Architecture and Whitepaper - Cyber Security Informer

Safety and Security in Automated Driving

Adam Shostack

JANUARY 2, 2025

Safety First For Automated Driving " is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. I also like Figure 27 & 28 (shown), showing risks associated with a generic architecture. Lets explore the risks associated with Automated Driving.

Risk

Risk Manufacturing Architecture Cybersecurity

Hoarding, Debt and Threat Modeling

Adam Shostack

JANUARY 30, 2025

This is why I included interpersonal factors in the Jenga whitepaper.) On the other side is a whiteboard with a software architecture diagram We all have too many tasks, and those where you cant imagine success, or where success seems not worth the price, are ones we want to skip.

Architecture

Architecture Engineering Software

Taming the Wild West of ML: Practical Model Signing with Sigstore

Google Security

APRIL 4, 2025

This could range from just a slight alteration of the model weights that control model behavior, to injecting architectural backdoors completely new model behaviors and capabilities that could be triggered only on specific inputs.

Risk

Risk Software Architecture

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

WHITEPAPER: Authentication Does Not Equal Zero Trust

Security Boulevard

MARCH 30, 2022

Many vendor claims are unclear as to what they’re promising in this space, but they are quite insistent that without Zero Trust network architectures, organizations are at great risk for data breaches and other network sabotage. The post WHITEPAPER: Authentication Does Not Equal Zero Trust appeared first on Security Boulevard.

Authentication

Authentication Architecture Data breaches Risk

Safety and Security in Automated Driving

Adam Shostack

JULY 8, 2019

“ Safety First For Automated Driving ” is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. I also like Figure 27 & 28 (shown), showing risks associated with a generic architecture.

Risk

Risk Manufacturing Architecture Cybersecurity

MITRE ATT&CK: The Magic of Application Mitigations

Cisco Security

MARCH 17, 2021

Today’s application architectures support fast, continuous innovation. Back end architectures use small, independent code modules called microservices. Clearly today’s application architectures use a lot of components, making them more complex, but the benefits run deep. They were simpler, sure, but so are horse-drawn carriages.

Architecture

Architecture Software Digital transformation Risk

A Spectre proof-of-concept for a Spectre-proof web

Google Security

MARCH 12, 2021

We've confirmed that this proof-of-concept, or its variants, function across a variety of operating systems, processor architectures, and hardware generations. In 2019, the team responsible for V8, Chrome’s JavaScript engine, published a blog post and whitepaper concluding that such attacks can’t be reliably mitigated at the software level.

Engineering

Engineering Architecture Software Firmware

Trust in transparency: Private Compute Core

Google Security

DECEMBER 8, 2022

Let us show you our work The publicly-verifiable architectures in PCC demonstrate how we strive to deliver confidentiality and control, and do it in a way that is verifiable and visible to users. To explain in even more detail, we’ve published a technical whitepaper for researchers and interested members of the community.

Data privacy

Data privacy Architecture Encryption Technology

Qualities of a Highly Available Cloud

McAfee

NOVEMBER 16, 2021

Instead, the best of breed functionality was purposefully reconstructed for SSE, using a microservices architecture that can scale elastically, and built on a platform-neutral stack that can run on bare metal and public cloud, equally effectively. From the start, the architecture was designed with zero trust in mind.

Architecture

Architecture Data privacy Software Engineering

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

Security Boulevard

JULY 21, 2022

NIST has developed a whitepaper which outlines the steps for migration to post-quantum cryptography. Prepare a quantum-safe architecture now. How will we respond if certain systems have updates while others have not? How can we cancel expired certificates? Crypto-agility. To overcome these challenges, careful planning is required.

Encryption

Encryption Authentication Backups Architecture

Securing Containers with NIST 800-190 and MVISION CNAPP

McAfee

DECEMBER 9, 2020

Companies have moved quickly to embrace cloud native applications and infrastructure to take advantage of cloud provider systems and to align their design decisions with cloud properties of scalability, resilience, and security first architectures.

Architecture

Architecture Risk Technology Penetration Testing

10 Cybersecurity Trends That Emerged in 2023

Security Boulevard

DECEMBER 19, 2023

Apparently, an employee at Company X used an LLM to help them finish a whitepaper. We need to remove biases about cybersecurity, particularly the false idea that security architecture, tools and systems we build are effective walls. They did something innocuous at first blush: Ask the AI to write an executive summary and a conclusion.

Cybersecurity

Cybersecurity Encryption Ransomware Backups

10 Lessons Learned from the Top Cyber Threats of 2021

Security Boulevard

JANUARY 10, 2022

We published a whitepaper about Tactics, Techniques, and Procedures (TTPs) and also tools utilized by the DarkSide threat actors. . Most notably, US-based Colonial Pipeline Company paid 4.4 million USD after its operations were brought to a halt by this ransomware campaign in May 2021. Lessons Learned: 3. Lessons Learned: 5.

Cyber threats

Cyber threats Ransomware Risk Architecture

Securing tomorrow's software: the need for memory safety standards

Google Security

FEBRUARY 25, 2025

Technologies like ARM's Memory Tagging Extension (MTE) and the Capability Hardware Enhanced RISC Instructions (CHERI) architecture offer a complementary defense, particularly for existing code. Looking forward, we're also seeing exciting and promising developments in hardware. This commitment is also reflected in our internal efforts.

Software

Software Technology Government Manufacturing

To Achieve Zero Trust Security, Trust The Human Element

Thales Cloud Protection & Licensing

MAY 6, 2021

While NIST has developed a blueprint for Zero Trust - you can read about it in this whitepaper - which can serve as a great start for your journey, organizations need to understand that Zero Trust is above all a mindset. Just like Hercules and the road of Virtue, Zero Trust is a path leading to better security.

Social Engineering

Social Engineering Authentication Passwords Technology

Establishing Security Maturity Through CIS Cyber Defense Framework

McAfee

APRIL 20, 2020

In this blog we set out to see how choosing the correct security controls framework can go a long way in establishing a secure foundation, which then allows Enterprise security designers/decision makers to make more informed solution choices while selecting the controls and vendor architectures.

Architecture

Architecture Risk Data breaches Cyber threats

How to confuse antimalware neural networks. Adversarial attacks and protection

SecureList

JUNE 23, 2021

For a more detailed overview of the various adversarial attacks on malware classifiers, see our whitepaper and “ A survey on practical adversarial examples for malware classifiers “ Our goal. We created a number of new models with different architectures. They can also scan any files using the anti-malware product.

Malware

Malware Technology Architecture Cybersecurity

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

ForAllSecure

APRIL 3, 2019

To learn more about the synergistic power of symbolic execution and fuzzing, download the “What is Behavior Testing” whitepaper here. We found that the key for effective dynamic testing is to use these two techniques together: use deep reasoning of symbolic execution on some runs, while continuously fuzzing in the background.

Technology

Technology Software Marketing CISO

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

ForAllSecure

APRIL 3, 2019

To learn more about the synergistic power of symbolic execution and fuzzing, download the “What is Behavior Testing” whitepaper here. We found that the key for effective dynamic testing is to use these two techniques together: use deep reasoning of symbolic execution on some runs, while continuously fuzzing in the background.

Technology

Technology Software Marketing CISO

A REFLECTION ON FORALLSECURE'S JOURNEY IN BOOTSTRAPPING BEHAVIOR TESTING TECHNOLOGY

ForAllSecure

APRIL 3, 2019

To learn more about the synergistic power of symbolic execution and fuzzing, download the “What is Behavior Testing” whitepaper here. We found that the key for effective dynamic testing is to use these two techniques together: use deep reasoning of symbolic execution on some runs, while continuously fuzzing in the background.

Technology

Technology Software Marketing CISO

If Infosec Was a Supermarket Business

Security Boulevard

FEBRUARY 27, 2023

Our imaginary supermarket architecture consists of: A main supermarket store. Check out the whitepaper on “ 5 Questions to Ask About Your EDR ” to help you make an informed decision. The core of our analogy will be comparing supermarket stock to a business’s data. A 24-hour convenience store. A distribution center.

InfoSec

InfoSec Cybersecurity Risk Technology

Learning Machine Learning Part 1: Introduction and Revoke-Obfuscation

Security Boulevard

APRIL 5, 2022

Their project README has some information on the background of the project in their own words, and the following resources give some more information on this awesome project: blog post , whitepaper , Black Hat USA slides , BlackHat USA presentation. Revoke-Obfuscation and this post stick purely to the obfuscation detection problem.

Architecture

Architecture InfoSec Risk Information Security

NDR unveiled as essential when complying with the Executive Order

Cisco Security

NOVEMBER 18, 2021

Also cited is the directive to follow the National Institute of Standards and Technology (NIST) guidance when modernizing networks within a zero-trust architecture (see NIST Special Publication 800-207 ). But organizations did not receive the same level of prescriptive guidance across the entirety of the order.

Threat Detection

Threat Detection Encryption Government Technology

Appsec Roundup - September 2024

Adam Shostack

JANUARY 2, 2025

Bertram Dorn and Paul Vixie of AWS have a new whitepaper, Building security from the ground up with Secure by Design. Michael Nygard has a nice write up on using Architecture Decision Records in Documenting Architecture Decisions that I hadnt seen before. MITRE released a mini-site titled Threat Modeling with ATT&CK v1.0.0.

Architecture

Cyber Security Informer

Safety and Security in Automated Driving

Hoarding, Debt and Threat Modeling

Webinars

Trending Sources

Taming the Wild West of ML: Practical Model Signing with Sigstore

Webinars

WHITEPAPER: Authentication Does Not Equal Zero Trust

Safety and Security in Automated Driving

MITRE ATT&CK: The Magic of Application Mitigations

A Spectre proof-of-concept for a Spectre-proof web

Trust in transparency: Private Compute Core

Qualities of a Highly Available Cloud

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

Securing Containers with NIST 800-190 and MVISION CNAPP

10 Cybersecurity Trends That Emerged in 2023

10 Lessons Learned from the Top Cyber Threats of 2021

Securing tomorrow's software: the need for memory safety standards

To Achieve Zero Trust Security, Trust The Human Element

Establishing Security Maturity Through CIS Cyber Defense Framework

How to confuse antimalware neural networks. Adversarial attacks and protection

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology

A REFLECTION ON FORALLSECURE'S JOURNEY IN BOOTSTRAPPING BEHAVIOR TESTING TECHNOLOGY

If Infosec Was a Supermarket Business

Learning Machine Learning Part 1: Introduction and Revoke-Obfuscation

NDR unveiled as essential when complying with the Executive Order

Appsec Roundup - September 2024

Stay Connected