Google Security

MARCH 4, 2024

In this post, we share our perspective on memory safety in a comprehensive whitepaper. We'll also highlight our commitments towards implementing several of the solutions outlined in the whitepaper, most recently with a $1,000,000 grant to the Rust Foundation , thereby advancing the development of a robust memory-safe ecosystem.

Software 110

Software Engineering Technology Risk 110

Anton on Security

DECEMBER 8, 2023

Those who read the original Netflix 2018 SOCless paper would be very familiar with an engineering-led model for D&R operations ( a more recent example ). Anton, you sound like a 2013 SOAR vendor whitepaper!” For an analyst to automate themselves out of a job, they also need to be an engineer!

Engineering 130

Engineering Phishing 130

Adam Shostack

JULY 8, 2019

“ Safety First For Automated Driving ” is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. One way to read it is that those disciplines have strongly developed safety cultures, which generally do not consider cybersecurity problems.

Risk 140

Risk Architecture Manufacturing Cybersecurity 140

Security Boulevard

MARCH 26, 2025

Next, we read Jim Sykoras excellent Owner or Pwned whitepaper, which dives into a lot more technical detail on which principal becomes the owner when objects are created, what owner permissions are abusable in different scenarios, and proactive and reactive considerations for implementing preventative controls.

Accountability 52

Accountability Engineering 52

CyberSecurity Insiders

JUNE 15, 2021

Way back in 1975, two members of the Institute of Electrical and Electronics Engineers (IEEE) authored a report about how to protect computer systems. To discover more about CISSP read our whitepaper, 9 Traits You Need to Succeed as a Cybersecurity Leader. To learn more about this compelling topic, read our latest article.

Computers and Electronics 77

Computers and Electronics InfoSec Engineering Cybersecurity 77

Anton on Security

AUGUST 9, 2023

“A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next” “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…” “Debating SIEM in 2023, Part 1” “Debating SIEM in 2023, Part 2” “SIEM Content, False Positives and Engineering (Or Not) Security” Data security: “How autonomic data security can help define cloud’s (..)

Threat Detection 130

Threat Detection Cloud Migration Encryption CISO 130

Google Security

MARCH 12, 2021

Posted by Stephen Röttger and Artur Janc, Information Security Engineers Three years ago, Spectre changed the way we think about security boundaries on the web. In 2019, the team responsible for V8, Chrome’s JavaScript engine, published a blog post and whitepaper concluding that such attacks can’t be reliably mitigated at the software level.

Engineering 145

Engineering Architecture Software Firmware 145

Google Security

JUNE 29, 2023

Nicolas Lidzborski, Principal Engineer and Jaishankar Sundararaman, Sr. Director of Engineering, Google Workspace In February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets , and Meet.

Encryption 131

Encryption Authentication Engineering Phishing 131

Security Boulevard

MARCH 3, 2022

Episode 27 “The Mysteries of Detection Engineering: Revealed!”. Data security: “New whitepaper: Designing and deploying a data security strategy with Google Cloud” [GCP Blog]. Top 5 Cloud Security Podcast by Google episodes: Episode 1“Confidentially Speaking”. Episode 2 “Data Security in the Cloud”. Left of SIEM? Right of SIEM?

Threat Detection 98

Threat Detection Cloud Migration Encryption Engineering 98

Security Affairs

OCTOBER 27, 2022

This instance left sensitive data open and was already indexed via popular IoT [internet of things] search engines. This instance left sensitive data open and was already indexed via popular IoT search engines. IoT search engines did not show any results for the Thomson Reuters instance before that day. Media giant with $6.35

IoT 127

IoT Engineering Passwords Media 127

Anton on Security

MAY 25, 2022

Changes in 2022 and Beyond in Cloud Security” Episode 8 “Zero Trust: Fast Forward from 2010 to 2021” Episode 27 “The Mysteries of Detection Engineering: Revealed!”

Threat Detection 100

Threat Detection Cloud Migration Encryption Engineering 100

Security Affairs

MARCH 24, 2020

However, I often get confronted with a simple but severe problem: malware samples referenced in blog posts, whitepaper or mentioned on social media like Twitter are usually not easily available.” ” abuse.ch MalwareBazaar follows a different approach: MalwareBazaar only tracks malware samples. No Adware (PUA/PUP).

Malware 83

Malware Adware Cyber threats Advertising 83

CyberSecurity Insiders

APRIL 21, 2021

The joke amongst engineers is that a half filled glass is two times larger than it needs to be. Fortunately, through some diligent efforts of clever engineers, the password experience is becoming easier for many people. A security engineer, or possibly a network administrator will perform the hands-on functions of IAM.

Passwords 89

Passwords Information Security Engineering Authentication 89

Google Security

JUNE 25, 2024

Google’s OSS-Fuzz and Security Engineering teams have been excited to assist AIxCC organizers in designing their challenges and competition framework. Competitors can easily reuse its existing toolchains, fuzzing engines, and sanitizers on AIxCC projects. One approach might be to use an LLM to suggest patches.

Hacking 91

Hacking Engineering Technology Cybersecurity 91

SecureWorld News

JULY 27, 2023

According to the new Uptycs whitepaper, Detecting the Silent Threat: 'Stealers are Organization Killers' (gated link), a variety of new info stealers have emerged this year, preying on Windows, Linux, and macOS systems. A new study from Uptycs has uncovered an increase in the distribution of information stealing malware.

Malware 93

Malware Social Engineering Passwords Accountability 93

Google Security

AUGUST 13, 2024

Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy, and Giles Hogben, Senior Director, Privacy Engineering, Android Your smartphone holds a lot of your personal information to help you get things done every day.

Artificial Intelligence 76

Artificial Intelligence Technology Firmware Engineering 76

Malwarebytes

JUNE 23, 2021

As explained by Peter Kaloroumakis, a principal cybersecurity engineer at MITRE who leads the work on D3FEND. The MITRE Corporation has also released a technical whitepaper (PDF) describing the basic principles and the design of this new framework. The post MITRE introduces D3FEND framework appeared first on Malwarebytes Labs.

Cyber threats 99

Cyber threats Cybersecurity Engineering Phishing 99

Google Security

JUNE 22, 2023

Anthony Weems, Information Security Engineer 2022 was a successful year for Google's Vulnerability Reward Programs (VRPs), with over 2,900 security issues identified and fixed, and over $12 million in bounty rewards awarded to researchers. 6th Prize - $13,373: Obmi for the report and write-up A Few Bugs in the Google Cloud Shell.

Engineering 79

Engineering Internet Internet Information Security 79

Security Affairs

MARCH 7, 2019

In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices. In December 2018 the company provided an update to its initial analysis revealing a disconcerting scenario, UPnProxy is still up and running.

Cyber Attacks 107

Cyber Attacks Advertising Firmware Data collection 107

Security Boulevard

DECEMBER 19, 2023

But from the very first days of ChatGPT’s massive initial release, the tinkerers among us anticipated the inevitable question: What’s an engineer going to do when they get their hands on this? Apparently, an employee at Company X used an LLM to help them finish a whitepaper. It’s also a privacy issue.

Cybersecurity 126

Cybersecurity Encryption Ransomware Backups 126

SecureWorld News

SEPTEMBER 3, 2020

The company rolled out a new whitepaper on its 5G network security and how the company claims to be a standout in the space. To solve for this, Verizon engineers have virtualized many of these functions and moved them to the cloud.". Verizon tries to stand out on 5G network cybersecurity.

Marketing 59

Marketing Cybersecurity Engineering DDOS 59

Cisco Security

APRIL 8, 2021

Our recent Cisco Identity Services Engine (ISE) 3.0 I encourage you to reach out to your Cisco representative to take a tour of Cisco Identity Services Engine 3.0 release focused on gaining dynamic visibility and making network segmentation easier to achieve within the workplace. Three ways ISE 3.0

IoT 65

IoT Engineering Mobile Authentication 65

Cisco Security

MARCH 17, 2021

Check out this great blog by Sujata Ramamoorthy , Senior Director of Security Engineering in our Security & Trust Organization. Check out our detailed whitepaper that maps all of our Cisco Secure solutions to MITRE ATT&CK Enterprise on our Cyber Frameworks page. Want to learn how we do it? Learn more about what we can do.

Architecture 131

Architecture Software Digital transformation Risk 131

Security Boulevard

DECEMBER 8, 2023

Those who read the original Netflix 2018 SOCless paper would be very familiar with an engineering-led model for D&R operations ( a more recent example ). Anton, you sound like a 2013 SOAR vendor whitepaper!” For an analyst to automate themselves out of a job, they also need to be an engineer!

Engineering 64

Engineering Phishing 64

SC Magazine

MAY 17, 2021

The researchers presented Monday afternoon at the RSA Conference, to tease a soon-to-be-released whitepaper of their work. AI could impact more than just social engineering. “The future we described turned out to be really quite accurate,” said Baines.

Manufacturing 95

Manufacturing IoT Technology Artificial Intelligence 95

NopSec

SEPTEMBER 17, 2013

NopSec security engineers generally recommend focusing efforts on near-term implementations of the highest-priority Controls and on upgrading existing implementations of some of the lower-level Controls. There is also some logical inter-dependencies to take into consideration.

Risk 40

Risk Engineering Information Security Software 40

Fox IT

DECEMBER 13, 2023

Reverse engineering mpengine.dll resulted in finding previously undocumented metadata in the Windows Defender quarantine folder that can be used for digital forensics and incident response. Skip to the end if you are interested in the results rather than the technical details of reverse engineering Windows Defender.

Encryption 128

Encryption Antivirus Engineering Data preservation 128

Thales Cloud Protection & Licensing

AUGUST 8, 2022

Everyone knows the usual song about how important passwords are for mobile devices, how to be aware of “shoulder surfers”, and all the perils of social engineering, and these risks are reiterated in the recent report. For more information on network security read our whitepaper on securing data in motion. Identity & Access Management.

Mobile 71

Mobile Social Engineering Risk Threat Reports 71

Thales Cloud Protection & Licensing

JANUARY 26, 2022

Stan Mesceda, Senior Product Manager at Thales and Eric Hay, Director of Field Engineering at Quantum Xchange, came together to discuss how to create a dynamic, crypto-agile infrastructure for future-proofing the security of your data and communications networks. Protecting Cross-Border Data Flows with Quantum-Safe Security.

Encryption 71

Encryption Marketing Data privacy Engineering 71

LRQA Nettitude Labs

JULY 5, 2023

Phishing and social engineering awareness : Raising awareness about common attack vectors like phishing emails, malicious links, or social engineering attempts that can lead to unauthorized access to data or system compromise.

Artificial Intelligence 52

Artificial Intelligence Data privacy Social Engineering Risk 52

Security Boulevard

SEPTEMBER 16, 2021

Episode 27 “The Mysteries of Detection Engineering: Revealed!”. Data security: “New whitepaper: Designing and deploying a data security strategy with Google Cloud” [GCP Blog]. Episode 17 “Modern Threat Detection at Google”. Episode 8 “Zero Trust: Fast Forward from 2010 to 2021”. Episode 2 “Data Security in the Cloud”.

Threat Detection 52

Threat Detection Cloud Migration Encryption Engineering 52

Thales Cloud Protection & Licensing

MAY 6, 2021

While NIST has developed a blueprint for Zero Trust - you can read about it in this whitepaper - which can serve as a great start for your journey, organizations need to understand that Zero Trust is above all a mindset. Jenny Radcliffe, People Hacker & Social Engineer.

Social Engineering 96

Social Engineering Authentication Passwords Technology 96

Security Boulevard

DECEMBER 20, 2021

Episode 27 “The Mysteries of Detection Engineering: Revealed!”. Data security: “New whitepaper: Designing and deploying a data security strategy with Google Cloud” [GCP Blog]. Episode 2 “Data Security in the Cloud”. Episode 17 “Modern Threat Detection at Google”. Episode 8 “Zero Trust: Fast Forward from 2010 to 2021”. Do They Matter?”.

Threat Detection 52

Threat Detection Cloud Migration Encryption Engineering 52

Thales Cloud Protection & Licensing

OCTOBER 25, 2018

Some of these include: Advanced persistent threats (APTs); Insider threats; Social engineering; and, Human error. The premise is solid, but, there are unfortunately many methods to penetrate a perimeter defense. If we focus primarily on perimeter defense, we will continue to see data breaches and exposure to our critical infrastructure.

Technology 66

Technology Cybersecurity Education Unstructured Data 66

Responsible Cyber

JULY 13, 2024

Recognize and avoid social engineering scams by educating yourself on common tactics. Social Engineering Scams : Manipulative tactics are employed to deceive investors into divulging confidential information or making unwise investments. Note: Continuous education about common social engineering tactics is vital.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

Fox IT

SEPTEMBER 2, 2020

To finish off, these models are included in our Splunk Managed Detection Engine to check for offensive & obfuscated PowerShell scripts on a regular interval. . Additional information on other defensive measures that can be put into place can also be found in the whitepaper. . Conclusion and recommendation. References. [1]

Cyber threats 54

Cyber threats Engineering 54

CyberSecurity Insiders

APRIL 12, 2021

Security Engineer. To discover more about CISSP read our whitepaper , Discover the Importance of being a qualified cybersecurity professional. Security Analyst.

Information Security 68

Information Security Computers and Electronics InfoSec Unstructured Data 68