Architecture and Information Security - Cyber Security Informer

Zero Trust Network Architecture vs Zero Trust: What Is the Difference?

Joseph Steinberg

JANUARY 4, 2023

But, even those who have a decent grasp on the meaning of Zero Trust seem to frequently confuse the term with Zero Trust Network Architecture (ZTNA). Zero Trust Network Architecture is an architecture of systems, data, and workflow that implements a Zero Trust model. In short, Zero Trust is an approach.

Architecture

Architecture Artificial Intelligence Encryption Cybersecurity

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. Effective implementation improves data throughput, system reliability, and overall security for any organization.

Architecture

Architecture Network Security Firewall Risk

On the Cybersecurity Jobs Shortage

Schneier on Security

SEPTEMBER 20, 2023

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

Cybersecurity

Cybersecurity CISO Engineering Architecture

Building a Ransomware Resilient Architecture

eSecurity Planet

DECEMBER 2, 2022

While security teams layer essential preventative measures, resilience measures also need to be implemented in an architecture to reduce the impact of ransomware attacks on your backups. Figure 1: Typical VLAN architecture. Figure 2: Resilient VLAN architecture. How could this have been prevented? Does this add latency?

Architecture

Architecture Ransomware Backups Firewall

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Security Affairs

JUNE 9, 2025

“Typically, bot infections involve shell scripts that initially survey the target machine to determine its architecture and select the corresponding binary. . “The request contains a malicious command that is a single-line shell script which downloads and executes an ARM32 binary on the compromised machine.”

IoT

IoT Firmware Malware Architecture

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

In this latest campaign, our investigation also uncovered prebuilt Hiatus binaries that target new architectures such as Arm, Intel 80386, and x86-64 and previously targeted architectures such as MIPS, MIPS64, and i386. reads the report published by Black Lotus Labs.

Architecture

Architecture Internet Internet Malware

DPRK-linked BlueNoroff used macOS malware with novel persistence

Security Affairs

NOVEMBER 7, 2024

The application bundle has the bundle identifier Education.LessonOne and contains a universal architecture (i.e., The second-state malware is a Mach-O x86-64 executable which can only run on Intel architecture Macs or Apple silicon devices with the Rosetta emulation framework installed.

Malware

Malware Risk Architecture Cryptocurrency

WebAuthn, Passwordless and FIDO2 Explained: Fundamental Components of a Passwordless Architecture

Duo's Security Blog

DECEMBER 6, 2022

While this isn’t entirely wrong, passwords are difficult to remember and rarely secure. Experts in the fields of data protection and information security now look towards new technologies to make system access much more secure.

Architecture

Architecture Authentication Passwords Technology

Google fixed a critical vulnerability in Chrome browser

Security Affairs

OCTOBER 30, 2024

Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple.

Engineering

Engineering Architecture Hacking Information Security

What Is a DMZ Network? Definition, Architecture & Benefits

eSecurity Planet

APRIL 7, 2023

These and many other network security solutions are ramped up specifically on the DMZ, making it so network administrators can often detect unusual behavior before unauthorized users try to move past the DMZ to access the LAN. Definition, Architecture & Benefits appeared first on eSecurityPlanet.

Architecture

Architecture Firewall Network Security Technology

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

OCTOBER 18, 2024

Knowledge of cloud systems architecture and how it interacts with various devices is invaluable. Blockchain: Developed primarily for cryptocurrency applications and maligned for manipulating those markets, blockchain can be a valuable security tool, as its universe of connected nodes is almost impossible to corrupt or destroy.

Cybersecurity

Cybersecurity Artificial Intelligence Penetration Testing CISO

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

“Our team quickly triaged the report and determined the risk to partners to be minimal,” said Patrick Beggs , ConnectWise’s chief information security officer. ” However, LastPass maintains that its “customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.”

Phishing

Phishing Architecture Passwords Accountability

Mirai botnets exploit Wazuh RCE, Akamai warned

Security Affairs

JUNE 10, 2025

These samples, named “morte,” support multiple architectures and link to C2 domains like nuklearcnc.duckdns[.]org Like the first variant, it targets multiple IoT architectures. org and galaxias[.]cc. Other samples (e.g., neon,” “k03ldc”) showed ties to V3G4 and LZRD variants with unique console strings.

Architecture

Architecture IoT Threat Detection Malware

NIST’s Post-Quantum Cryptography Standards

Schneier on Security

AUGUST 8, 2022

Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force. It took a couple of decades to fully understand von Neumann computer architecture; expect the same learning curve with quantum computing. The second uncertainly is in the algorithms themselves.

Encryption

Encryption Architecture Engineering Information Security

Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug

Security Affairs

FEBRUARY 15, 2025

“we have explored a suspicious (and quite common) architecture where authentication is enforced at a proxy later but then the request is passed through a second layer with different behavior.” ” reads the report published by Assetnote.

Firewall

Firewall Authentication Architecture Risk

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software.

Malware

Malware Advertising Antivirus Cybercrime

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Security Affairs

FEBRUARY 19, 2025

we have explored a suspicious (and quite common) architecture where authentication is enforced at a proxy later but then the request is passed through a second layer with different behavior. Fundamentally, these sorts of architectures lead to things like header smuggling and path confusion, which can result in many impactful bugs!

Firewall

Firewall Authentication Architecture Internet

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

The Hacker News

AUGUST 13, 2024

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite.

Architecture

Architecture Information Security

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.

Password Management

Password Management Passwords Encryption Backups

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

“We vigorously protect the privacy of our users while supporting the important work of law enforcement,” Google’s director of law enforcement and information security Richard Salgado told us. We have knowingly and willingly built the architecture of a police state, just so companies can show us ads.

Surveillance

Surveillance Wireless Accountability Architecture

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The most interesting characteristic of the Triada Trojan is its modular architecture, which gives it theoretically a wide range of abilities. Triada was designed with the specific intent to implement financial frauds, typically hijacking financial SMS transactions.

Malware

Malware Cryptocurrency Mobile Firmware

Get an Untrusted Security Advisor! Have Fun, Reduce Fail!

Anton on Security

OCTOBER 18, 2024

Many organizations are looking for trusted advisors , and this applies to our beloved domain of cyber/information security. How would you approach securing something? What are some ideas for doing architecture in cases of X and Y constraints? and only for a limited number of oracle use cases (give me precise answers!

Architecture

Architecture Risk CISO Cybersecurity

Chinese AI platform DeepSeek faced a “large-scale” cyberattack

Security Affairs

JANUARY 28, 2025

DeepSeek’s AI model is highly appreciated due to its exceptional performance, low costs, versatility across various industries, and innovative architecture that enhances learning and decision-making.

Artificial Intelligence

Artificial Intelligence DDOS Architecture Marketing

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

The experts used a diagnostic software to analyze the vehicle architecture, scan the Electronic Control Unit (ECU), identify its version, and test diagnostic functions. Kaspersky published research findings on the first-generation Mercedes-Benz User Experience (MBUX) infotainment system, specifically focusing on the Mercedes-Benz Head Unit.

Software

Software Architecture Media Engineering

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

“The adversaries appear to be well-resourced, patient, creative, and unusually knowledgeable about the internal architecture of the device firmware. ” concludes the report. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China-linked threat actors)

Firmware

Firmware Government Firewall Malware

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

Security Affairs

MARCH 19, 2025

” Rule files are configuration files that guide AI Agent behavior in code generation and modification, defining coding standards, project architecture, and best practices.

Architecture

Architecture Risk Hacking Software

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

MARCH 13, 2025

Kowski also emphasizes the need for a multi-layered security approach, stating that "multi-factor authentication, strong password policies, and zero-trust architecture are essential defenses that significantly reduce the risk of AI-powered attacks succeeding, regardless of how convincing they appear."

Malware

Malware Cybersecurity Cyber threats Threat Detection

News Alert: Silent Signal discovers a critical vulnerability in IBM i System – CVE-2023-30990

The Last Watchdog

JULY 7, 2023

This necessitates a shift in paradigm for both security professionals and vendors, as IBM i Systems have been renowned for their inherent security. IBM i users are strongly advised to prioritize regular scanning, vulnerability remediation, and patching to ensure the security of their systems.

Architecture

Architecture Hacking Media Government

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

Security Affairs

MAY 13, 2025

Once inside, they could access all user communications, steal data, impersonate users, and compromise credentials, posing major operational risks. ” reads the report published by Microsoft.

DNS

DNS Telecommunications Architecture Media

NASA identified 1,785 cyber incidents in 2020

Security Affairs

MAY 27, 2021

. • NASA lacked an Agency-wide risk management framework for information security and an information security architecture. The Security Operations Center lacks visibility and authority to manage information security incident detection and remediation for the entirety of NASA’s IT infrastructure.

Information Security

Information Security Cyber Attacks Mobile Architecture

U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

JUNE 12, 2025

These samples, named “morte,” support multiple architectures and link to C2 domains like nuklearcnc.duckdns[.]org Like the first variant, it targets multiple IoT architectures. org and galaxias[.]cc. Other samples (e.g., neon,” “k03ldc”) showed ties to V3G4 and LZRD variants with unique console strings.

This Mental Health Awareness Month, Cyber Resilience Starts Within

SecureWorld News

MAY 6, 2025

The cybersecurity industry has long since moved to a mental model of resilience when thinking about programs and architecture. The panel dives into a growing movement in cybersecurity leadership: shifting from reacting to burnout to building cultures of sustainable performance and resilience.

CISO

CISO InfoSec Cybersecurity Architecture

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Design your architecture in a way where the CMS back end (the behind-the-scenes content repository) is not directly coupled to the front end (the presentation system).

Data breaches

Data breaches Encryption Mobile Technology

Cybersecurity Certifications: The Key to Advancing Your Career in 2025

SecureWorld News

FEBRUARY 27, 2025

As global cybersecurity threats continue to rise, information security professionals must enroll in continuous education and training programs to acquire current knowledge and skills that help organizations thwart these costly risks. It focuses on enterprise security programs.

Cybersecurity

Cybersecurity Information Security Penetration Testing Backups

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The malicious code can target various architectures, it supports both flooder and backdoor capabilities. The primary target of NKAbuse is Linux desktops, however, it can target MISP and ARM architecture. NKN (New Kind of Network) is a decentralized peer-to-peer network protocol that relies on blockchain technology.

Malware

Malware Architecture Technology DDOS

News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training

The Last Watchdog

AUGUST 16, 2024

As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity measures and AI-driven security solutions.

Cybersecurity

Cybersecurity Architecture Technology Network Security

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. The vendors are well-intentioned.

eCommerce

eCommerce Cybersecurity B2B Marketing

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices.

Architecture

Architecture DDOS Advertising DNS

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs

MARCH 2, 2025

DragonForce Ransomware Group is Targeting Saudi Arabia Massive Botnet Targets M365 with Stealthy Password Spraying Attacks Notorious Malware, Spam Host Prospero Moves to Kaspersky Lab ACRStealer Infostealer Exploiting Google Docs as C2 #StopRansomware: Ghost (Cring) Ransomware The GitVenom campaign: cryptocurrency theft using GitHub Silent Killers: (..)

Malware

Malware Architecture IoT Ransomware

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

The need for reset and oversight is so great that a new class of technology is emerging to give organizations a better grip on the digital sprawl that’s come to define modern-day enterprise architecture. About the essayist: Chris Reffkin is chief information security officer at cybersecurity software and services provider Fortra.

Risk

Risk Cybersecurity Technology CISO

Multiple Git flaws led to credentials compromise

Security Affairs

JANUARY 27, 2025

“As we saw, text-based protocols are often vulnerable to injection, and a small architecture flaw can lead to a big security issue.” “I hope that this research helped the Git community to improve its security, and I am looking forward to seeing further research on Git-related projects.”

Architecture

Architecture Hacking Information Security

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

The Last Watchdog

FEBRUARY 26, 2023

At the developer level, they will fundamentally reshape how programmers do their work day in and day out – including employing more project management tools and secure system architecture frameworks to track and mitigate risks at any stage in the SDLC.

Cyber threats

Cyber threats Software Risk CISO

News Alert: Normalyze extends its DSPM platform to hybrid cloud and on-prem environments

The Last Watchdog

AUGUST 2, 2023

Padron “As our hybrid environment grew due to cloud migration and regulatory requirements, getting holistic visibility into our data stored on-premises and in the cloud is becoming a challenging task for our security and compliance teams,” said Nick Padron, Director of Information Security at Fairfield.

Cloud Migration

Cloud Migration Risk Architecture Media

Zero Trust Network Architecture vs Zero Trust: What Is the Difference?

Network Security Architecture: Best Practices & Tools

Trending Sources

On the Cybersecurity Jobs Shortage

Building a Ransomware Resilient Architecture

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

DPRK-linked BlueNoroff used macOS malware with novel persistence

WebAuthn, Passwordless and FIDO2 Explained: Fundamental Components of a Passwordless Architecture

Google fixed a critical vulnerability in Chrome browser

What Is a DMZ Network? Definition, Architecture & Benefits

Top 9 Trends In Cybersecurity Careers for 2025

ConnectWise Quietly Patches Flaw That Helps Phishers

Mirai botnets exploit Wazuh RCE, Akamai warned

NIST’s Post-Quantum Cryptography Standards

Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug

Banshee macOS stealer supports new evasion mechanisms

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

My Philosophy and Recommendations Around the LastPass Breaches

Google Responds to Warrants for “About” Searches

New Triada Trojan comes preinstalled on Android devices

Get an Untrusted Security Advisor! Have Fun, Reduce Fail!

Chinese AI platform DeepSeek faced a “large-scale” cyberattack

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Experts found multiple flaws in Mercedes-Benz infotainment system

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

News Alert: Silent Signal discovers a critical vulnerability in IBM i System – CVE-2023-30990

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

NASA identified 1,785 cyber incidents in 2020

U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog

This Mental Health Awareness Month, Cyber Resilience Starts Within

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Cybersecurity Certifications: The Key to Advancing Your Career in 2025

New NKAbuse malware abuses NKN decentralized P2P network protocol

News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

Multiple Git flaws led to credentials compromise

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

News Alert: Normalyze extends its DSPM platform to hybrid cloud and on-prem environments

Stay Connected