Schneier on Security

APRIL 3, 2025

The next layer up is the file system architecture: the way those binary sequences are organized into structured files and directories that a computer can efficiently access and process. At the foundation level, bits are stored in computer hardware. creates the trusted environment that AI systems require to operate reliably.

Artificial Intelligence 257

Artificial Intelligence Architecture Internet Internet 257

Security Boulevard

SEPTEMBER 9, 2024

For today’s IT organizations, establishing a zero-trust (ZT) architecture is an ongoing process of refinements for existing networks, resources, methods and security capabilities. The post The Foundation of Zero-Trust Security Architecture appeared first on Security Boulevard.

Architecture 121

Architecture Security Awareness Cybersecurity 121

Adam Shostack

JANUARY 2, 2025

[no description provided] For Threat Model Thursday, I want to use current events here in Seattle as a prism through which we can look at technology architecture review. Let's transition from the housing crisis here in Seattle to the architecture crisis that we face in technology. Seattle has a housing and homelessness crisis.

Architecture 130

Architecture Marketing Technology Software 130

Schneier on Security

JULY 25, 2024

I am the Chief of Security Architecture at Inrupt, Inc. , This week, we announced a digital wallet based on the Solid architecture. the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. Right now, there are hundreds of different wallets, but no standard.

Architecture 327

Architecture Data privacy 327

Adam Shostack

JANUARY 2, 2025

I last discussed this in " Architectural Review and Threat Modeling ".) It's hard to face the mirror and say 'could I have done that better?' That's human nature. Sometimes, it can be easier to learn from an analogy, and I'll again go to physical buildings as a source. (I

Architecture 130

Architecture 130

The Last Watchdog

APRIL 16, 2025

Audrey Adeline , Researcher Audrey currently leads the Year of Browser Bugs (YOBB) project at SquareX which has disclosed multiple major architectural browser vulnerabilities to date. As part of the Year of Browser Bugs (YOBB) project, SquareX commits to continue disclosing at least one major architectural browser vulnerability every month.

Architecture 147

Architecture Ransomware Data breaches Education 147

The Last Watchdog

APRIL 16, 2025

And if this near-shutdown rattled operations, it also exposed an underlying architectural flaw. New architecture needed? Cipollone isnt just observing the problemhes actively rethinking the architecture. The entire system is too centralized, too brittle.

Architecture 130

Architecture Risk Cybersecurity Internet 130

Lohrman on Security

SEPTEMBER 15, 2024

While the federal government deadline has arrived on implementing a zero-trust cybersecurity model, many state and local governments have committed to zero-trust architecture as well.

Government 294

Government Architecture Cybersecurity 294

Tech Republic Security

MARCH 18, 2024

Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.

Architecture 195

Architecture Artificial Intelligence Software Network Security 195

Schneier on Security

FEBRUARY 13, 2025

Second, data exposure: Beyond accessing personal information and transaction records, these operators can copy entire system architectures and security configurations—in one case, the technical blueprint of the country’s federal payment infrastructure.

Government 363

Government Artificial Intelligence Banking Software 363

Schneier on Security

DECEMBER 7, 2022

This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function.

Architecture 264

Architecture Authentication 264

Schneier on Security

OCTOBER 22, 2021

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.

Telecommunications 360

Telecommunications Architecture Mobile Hacking 360

Adam Shostack

JANUARY 2, 2025

I also like Figure 27 & 28 (shown), showing risks associated with a generic architecture. Words like "risk" and "risk management" encompass a lot, and this figure is a nice side contribution of the paper. Having this work available allows systems builders to consider the risks to various components they're working on.

Risk 189

Risk Architecture Manufacturing Cybersecurity 189

Schneier on Security

MARCH 12, 2021

Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by attackers to footprint and later attack an organization.

Architecture 363

Architecture Software 363

The Last Watchdog

OCTOBER 23, 2023

Splunk’s inability to migrate to a modern cloud-native architecture makes it difficult to take advantage of these cost-saving benefits or implement advanced data science use cases critical for threat detection. Influxes of data ingestion and the flat architecture of data lakes have led to difficulties in extracting value from repositories.

Architecture 261

Architecture Threat Detection Engineering Data collection 261

Malwarebytes

OCTOBER 30, 2024

Technical details One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. Previous Chrome vulnerabilities reported by Apple turned out to be exploited by a commercial spyware vendor.

Spyware 143

Spyware Architecture Advertising Engineering 143

SecureWorld News

NOVEMBER 19, 2024

Technical leaders are uniquely positioned to embed trustworthiness into the organizational architecture, leveraging their expertise in systems thinking to drive sustained value and resilience. Every day, we manage complex architectures, ensuring each component works together to keep the organization running smoothly.

Marketing 113

Marketing Architecture Manufacturing Technology 113

Schneier on Security

JULY 30, 2021

ESP introduces a new client-side encryption architecture that includes a novel format-preserving image encryption algorithm, an encrypted thumbnail display mechanism, and a usable key management system. We have created Easy Secure Photos (ESP) to enable users to protect their photos on cloud photo services such as Google Photos.

Encryption 363

Encryption Architecture Mobile 363

Schneier on Security

OCTOBER 11, 2022

We conclude that machine-learning model security requires assurance of provenance along the entire technical pipeline, including the data, model architecture, compiler, and hardware specification.

Architecture 363

Architecture Software 363

The Last Watchdog

MARCH 18, 2025

Throughout 2025, SquareXs research team will disclose at least one critical web attack per month as part of the YOBB project, focusing on vulnerabilities that exploit architectural limitations of the browser and incumbent solutions. Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies.

Cybersecurity 130

Cybersecurity Architecture Media Password Management 130

The Last Watchdog

APRIL 10, 2025

The groups three core missions: Deepen scientific understanding of how AI models learn and predict; Create controllable AI environments using experimental physics models; Embed trust into the architecture itselfnot as an afterthought. If that sounds lofty, it is. Were now deep into that shift.

Artificial Intelligence 162

Artificial Intelligence Architecture Media Internet 162

Security Affairs

OCTOBER 30, 2024

Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple.

Engineering 132

Engineering Architecture Hacking Information Security 132

Tech Republic Security

SEPTEMBER 14, 2023

Red Box provides the open architecture for data capture. Uniphore then feeds that data into U-Capture, its conversational AI automation tool.

Data collection 200

Data collection Architecture Artificial Intelligence Big data 200

Security Affairs

DECEMBER 17, 2024

In this latest campaign, our investigation also uncovered prebuilt Hiatus binaries that target new architectures such as Arm, Intel 80386, and x86-64 and previously targeted architectures such as MIPS, MIPS64, and i386. reads the report published by Black Lotus Labs.

Architecture 101

Architecture Internet Internet Malware 101

Schneier on Security

MAY 16, 2022

It took us a couple of decades to fully understand von Neumann computer architecture. I’m sure it will take years of working with a functional quantum computer to fully understand the limits of that architecture. And some things that we think of as computationally hard today will turn out not to be.

Architecture 252

Architecture Cybersecurity Encryption 252

Schneier on Security

JUNE 10, 2021

Second, we show that our markpainting technique is transferable to models that have different architectures or were trained on different datasets, so watermarks created using it are difficult for adversaries to remove. This can be designed to reconstitute a watermark if the editor had been trying to remove it.

Architecture 357

Architecture Software 357

SecureWorld News

APRIL 16, 2025

Shared memory, shared risk This is the big one: GPUs rely on shared memory architectures. Researchers have demonstrated attacks that can extract neural network architecture and weights by observing GPU memory access patterns. This isn't science fiction. Orchestrators that expose internal metadata via unauthenticated endpoints.

Architecture 99

Architecture Artificial Intelligence Passwords Risk 99

Malwarebytes

JANUARY 21, 2025

404 Media says the company trained GeoSpy on millions of images from around the world and can recognize distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships. Using the tool to determine anyones location requires virtually no training, so anybody can do it.

Media 143

Media Artificial Intelligence Identity Theft Surveillance 143

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity 343

Cybersecurity CISO Engineering Architecture 343

Security Affairs

APRIL 2, 2025

The most interesting characteristic of the Triada Trojan is its modular architecture, which gives it theoretically a wide range of abilities. Triada was designed with the specific intent to implement financial frauds, typically hijacking financial SMS transactions.

Malware 120

Malware Cryptocurrency Mobile Firmware 120

Schneier on Security

JUNE 30, 2022

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities.

Malware 242

Malware DNS Architecture Hacking 242

IT Security Guru

JANUARY 9, 2025

Organisations should prioritise solutions built on zero-trust and zero-knowledge architectures for maximum security, privacy and control. Organisations should seek PAM solutions built on a zero-trust and zero-knowledge architectures to ensure the highest levels of security, privacy and control over sensitive data.

Cybersecurity 113

Cybersecurity Cyber threats Architecture Digital transformation 113

Security Boulevard

JANUARY 24, 2025

While zero-trust architecture (ZTA) has many benefits, it can be challenging for companies because of a static mindset, increased costs and continuous maintenance.it can be challenging for companies because of a static mindset, increased costs and continuous maintenance.

Government 82

Government Architecture Security Awareness Cybersecurity 82

The Last Watchdog

JUNE 5, 2024

Seclore facilitates data protection in a global productivity ecosystem that’s constantly shifting between on-premises, hybrid and cloud architectures. “We can ensure that only authorized users have access and can perform specific actions such as reading, editing, or printing,” he says.

Architecture 289

Architecture Marketing Internet Internet 289

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software.

Malware 119

Malware Advertising Antivirus Cybercrime 119

The Last Watchdog

JANUARY 7, 2025

SCALR uses a security data lake architecture to minimize SIEM costs, maximizing the user’s ability to store security events, and accelerate search and hunting capabilities. Security Risk Advisors SCALR XDR is both a platform, built on Microsoft Azure and a 247 monitoring service with Microsoft Sentinel.

Risk 130

Risk Penetration Testing Marketing Technology 130

Adam Shostack

JANUARY 30, 2025

On the other side is a whiteboard with a software architecture diagram Image by Midjourney: Today in one of our classes, a student compared starting to threat model to cleaning, home of a hoarder, boxes and books and stacks of paper to the cielings, hard to see evocative analogy, conversation.

Architecture 147

Architecture Engineering Software 147