Architecture and Government - Cyber Security Informer

Zero-Trust Architecture in Government: Spring 2025 Roundup

Lohrman on Security

MARCH 16, 2025

Where do things stand with the deployment of zero-trust architectures in federal, state and local governments across the country and the world? Heres a March 2025 roundup.

Architecture

Architecture Government

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. trillion in annual federal payments.

Government

Government Artificial Intelligence Banking Software

Where Are Governments in Their Zero-Trust Journey?

Lohrman on Security

SEPTEMBER 15, 2024

While the federal government deadline has arrived on implementing a zero-trust cybersecurity model, many state and local governments have committed to zero-trust architecture as well.

Government

Government Architecture Cybersecurity

“Always Verify”: Integrating Zero-Trust Security for Good Governance

Security Boulevard

JANUARY 24, 2025

While zero-trust architecture (ZTA) has many benefits, it can be challenging for companies because of a static mindset, increased costs and continuous maintenance.it The post Always Verify: Integrating Zero-Trust Security for Good Governance appeared first on Security Boulevard.

Government

Government Architecture Security Awareness Cybersecurity

Threat Modeling and Architecture

Adam Shostack

JANUARY 2, 2025

[no description provided] " Threat Modeling and Architecture " is the latest in a series at Infosec Insider. After I wrote my last article on Rolling out a Threat Modeling Program, Shawn Chowdhury asked (on Linkedin) for more informatioin on involving threat modeling in the architecture process. Have we done a good job?

Architecture

Architecture InfoSec Engineering Backups

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. This article explores network security architecture components, goals, best practices, frameworks, implementation, and benefits as well as where you can learn more about network security architecture.

Architecture

Architecture Network Security Firewall Risk

AI tool GeoSpy analyzes images and identifies locations in seconds

Malwarebytes

JANUARY 21, 2025

Graylark Technologies who makes GeoSpy says its been developed for government and law enforcement. 404 Media says the company trained GeoSpy on millions of images from around the world and can recognize distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships.

Media

Media Artificial Intelligence Identity Theft Surveillance

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Sophos, with the help of other cybersecurity firms, government, and law enforcement agencies investigated the cyber attacks and attributed them multiple China-linked APT groups, such as Volt Typhoon , APT31 and APT41 / Winnti. The Chinese hackers have also ramped up the use of zero-day vulnerabilities in targeted devices.

Firmware

Firmware Government Firewall Malware

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Promoting continuous learning in privacy tech, AI governance, and Zero Trust, alongside partnerships with educational institutions, helps build a skilled workforce to meet evolving regulatory demands.

Risk

Risk Threat Detection Technology Phishing

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The Ukrainian government experts noticed that some messages were sent from compromised contacts to increase trust. The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

CIA Network Exposed Through Insecure Communications System

Schneier on Security

AUGUST 29, 2018

But the CIA's interim system contained a technical error: It connected back architecturally to the CIA's main covert communications platform. government itself, according to one former official -- links the Chinese agencies almost certainly found as well.

Penetration Testing

Penetration Testing Architecture Firewall Government

Measuring the Security of IoT Devices

Schneier on Security

OCTOBER 3, 2019

It represents a wide range of either found in the home, enterprise or government deployments. MIPS is both the most common CPU architecture and least hardened on average. This dataset contains products such as home routers, enterprise equipment, smart cameras, security devices, and more. They look at the actual firmware.

IoT

IoT Firmware Data collection Architecture

Google's AI Trends Report: Key Insights and Cybersecurity Implications

SecureWorld News

FEBRUARY 25, 2025

Organizations should integrate AI-driven risk scoring into their Zero Trust architecture. As AI takes a larger role in cybersecurity, governance and ethical AI usage must become a priority. Regulatory compliance will become increasingly important as governments introduce AI security and privacy laws.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Cyber threats

DOGE.gov Debacle: How a Government Website Went to the Dogs and What It Means for Cybersecurity

Security Boulevard

FEBRUARY 14, 2025

The Department of Government Efficiency (DOGE) website was left vulnerable to unauthorized edits. This breach exposes critical flaws in government digital infrastructure and highlights the importance of robust security measures, even for seemingly innocuous websites.

Government

Government Cybersecurity Architecture

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide.

Ransomware

Ransomware IoT Encryption Social Engineering

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Security Affairs

DECEMBER 9, 2024

On June 20, 2024, the group targeted an Indonesian data center causing the disruption of around 210 critical government services, including customs and immigration. In addition to emails, hackers had potential access to IP addresses, architectural diagrams for businesses and health information.

Hacking

Hacking Ransomware Accountability Architecture

News alert: INE Security spotlights healthcare companies facing rising exposure to costly breaches

The Last Watchdog

MARCH 24, 2025

Some of the leading cybersecurity certifications being pursued in the healthcare sector include: CISSP (Certified Information Systems Security Professional) a globally respected credential covering security architecture, risk management, and governance.

Healthcare

Healthcare Penetration Testing Education Cybersecurity

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

We went over how Zero Trust Architecture ( ZTA ) is gaining steam — and how it embodies a critical paradigm shift necessary to secure hyper-interconnected services. Not coincidentally, industry standards groups and government regulators have stepped forward to embrace a vital supporting role.

Internet

Internet Internet IoT Manufacturing

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs

MARCH 2, 2025

DragonForce Ransomware Group is Targeting Saudi Arabia Massive Botnet Targets M365 with Stealthy Password Spraying Attacks Notorious Malware, Spam Host Prospero Moves to Kaspersky Lab ACRStealer Infostealer Exploiting Google Docs as C2 #StopRansomware: Ghost (Cring) Ransomware The GitVenom campaign: cryptocurrency theft using GitHub Silent Killers: (..)

Malware

Malware Architecture IoT Ransomware

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

This attack underscores a critical lesson for businesses: even the most vital institutions, such as a city government, are vulnerable to cyberthreats. With cyberthreats getting more advanced , businesses and local governments alike must work together to share resources, insights, and best practices to improve cybersecurity across the board.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Inrupt, Tim Berners-Lee's Solid, and Me

Schneier on Security

FEBRUARY 21, 2020

I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now. It moves the Internet away from overly-centralized power of big corporations and governments and towards more rational distributions of power; greater liberty, better privacy, and more freedom for everyone.

IoT

IoT Internet Internet Technology

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

The Hacker News

OCTOBER 25, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture," CERT-UA said.

Architecture

Architecture Government

When Ransomware Comes to (Your) Town

Dark Reading

JULY 19, 2021

While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.

Ransomware

Ransomware Architecture Government

BSides Sofia 2023 – Peter Kirkov, e-Government – Keynote

Security Boulevard

JULY 15, 2023

Permalink The post BSides Sofia 2023 – Peter Kirkov, e-Government – Keynote appeared first on Security Boulevard. Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.

Government

Government Architecture CISO Education

MY TAKE: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

The Last Watchdog

JULY 19, 2023

Yokohama added that the first step CISOs must take is to thoughtfully establish a meaningful security architecture, one that addresses the organization’s distinctive needs and also takes into account operations and governance. the architecture must come first, and then they can decide which product choices they would prefer.”

CISO

CISO Architecture Cloud Migration Network Security

China-linked APT Sharp Panda targets government entities in Southeast Asia

Security Affairs

MARCH 8, 2023

China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia.

Government

Government Malware Architecture Healthcare

BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions

Security Boulevard

JULY 16, 2023

Permalink The post BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions appeared first on Security Boulevard. Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.

Government

Government Hacking Architecture CISO

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

The Last Watchdog

MAY 24, 2023

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. federal government or not. The 4th Annual Multi-Cloud Conference and Workshop on ZTNA is an upcoming event for anyone interested in how the federal government is advancing standards in ZTNA.

Authentication

Authentication Banking Architecture Encryption

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

demands a structured approach to implementation and preparation. Each step, from initial technical review to mock assessments, is designed to build upon the previous, ensuring a seamless path to CMMC certification.

Password Management

Password Management Architecture Threat Detection Cybersecurity

Microsoft's Majorana 1 and the Path to Scalable Quantum Computing

SecureWorld News

FEBRUARY 20, 2025

Unlike previous quantum architectures that rely on fragile qubits prone to errors, Majorana 1 introduces topological qubits, leveraging a new class of materialdubbed topoconductorsto create a more stable and scalable system. To counter this risk, governments and enterprises are racing to implement quantum-resistant cryptography.

Encryption

Encryption Energy and Utilities Government Architecture

APT trends report Q3 2024

SecureList

NOVEMBER 28, 2024

The secure USB drive was developed by a government entity in Southeast Asia to securely store and transfer files between machines in sensitive environments. Chinese-speaking activity In July 2021, we detected a campaign called ExCone targeting government entities in Russia.

Malware

Malware Government Software Spyware

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Joseph Steinberg

JULY 13, 2022

Additionally, keep in mind that while Lockdown Mode may make it more difficult for attackers to exploit social engineering in order to compromise devices, until Apple more strictly controls what apps it allows in its app store , potential government spying remains a major problem. Is that really true?

Cybersecurity

Cybersecurity Artificial Intelligence Government Social Engineering

BSides Sofia 2023 – Deputy Minister Atanas Maznev e-Government, Rosen Kirilov, PhD, UNWE – Conference Opening

Security Boulevard

JULY 14, 2023

Permalink The post BSides Sofia 2023 – Deputy Minister Atanas Maznev e-Government, Rosen Kirilov, PhD, UNWE – Conference Opening appeared first on Security Boulevard. Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.

Government

Government Architecture CISO Education

The metaverse brings a new breed of threats to challenge privacy and security gatekeepers

CSO Magazine

JANUARY 23, 2023

The metaverse is coming; businesses and government agencies are already building virtual worlds to support city services, meetings and conferences, community building, and commerce.

Architecture

Architecture Manufacturing Education Media

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

government is sounding the alarm on a growing cybersecurity risk for critical infrastructureinternet-exposed Human-Machine Interfaces (HMIs). Instead of using secure solutions like VPNs or Zero Trust architectures, many HMIs were directly connected to the internet, exposing them to attackers.

Internet

Internet Internet Risk Passwords

AI in the Enterprise: Key Findings from the ThreatLabz 2025 AI Security Report

Security Boulevard

MARCH 20, 2025

As organizations work to establish AI governance frameworks, many are taking a cautious approach, restricting access to certain AI applications as they refine policies around data protection.U.S. Figure 1: Top AI applications by transaction volume Enterprises blocked a large proportion of AI transactions: 59.9%

Social Engineering

Social Engineering Phishing Risk Insurance

News alert: Zluri raises $20M funding round for SaaS management as identity features take off

The Last Watchdog

JULY 13, 2023

Having launched and scaled our discovery engine in 2020 to help companies understand their SaaS stacks better, we have since launched an identity governance tool to manage access and now are launching the Zluri co-pilot to help enable faster workflows.” About Zluri. For more information please visit [link]. About Lightspeed.

Marketing

Marketing Government Digital transformation Engineering

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

JANUARY 10, 2022

Related: The dangers of normalizing encryption for government use. Planning required processes and security components when initially building your architecture. Working with personal data in today’s cyber threat landscape is inherently risky. This can include: Security contours. Helping ensure data privacy. Unique IDs.

Risk

Risk Encryption Data privacy CISO

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

SecureWorld News

JANUARY 9, 2025

government than anything else," said Staynings. government (and many other national governments) have determined ransomware to be a form of terrorism. This needs to include their time and expenses to attend court hearings and government committees of inquiry. Cyber Command.

Cybersecurity

Cybersecurity Manufacturing Surveillance Ransomware

U.S. Security Agencies Release Network Security, Vulnerability Guidance

eSecurity Planet

MARCH 4, 2022

With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too. Purdue network architecture. Network Architecture and Design. Network Architecture and Design. Here’s some of the advice detailed in the document.

Network Security

Network Security Architecture Authentication Firewall

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

Centraleyes

FEBRUARY 17, 2025

Policy management is the sturdy scaffolding that supports governance, risk, and compliance (GRC) objectives while shaping corporate culture and ensuring adherence to regulatory obligations. Such a siloed approach obstructs governance and compliance, leaving critical blind spots. Govern Start with a Policy on Policies.

Architecture

Architecture Government Risk Technology

The role of unstructured data and Large Language Models in securing data

IT Security Guru

JUNE 11, 2024

As enterprises are typically built on both structured and unstructured data, if the models these users add unstructured data to aren’t trained and governed properly, the users risk compromising desired outcomes and the organisation’s security.

Unstructured Data

Unstructured Data Government Cloud Migration Artificial Intelligence

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. Xplain provides its services to several federal and cantonal government departments, the army, customs, and the Federal Office of Police (Fedpol). ” reads the report.

Ransomware

Ransomware Data breaches Unstructured Data Architecture

News Alert: Silent Signal discovers a critical vulnerability in IBM i System – CVE-2023-30990

The Last Watchdog

JULY 7, 2023

The recently discovered exploit in the DDM architecture, which enables attackers to execute a CL command as QUSER within a mere 5 seconds using a single IP address, highlights the need for further investigation into potential security concerns in IBM i Systems.

Architecture

Architecture Hacking Media Government

Zero-Trust Architecture in Government: Spring 2025 Roundup

DOGE as a National Cyberattack

Trending Sources

Where Are Governments in Their Zero-Trust Journey?

“Always Verify”: Integrating Zero-Trust Security for Good Governance

Threat Modeling and Architecture

Network Security Architecture: Best Practices & Tools

AI tool GeoSpy analyzes images and identifies locations in seconds

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

CIA Network Exposed Through Insecure Communications System

Measuring the Security of IoT Devices

Google's AI Trends Report: Key Insights and Cybersecurity Implications

DOGE.gov Debacle: How a Government Website Went to the Dogs and What It Means for Cybersecurity

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Deloitte denied its systems were hacked by Brain Cipher ransomware group

News alert: INE Security spotlights healthcare companies facing rising exposure to costly breaches

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Inrupt, Tim Berners-Lee's Solid, and Me

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

When Ransomware Comes to (Your) Town

BSides Sofia 2023 – Peter Kirkov, e-Government – Keynote

MY TAKE: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

China-linked APT Sharp Panda targets government entities in Southeast Asia

BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

Microsoft's Majorana 1 and the Path to Scalable Quantum Computing

APT trends report Q3 2024

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

BSides Sofia 2023 – Deputy Minister Atanas Maznev e-Government, Rosen Kirilov, PhD, UNWE – Conference Opening

The metaverse brings a new breed of threats to challenge privacy and security gatekeepers

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

AI in the Enterprise: Key Findings from the ThreatLabz 2025 AI Security Report

News alert: Zluri raises $20M funding round for SaaS management as identity features take off

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

3 Percent ($30B) of U.S. Military Funding Dedicated to Cybersecurity

U.S. Security Agencies Release Network Security, Vulnerability Guidance

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

The role of unstructured data and Large Language Models in securing data

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

News Alert: Silent Signal discovers a critical vulnerability in IBM i System – CVE-2023-30990

Stay Connected