSecurity Planet

JANUARY 26, 2022

Founded in 2010 by veteran SaaS and DevOps industry leaders, Datadog specializes in optimizing the service-oriented architecture, helping organizations monitor user journeys and explore service relationships. Administrators can group traffic by container , team, or office and filter data by tag, device, or host. Datadog Features.

Marketing 120

Marketing DDOS Threat Detection DNS 120

eSecurity Planet

MAY 24, 2024

Document the findings: Keep track of the discovered assets, their classification, and the rationale for priority. Create response processes: Document the steps to be done in response to different types of security incidents, such as your strategies for detection, containment, eradication, and recovery plans in case of an attack.

Encryption 119

Encryption Risk Passwords Technology 119

Notice Bored

JANUARY 9, 2021

Flip forward 20 years and we see similar horrors unfolding today in the form of myriad IoT things and 'the cloud', so indistinct and unclear that people long since gave up trying to draw meaningful network diagrams - only now the year encoding aspect is the least of our security problems. So tell me, when was it last updated? Make my day.

Internet 52

Internet Internet Risk InfoSec 52

Centraleyes

JANUARY 4, 2024

Today’s security teams face the challenge of monitoring the well-being and performance of a diverse array of on-premises and cloud applications, software, IoT devices, and remote networks. Documentation: Vulnerabilities are documented to facilitate developers in identifying and replicating findings.

Risk 52

Risk Wireless Data breaches Education 52

eSecurity Planet

MAY 2, 2024

Infrastructure Protection Defense against DDoS and DNS attacks starts with effective network security architecture. Vendor research specifically finds that: 1Password: Documents the meager control of software and personal device access: 92% of company policies require, but 59% enforce IT approval for software.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

eSecurity Planet

FEBRUARY 16, 2021

Attackers can fool even sophisticated users into clicking on an invoice they are expecting, or a photograph that is ostensibly from someone they know, or a document that appears to have come from their boss. Increased attacks on individuals with high net value and Internet of Things (IoT) devices ( McAfee ). Block Executables.

Ransomware 97

Ransomware Backups Software Encryption 97

eSecurity Planet

JULY 25, 2023

Firmware attacks: Attackers target vulnerabilities in the simplified software that runs computer hard drives, printers, medical devices, and other Internet of Things (IoT) or operational technology (OT) devices to gain unauthorized access, control the devices, or use them as a launching pad for other attacks.

Software 98

Software Data breaches Ransomware DDOS 98

Security Boulevard

SEPTEMBER 12, 2022

CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures or to sign documents remotely. PKI secures everything from email accounts and Internet of Things (IoT) devices to financial transactions and healthcare data. Quantum computing threatens this digital trust. Next Steps.

Encryption 52

Encryption Artificial Intelligence Healthcare Government 52

Security Boulevard

APRIL 4, 2022

And that’s one of the advantages that the ACME protocol documentation highlights: “Existing Web PKI certification authorities tend to use a set of ad hoc protocols for certificate issuance and identity verification. Why is ACME more popular among enterprises than the other automation standards?

Encryption 52

Encryption Authentication DNS Risk 52

Responsible Cyber

NOVEMBER 29, 2024

Businesses must deal with over 60,000 regulatory documents published worldwide since 2009 [1]. IoT and connected devices enable up-to-the-minute monitoring and faster issue detection [4]. Understanding the Regulatory Compliance Landscape The regulatory compliance scene is changing at an unprecedented pace. billion in 2018 [1].

Risk 52

Risk Technology Marketing Artificial Intelligence 52

eSecurity Planet

NOVEMBER 17, 2022

[Comments intended to guide understanding and use of this template will be enclosed in brackets “[…]” and the ‘company’ will be listed as [eSecurity Planet] throughout the document. The purpose of this section is to introduce the reader to the policy purpose and what to expect later in the document.

Firmware 52

Firmware Software Backups Risk 52

Centraleyes

NOVEMBER 11, 2024

Actions: List All Users: Document employees, contractors, remote workers, and third parties, including their roles and access needs. Record Devices : Include company-owned devices (servers, desktops, laptops) and personal devices (phones, tablets, IoT devices). Assess their security posture and access requirements.

Authentication 59

Authentication Risk Threat Detection Technology 59