Architecture, Information and Information Security

Zero Trust Network Architecture vs Zero Trust: What Is the Difference?

Joseph Steinberg

JANUARY 4, 2023

But, even those who have a decent grasp on the meaning of Zero Trust seem to frequently confuse the term with Zero Trust Network Architecture (ZTNA). Zero Trust Network Architecture is an architecture of systems, data, and workflow that implements a Zero Trust model. In short, Zero Trust is an approach.

Architecture

Architecture Artificial Intelligence Encryption Cybersecurity

On the Cybersecurity Jobs Shortage

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity

Cybersecurity CISO Engineering Architecture

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. Effective implementation improves data throughput, system reliability, and overall security for any organization. These techniques can use built-in software features (for firewalls, operating systems, etc.)

Architecture

Architecture Network Security Firewall Risk

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.

Password Management

Password Management Passwords Encryption Backups

Building a Ransomware Resilient Architecture

eSecurity Planet

DECEMBER 2, 2022

While security teams layer essential preventative measures, resilience measures also need to be implemented in an architecture to reduce the impact of ransomware attacks on your backups. Figure 1: Typical VLAN architecture. Figure 2: Resilient VLAN architecture. How could this have been prevented? Does this add latency?

Architecture

Architecture Ransomware Backups Firewall

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data

Security Affairs

AUGUST 17, 2022

Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak ( CVE-2022-21233 ) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs.

Architecture

Architecture Firmware Software Information Security

NIST’s Post-Quantum Cryptography Standards

Schneier on Security

AUGUST 8, 2022

Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force. Check NIST’s webpage on the project for the latest information. And they had a lot of trouble publishing, as the authors wanted to remain anonymous.).

Encryption

Encryption Architecture Engineering Information Security

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

“Our team quickly triaged the report and determined the risk to partners to be minimal,” said Patrick Beggs , ConnectWise’s chief information security officer. ” However, LastPass maintains that its “customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”

Phishing

Phishing Architecture Passwords Accountability

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

The Hacker News

AUGUST 13, 2024

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite.

Architecture

Architecture Information Security

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

“We vigorously protect the privacy of our users while supporting the important work of law enforcement,” Google’s director of law enforcement and information security Richard Salgado told us. We have knowingly and willingly built the architecture of a police state, just so companies can show us ads.

Surveillance

Surveillance Wireless Accountability Architecture

News Alert: Silent Signal discovers a critical vulnerability in IBM i System – CVE-2023-30990

The Last Watchdog

JULY 7, 2023

This necessitates a shift in paradigm for both security professionals and vendors, as IBM i Systems have been renowned for their inherent security. Panczel The vulnerability identified by our team allows unauthorized entry for attackers using workstation user credentials, potentially granting access to sensitive information.

Architecture

Architecture Hacking Media Government

What Is a DMZ Network? Definition, Architecture & Benefits

eSecurity Planet

APRIL 7, 2023

These and many other network security solutions are ramped up specifically on the DMZ, making it so network administrators can often detect unusual behavior before unauthorized users try to move past the DMZ to access the LAN. Unfortunately, home networks tend to be easy to hack due to limited security investments on the part of the owner.

Architecture

Architecture Firewall Network Security Technology

NASA identified 1,785 cyber incidents in 2020

Security Affairs

MAY 27, 2021

Cyber attacks against the agency’s systems are not rare events, threat actors could attempt to steal critical information with sophisticated operations, and for this reason, it is essential for the agency to detect and mitigate them. Pervasive weaknesses exist in NASA IT internal controls and risk management practices. •

Information Security

Information Security Cyber Attacks Mobile Architecture

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

The data exfiltrated by the gang included classified information and sensitive personal data from the Federal Administration. Government experts discovered sensitive information, including personal data, technical information, classified details, and passwords, in approximately half of the Federal Administration’s files (5,182).

Ransomware

Ransomware Data breaches Unstructured Data Architecture

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems.

Architecture

Architecture DDOS Advertising DNS

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Security is also necessary if your retrieval system (such as a website or mobile app) has a paywall or is restricted to only a subset of people, such as customers or resellers. What about public information? Even if you give your content away, you don’t want to allow unauthorized people to add, delete, or tamper with your files.

Data breaches

Data breaches Encryption Mobile Technology

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

” The credentials exfiltrated by ModPipe allow operators to access database contents, including various definitions and configuration, status tables, and information about POS transactions. Other modules detailed by ESET are “ModScan 2.20,” that is used to collect additional information about the installed POS system (e.g.,

Malware

Malware Architecture Passwords Software

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. states the report published by Kaspersky. com Huobi binance.com nncall.net Envato login.live.com.

Malware

Malware Cryptocurrency Architecture Engineering

LastPass data breach: threat actors stole a portion of source code

Security Affairs

AUGUST 25, 2022

Password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. ” reads a notice published by the company.

Data breaches

Data breaches Password Management Passwords Architecture

News Alert: Normalyze extends its DSPM platform to hybrid cloud and on-prem environments

The Last Watchdog

AUGUST 2, 2023

Padron “As our hybrid environment grew due to cloud migration and regulatory requirements, getting holistic visibility into our data stored on-premises and in the cloud is becoming a challenging task for our security and compliance teams,” said Nick Padron, Director of Information Security at Fairfield.

Cloud Migration

Cloud Migration Risk Architecture Media

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. The vendors are well-intentioned.

eCommerce

eCommerce Cybersecurity B2B Marketing

Lastpass discloses the second security breach this year

Security Affairs

NOVEMBER 30, 2022

LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach.

Architecture

Architecture Passwords Data breaches Password Management

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

The need for reset and oversight is so great that a new class of technology is emerging to give organizations a better grip on the digital sprawl that’s come to define modern-day enterprise architecture. About the essayist: Chris Reffkin is chief information security officer at cybersecurity software and services provider Fortra.

Risk

Risk Cybersecurity Technology CISO

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Security Affairs

SEPTEMBER 17, 2021

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system. ” reads the security advisory. The flaw was reported by Kyriakos Economou from ZeroPeril.

Architecture

Architecture Authentication Hacking Information Security

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Alissa Abdullah is Mastercard’s deputy chief security officer, leading the Emerging Corporate Security Solutions team and responsible for protecting Mastercard’s information assets as well as driving the future of security. She also served as the deputy chief information officer of the White House.

Computers and Electronics

Computers and Electronics Technology Education Information Security

Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

Security Affairs

MAY 21, 2024

A vulnerability in the Fluent Bit Utility, which is used by major cloud providers, can lead to DoS, information disclosure, and potentially RCE. The vulnerability can trigger a denial-of-service (DoS) condition, lead to an information disclosure, and potentially remote code execution (RCE). and exists thru 3.0.3.

Architecture

Architecture IoT Hacking Risk

News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training

The Last Watchdog

AUGUST 16, 2024

As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity measures and AI-driven security solutions.

Cybersecurity

Cybersecurity Architecture Technology Network Security

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

CISSP (Certified Information Systems Security Professional). CISA (Certified Information Systems Auditor). CISA is ISACA’s (Information Systems Audit and Control Association) high-level certification designed for those who audit, control, monitor, and assess an organization’s information technology and business systems.

Cybersecurity

Cybersecurity Penetration Testing System Administration Cyber Attacks

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Security Affairs

AUGUST 18, 2024

This extortion campaign involved several security failures, including exposing environment variables, using long-lived credentials, and the lack of a least privilege architecture. This indicates that these threat actor groups are both skilled and knowledgeable in advanced cloud architectural processes and techniques.”

Architecture

Architecture Internet Internet Media

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

The Last Watchdog

FEBRUARY 26, 2023

At the developer level, they will fundamentally reshape how programmers do their work day in and day out – including employing more project management tools and secure system architecture frameworks to track and mitigate risks at any stage in the SDLC.

Cyber threats

Cyber threats Software Risk CISO

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Joseph Steinberg

JULY 13, 2022

the firm’s Head of Security Engineering and Architecture, is quoted as saying that Apple “makes the most secure mobile devices on the market.”. Also concerning is the fact that in Apple’s Lockdown announcement, Ivan Krsti?, Is that really true?

Cybersecurity

Cybersecurity Artificial Intelligence Government Social Engineering

Companies paid $4.2M bug bounties for XSS flaws in 2020

Security Affairs

OCTOBER 31, 2020

Information Disclosure accounts for 63% from last year. Information Disclosure was not far behind, increasing 63% year over year.” “Both methods expose potentially sensitive data like personally identifiable information. Information Disclosure was not far behind, increasing 63% year over year.”

Accountability

Accountability Advertising Architecture Hacking

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

Then the malware contacts the C2 and sends system information (i.e. computer name, user name, OS version, architecture type, list of installed anti-malware products) to the operators. Web 6 AVG 7 360 Total Security 8 Bitdefender 9 Norton 10 Sophos 11 Comodo 12 Windows Defender (assumed) 13. ” concludes the report.

Software

Software Malware Cybercrime VPN

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The malicious code can target various architectures, it supports both flooder and backdoor capabilities. The primary target of NKAbuse is Linux desktops, however, it can target MISP and ARM architecture. NKN (New Kind of Network) is a decentralized peer-to-peer network protocol that relies on blockchain technology.

Malware

Malware Architecture Technology DDOS

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures. All the variants support commands that allow operators to gather and upload files, and gather information about the machine. RustDoor is written in Rust language and supports multiple features.

Ransomware

Ransomware Architecture Malware Passwords

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

The campaign was uncovered by CrowdStrike by investigating a series of security incidents in multiple countries, the security firm added that the threat actors show an in-depth knowledge of telecommunications network architectures. ” reads the report published by Crowdstrike.

Telecommunications

Telecommunications Mobile Hacking Architecture

Talos wars of customizations of the open-source info stealer SapphireStealer

Security Affairs

SEPTEMBER 1, 2023

Cisco reported that multiple threat actors are customizing the SapphireStealer information stealer after the leak of its source code. SapphireStealer is an open-source information stealer written in.NET, which is available in multiple public malware repositories since its public release in December 2022.

Malware

Malware Data collection Architecture Hacking

News Alert: GhangorCloud selected to demo Deep AI-based capabilities at India’s G20 Summit

The Last Watchdog

AUGUST 7, 2023

This is a mega-summit as The Group of Twenty (G20) is the premier forum for international economic cooperation, and plays an important role in shaping and strengthening global architecture and governance on all major international economic issues. For more information, see [link]. San Jose, Calif.,

Data privacy

Data privacy Information Security Architecture Government

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

” According to the experts, the attackers have good knowledge about the internal architecture of the targeted platform. The analysis of the source code of the malware revealed that it access tables in the DB that contain logs of system events, information about VoIP gateways, and call metadata. ” concludes the analysis.

Malware

Malware Encryption Advertising Passwords

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

More than a third (39%) used the microservice architecture. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST. Most of the web applications were owned by companies based in Russia, China and the Middle East.

Passwords

Passwords Authentication Architecture Risk

Experts found a macOS version of the sophisticated LightSpy spyware

Security Affairs

MAY 30, 2024

The macOS version of LightSpy supports 10 plugins to exfiltrate private information from devices. ” The plugins for the macOS version are different from those for other platforms, reflecting the architecture of the target systems. The difference was in lateral local privilege escalation, which is OS-specific.”

Spyware

Spyware Malware Surveillance Mobile

Privacy and security in the software designing

Security Affairs

APRIL 22, 2021

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. Therefore, it’s essential to carry out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy.

Software

Software Data privacy Architecture Risk

CrowdStrike releases free Azure tool to review assigned privileges

Security Affairs

DECEMBER 25, 2020

As part of our secure IT architecture, CrowdStrike does not use Office 365 email.” Key information should be easily accessible.” ” reads the post published by Crowdstrike. “There was an attempt to read email, which failed as confirmed by Microsoft. ” reads the article published by Reuters.

Architecture

Architecture Hacking Accountability Risk

How Zero Trust helps CIOs and CTOs in Corporate Environments

CyberSecurity Insiders

JUNE 11, 2023

Zero Trust is a cybersecurity framework that can greatly support Chief Information Security Officers (CISOs) and Chief Technology Officers (CTOs) in their roles of securing organizational systems and data. With this information, they can make informed decisions, enforce access policies, and quickly respond to security incidents.

CISO

CISO Technology Architecture Cybersecurity

Zero Trust Network Architecture vs Zero Trust: What Is the Difference?

On the Cybersecurity Jobs Shortage

Trending Sources

Network Security Architecture: Best Practices & Tools

My Philosophy and Recommendations Around the LastPass Breaches

Building a Ransomware Resilient Architecture

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data

NIST’s Post-Quantum Cryptography Standards

ConnectWise Quietly Patches Flaw That Helps Phishers

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

Google Responds to Warrants for “About” Searches

News Alert: Silent Signal discovers a critical vulnerability in IBM i System – CVE-2023-30990

What Is a DMZ Network? Definition, Architecture & Benefits

NASA identified 1,785 cyber incidents in 2020

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

New modular ModPipe POS Malware targets restaurants and hospitality sectors

XCSSET malware now targets macOS 11 and M1-based Macs

LastPass data breach: threat actors stole a portion of source code

News Alert: Normalyze extends its DSPM platform to hybrid cloud and on-prem environments

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

Lastpass discloses the second security breach this year

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Meet the 2021 SC Awards judges

Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training

15 Top Cybersecurity Certifications for 2022

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Companies paid $4.2M bug bounties for XSS flaws in 2020

Amadey malware spreads via software cracks laced with SmokeLoader

New NKAbuse malware abuses NKN decentralized P2P network protocol

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

China-linked LightBasin group accessed calling records from telcos worldwide

Talos wars of customizations of the open-source info stealer SapphireStealer

News Alert: GhangorCloud selected to demo Deep AI-based capabilities at India’s G20 Summit

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Top 10 web application vulnerabilities in 2021–2023

Experts found a macOS version of the sophisticated LightSpy spyware

Privacy and security in the software designing

CrowdStrike releases free Azure tool to review assigned privileges

How Zero Trust helps CIOs and CTOs in Corporate Environments

Stay Connected