Architecture and Engineering - Cyber Security Informer

Architecture Matters When it Comes to SSE

CyberSecurity Insiders

MAY 17, 2023

” Or said another way, “architecture matters”. It also, most importantly, causes the network/security engineer back into the performance vs security dilemma. One which puts the network/security engineer back in the driver’s seat. You are the enterprise engineer on the front lines. Ask the critical questions.

Architecture

Architecture Engineering Marketing Internet

GUEST ESSAY: Cisco-Splunk merger will boost Snowflake – here’s how security teams can benefit.

The Last Watchdog

OCTOBER 23, 2023

Splunk’s inability to migrate to a modern cloud-native architecture makes it difficult to take advantage of these cost-saving benefits or implement advanced data science use cases critical for threat detection. Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories.

Architecture

Architecture Threat Detection Engineering Data collection

On the Cybersecurity Jobs Shortage

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity

Cybersecurity CISO Engineering Architecture

Big News! Seceon Acquires Helixera, Hires Founder as VP of Cybersecurity Solutions Architecture

Security Boulevard

AUGUST 8, 2023

We announced we acquired Helixera, an innovative real-time pattern scanning engine. We also hired its founder Waldek Mikolajczyk as VP of Cybersecurity Solutions Architecture. Seceon Acquires Helixera, Hires Founder as VP of Cybersecurity Solutions Architecture appeared first on Seceon. The post Big News! The post Big News!

Architecture

Architecture Cybersecurity Engineering Ransomware

NIST’s Post-Quantum Cryptography Standards

Schneier on Security

AUGUST 8, 2022

Current quantum computers are still toy prototypes, and the engineering advances required to build a functionally useful quantum computer are somewhere between a few years away and impossible. It took a couple of decades to fully understand von Neumann computer architecture; expect the same learning curve with quantum computing.

Encryption

Encryption Architecture Engineering Information Security

Apple's Tracking-Prevention Feature in Safari has a Privacy Bug

Schneier on Security

FEBRUARY 10, 2020

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. But web architecture is complex, and the consequence is that this is exactly the case. If there's any lesson here, it's that privacy is hard -- and that privacy engineering is even harder.

Engineering

Engineering Architecture Surveillance

40 Zero-Day Vulnerabilities Found in Autodesk AutoCAD

Penetration Testing

FEBRUARY 19, 2024

Autodesk AutoCAD, a widely used CAD software across engineering, architecture, and manufacturing industries, has been found to contain 40 zero-day vulnerabilities.

Penetration Testing

Penetration Testing Architecture Manufacturing Engineering

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

The Hacker News

SEPTEMBER 11, 2023

Apple Security Engineering and Architecture (SEAR Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash.

Architecture

Architecture Engineering

Black Hat Fireside Chat: How ‘enterprise browsers’ serve as a checkpoint to stop ChatGPT leakage

The Last Watchdog

AUGUST 30, 2023

And despite advances, like sandboxing, browser isolation and secure gateways, the core architecture of web browsers has remained all-too vulnerable to malicious attacks. I visited with Uy Huynh , vice president of solutions engineering at Island.io , to discuss this. Guest expert: Uy Huynh, VP of solutions engineering, Island.io

Engineering

Engineering Architecture Internet Internet

Software Vulnerabilities in the Boeing 787

Schneier on Security

AUGUST 16, 2019

An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors.

Software

Software Architecture Engineering Hacking

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

The Last Watchdog

MAY 24, 2023

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Attendees will include cybersecurity professionals, policy makers, entrepreneurs and infrastructure engineers. Registration is free and open to the public.

Authentication

Authentication Banking Architecture Encryption

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. I have friends on LastPass and other password manager company security teams, and I know them to be great engineers and great security teams.

Password Management

Password Management Passwords Encryption Backups

Google fixed a critical vulnerability in Chrome browser

Security Affairs

OCTOBER 30, 2024

Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an Inappropriate implementation issue that resides in Chrome’s V8 JavaScript engine.

Engineering

Engineering Architecture Hacking Information Security

MerLoc – Local Debugging for Serverless Applications: Why and How

Security Boulevard

NOVEMBER 29, 2022

But as we know, software engineering is a game of trade-offs, and serverless architectures come with their own challenges. Flexible pay-as-you-go payment plans offered by most cloud services help minimize costs, adding a financial incentive as the cherry on top of the developer’s cake.

Architecture

Architecture Engineering Software

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Today, there are two major types of common CMS platforms: •The older “traditional” or “monolithic” CMS platforms include a content repository (usually a multimedia database), the administrative console (where content is added and categorized), the presentation system (which makes nice-looking pages), and the search engine. Gierlinger.

Data breaches

Data breaches Encryption Mobile Technology

Patch now! New Chrome update for two critical vulnerabilities

Malwarebytes

OCTOBER 30, 2024

Technical details One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. Previous Chrome vulnerabilities reported by Apple turned out to be exploited by a commercial spyware vendor.

Spyware

Spyware Architecture Advertising Engineering

Frameworks for DE-Friendly CTI (Part 5)

Anton on Security

NOVEMBER 1, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. Operating Model 1: CTI Feeds SOC / Detection Engineering Some organizations have a clearly defined and separate CTI team, which supplies information to different teams, functions and recipients.

Engineering

Engineering Architecture Cyber threats Threat Detection

RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery

The Last Watchdog

JUNE 4, 2024

At RSAC 2024 , I visited with Pranava Adduri , co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way. This “commoditization” of data discovery, as Adduri puts it, slashes the cost of data discovery at scale.

Big data

Big data Architecture Engineering Internet

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

The Last Watchdog

SEPTEMBER 20, 2021

New frameworks, like SASE , CWPP and CSPM , seek to weave security more robustly into the highly dynamic, intensely complex architecture of modern business networks. Meanwhile, control system engineers needed a way to assess how well deployed software worked together in the field. An array of promising security trends is in motion.

Software

Software Cloud Migration Architecture Engineering

U.S. Security Agencies Release Network Security, Vulnerability Guidance

eSecurity Planet

MARCH 4, 2022

Privilege and other vulnerabilities in Microsoft Windows, Exchange Server, Excel, Office, PowerPoint, Malware Protection Engine, Internet Explorer and more (27 in all). Purdue network architecture. Network Architecture and Design. Network Architecture and Design. The Linux Kernel and Apache Tomcat.

Network Security

Network Security Architecture Authentication Firewall

Amazon’s “Alexa Built-in” Threat Model

Adam Shostack

MARCH 5, 2020

.” I want to look at these as a specific way to express a threat model, which is threat modeling along the supply chain, talk about the proliferation of this different kind of model, and what it means for engineering. They can catalog the threats that impact a the high-level design. (If Other parts of the diversity just add work.

IoT

IoT Engineering Software Architecture

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

“According to the documentation, to achieve this the attackers would have to reverse engineer the generation process of the “site-specific passphrase”, which is used to derive the encryption key for sensitive data. ” continues the analysis. ” continues the analysis.

Malware

Malware Architecture Passwords Software

The Wait is Over for Secure Firewall 3100 Series

Cisco Security

APRIL 6, 2022

No one enjoys forking out gobs of money and spending sleepless implementation hours every few years in exchange for a shiny new box with largely the same architecture as the old one, save for maybe a slightly faster CPU. The big deal about the new Secure Firewall 3100 Series architecture is the emphasis on processing encrypted traffic.

Firewall

Firewall Architecture Encryption VPN

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

Security Affairs

JULY 19, 2021

Below the list of info stolen by the threat actor and available for sale: – Project Specification:[ Electrical, Power System, Architectural, Chief Engineering, Civil, Construction Mgnt, Environmental, Instrument & Control, Interface Mgnt, Machinery – Rotating, Mechanical – Vessels, Piping, Project Engineering, Safety Engineering, Telecommunications (..)

Engineering

Engineering Telecommunications Data breaches Wireless

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware

Malware Cryptocurrency Architecture Engineering

Code similarity analysis with r2diaphora

CyberSecurity Insiders

OCTOBER 27, 2021

This blog post describes how AT&T Alien Labs is leveraging binary diffing and code analysis to reduce reverse-engineering time and generate threat intelligence. In order to work, it needs a valid IDA license and, consequently, valid Hex-Rays licenses for each CPU architecture you may want to decompile. Porting Diaphora to Radare2.

Architecture

Architecture Malware IoT Engineering

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Joseph Steinberg

JULY 13, 2022

Additionally, keep in mind that while Lockdown Mode may make it more difficult for attackers to exploit social engineering in order to compromise devices, until Apple more strictly controls what apps it allows in its app store , potential government spying remains a major problem. Is that really true?

Cybersecurity

Cybersecurity Artificial Intelligence Government Social Engineering

7 top software supply chain security tools

CSO Magazine

MAY 11, 2022

The truth is that so much of the enterprise software and custom applications produced by DevOps teams and software engineering groups is not actually coded by their developers. Modern software today is modular.

Software

Software Architecture Engineering Risk

News alert: AI SPERA integrates its ‘Criminal IP’ threat intelligence tool into AWS Marketplace

The Last Watchdog

MAY 22, 2024

May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP , is now available on the AWS Marketplace. Torrance,Calif.,

Cyber threats

Cyber threats Engineering Internet Internet

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

JUNE 30, 2021

Web architecture from the past decade followed a trend where most web applications were server heavy, and enterprises’ data centers handled the bulk of the processing. The web browser was more of a graphical interface or a rendering engine. Let’s discuss how the SolarWinds hack relates to a regular website supply chain.

Risk

Risk Architecture Hacking Media

News alert: Zluri raises $20M funding round for SaaS management as identity features take off

The Last Watchdog

JULY 13, 2023

Having launched and scaled our discovery engine in 2020 to help companies understand their SaaS stacks better, we have since launched an identity governance tool to manage access and now are launching the Zluri co-pilot to help enable faster workflows.” About Zluri.

Marketing

Marketing Government Digital transformation Engineering

India IIT offers BTech in Artificial Intelligence and Data Science

CyberSecurity Insiders

JANUARY 2, 2023

In the first year, candidates will be introduced to the subject to the core and themes such as data science, machine learning, computer architecture, operating systems, artificial intelligence and electrical sciences with engineering mechanics will be covered.

Artificial Intelligence

Artificial Intelligence Technology Engineering Architecture

Open XDR vs. SIEM

CyberSecurity Insiders

OCTOBER 20, 2021

So, Open XDR is defined the same as Gartner’s XDR definition except that it ends with “all existing security components, delivered via an open architecture”. However, there are major architectural differences that allow Open XDR to deliver on many of the promises of SIEMs where SIEMs have fallen short. That’s because it is.

Architecture

Architecture Big data Technology Threat Detection

Black Hat insights: Generative AI begins seeping into the security platforms that will carry us forward

The Last Watchdog

AUGUST 13, 2023

I spoke with Uy Huynh , vice president of solutions engineering at Island.io , about how generative AI has quickly become like BYOD and Shadow IT on steroids. The idea is to shrink the time analysts spend sifting through data, says Brad Liggett , director of global sales engineering.

Artificial Intelligence

Artificial Intelligence Engineering Internet Internet

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Security Affairs

SEPTEMBER 13, 2023

The vulnerability was reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Toronto’s Munk School. . “Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.”

Spyware

Spyware Architecture Engineering Hacking

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 11, 2023

The issue was reported to the IT giant by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06. The vulnerability, tracked as CVE-2023-4863, is the fourth actively exploited zero-day fixed by Google in 2023. ” reads the announcement made by Google.

Architecture

Architecture Engineering Hacking Information Security

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Security Affairs

AUGUST 18, 2024

This extortion campaign involved several security failures, including exposing environment variables, using long-lived credentials, and the lack of a least privilege architecture. This indicates that these threat actor groups are both skilled and knowledgeable in advanced cloud architectural processes and techniques.”

Architecture

Architecture Internet Internet Media

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

JANUARY 4, 2022

Legacy security architectures just don’t fit this massively complex, highly dynamic environment. These criminal rings swiftly reverse engineered Microsoft’s patch and then hustled to compromise as many unpatched Exchange Servers as they could reach. organizations and 60,000 German entities.

Digital transformation

Digital transformation Hacking Architecture Cyber Risk

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

On the other side of the equation, solution providers have been seeking new innovative ways to reach new customers in an increasingly competitive industry. CyberXchange helps cut through the noise, alleviating the ever-growing vendor fatigue, allowing organizations to build a more secure and compliant cybersecurity program.”

eCommerce

eCommerce Cybersecurity B2B Marketing

News Alert: Nile raises $175 million in series C funding to deliver network-as-a-service (NaaS)

The Last Watchdog

AUGUST 1, 2023

Mandal “In just four years, Nile has engineered an entirely new connectivity experience through a groundbreaking approach that prioritizes security and empowers IT to transform operations,” said Sumant Mandal, co-founder and managing partner at March Capital.

Wireless

Wireless Cloud Migration Marketing Engineering

SHARED INTEL Q&A: Everything the Cisco-Splunk merger tells us about the rise of SIEMs

The Last Watchdog

OCTOBER 17, 2023

SOAR uses the output of detection engines and investigations and recommends workflows or playbooks to build a response plan, saving time and effort. The MITRE Attack framework is an example of how various attack techniques, even if unique, can still be mapped to known techniques and procedures. LW: Anything else?

Marketing

Marketing Cloud Migration Threat Detection Firewall

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

I recently had the chance to discuss this with John Loucaides, vice-president of engineering at Eclypsium, a Beaverton, OR-based security startup that is introducing technology to scan for firmware vulnerabilities. Loucaides One type of common firmware vulnerability isn’t so much a coding flaw as it is an architectural soft spot, if you will.

Firmware

Firmware Cybersecurity Technology Engineering

Threat Model Thursday: BIML Machine Learning Risk Framework

Adam Shostack

FEBRUARY 27, 2020

The Berryville Institute of Machine Learning (BIML) has released “ An Architectural Risk Analysis of Machine Learning Systems.” Is the plan a set of meetings in which senior engineers discuss the threats? As always, my goal is to look at published threat models to see what we can learn. Section B is a map of attacks.

Risk

Risk Engineering Architecture Software

Google fixed a critical vulnerability in Chrome browser

Security Affairs

OCTOBER 30, 2024

Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an Inappropriate implementation issue that resides in Chrome’s V8 JavaScript engine.

Engineering

Engineering Architecture Hacking

Architecture Matters When it Comes to SSE

GUEST ESSAY: Cisco-Splunk merger will boost Snowflake – here’s how security teams can benefit.

Trending Sources

On the Cybersecurity Jobs Shortage

Big News! Seceon Acquires Helixera, Hires Founder as VP of Cybersecurity Solutions Architecture

NIST’s Post-Quantum Cryptography Standards

Apple's Tracking-Prevention Feature in Safari has a Privacy Bug

40 Zero-Day Vulnerabilities Found in Autodesk AutoCAD

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Black Hat Fireside Chat: How ‘enterprise browsers’ serve as a checkpoint to stop ChatGPT leakage

Software Vulnerabilities in the Boeing 787

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

My Philosophy and Recommendations Around the LastPass Breaches

Google fixed a critical vulnerability in Chrome browser

MerLoc – Local Debugging for Serverless Applications: Why and How

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Patch now! New Chrome update for two critical vulnerabilities

Frameworks for DE-Friendly CTI (Part 5)

RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery

SHARED INTEL: How ‘observability’ has enabled deep monitoring of complex modern networks

U.S. Security Agencies Release Network Security, Vulnerability Guidance

Amazon’s “Alexa Built-in” Threat Model

New modular ModPipe POS Malware targets restaurants and hospitality sectors

The Wait is Over for Secure Firewall 3100 Series

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

XCSSET malware now targets macOS 11 and M1-based Macs

Code similarity analysis with r2diaphora

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

7 top software supply chain security tools

News alert: AI SPERA integrates its ‘Criminal IP’ threat intelligence tool into AWS Marketplace

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

News alert: Zluri raises $20M funding round for SaaS management as identity features take off

India IIT offers BTech in Artificial Intelligence and Data Science

Open XDR vs. SIEM

Black Hat insights: Generative AI begins seeping into the security platforms that will carry us forward

Mozilla fixed a critical zero-day in Firefox and Thunderbird

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

News Alert: Nile raises $175 million in series C funding to deliver network-as-a-service (NaaS)

SHARED INTEL Q&A: Everything the Cisco-Splunk merger tells us about the rise of SIEMs

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Threat Model Thursday: BIML Machine Learning Risk Framework

Google fixed a critical vulnerability in Chrome browser

Stay Connected