33 matches found
Cisco ISE 安全漏洞
Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that arises from observing error messages when calling affected API endpoint...
Safeguarding Skies: Airport Cybersecurity in the Digital Age
The aviation industry faces significant vulnerabilities from both physical and cybersecurity threats, highlighting the urgent need for enhanced cybersecurity measures amid increasingly sophisticated attacks. This paper systematically reviews emerging threats at airports, analyzing real-world...
Architectural Implications of the UK Cyber Security and Resilience Bill
The UK Cyber Security and Resilience CS&R Bill represents the most significant reform of UK cyber legislation since the Network and Information Systems NIS Regulations 2018. While existing analysis has addressed the Bill's regulatory requirements, there is a critical gap in guidance on the...
Framework for Integrating Zero Trust in Cloud-Based Endpoint Security for Critical Infrastructure
Cyber threats have become highly sophisticated, prompting a heightened concern for endpoint security, especially in critical infrastructure, to new heights. A security model, such as Zero Trust Architecture ZTA, is required to overcome this challenge. ZTA treats every access request as new and...
Cyberscurity Threats and Defense Mechanisms in IoT Network
The rapid proliferation of Internet of Things IoT technologies, projected to exceed 30 billion interconnected devices by 2030, has significantly escalated the complexity of cybersecurity challenges. This survey aims to provide a comprehensive analysis of vulnerabilities, threats, and defense...
Zero-Trust Strategies for O-RAN Cellular Networks: Principles, Challenges and Research Directions
Cellular networks have become foundational to modern communication, supporting a broad range of applications, from civilian use to enterprise systems and military tactical networks. The advent of fifth-generation and beyond cellular networks B5G introduces emerging compute capabilities into the...
New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security
Building on the momentum of our initial launch of the Microsoft Secure Future Initiative SFI patterns and practices, this second installment continues our commitment to making security implementation practical and scalable. The first release introduced a foundational library of actionable guidanc...
Addressing Weak Authentication like RFID, NFC in EVs and EVCs Using AI-Powered Adaptive Authentication
The rapid expansion of the Electric Vehicles EVs and Electric Vehicle Charging Systems EVCs has introduced new cybersecurity challenges, specifically in authentication protocols that protect vehicles, users, and energy infrastructure. Although widely adopted for convenience, traditional...
Prescriptive Zero Trust- Assessing the Impact of Zero Trust on Cyber Attack Prevention
Increasingly sophisticated and varied cyber threats necessitate ever improving enterprise security postures. For many organizations today, those postures have a foundation in the Zero Trust Architecture. This strategy sees trust as something an enterprise must not give lightly or assume too...
Holographic Projection and Cyber Attack Surface: a Physical Analogy for Digital Security
This article presents an in-depth exploration of the analogy between the Holographic Principle in theoretical physics and cyber attack surfaces in digital security. Building on concepts such as black hole entropy and AdS/CFT duality, it highlights how complex infrastructures project their...
The Evolution of Zero Trust Architecture (ZTA) from Concept to Implementation
Zero Trust Architecture ZTA is one of the paradigm changes in cybersecurity, from the traditional perimeter-based model to perimeterless. This article studies the core concepts of ZTA, its beginning, a few use cases and future trends. Emphasising the always verify and least privilege access, some...
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with...
CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities
The Computer Emergency Response Team of Ukraine CERT-UA has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust...
What is Zero Trust Architecture (ZTA) ?
Trust No One, Secure Everything: Unpacking Zero Trust Architecture In the ever-evolving landscape of cybersecurity, the traditional approach of building a robust wall around your network and trusting everything inside it is no longer sufficient. The rise of cloud computing, remote work, and mobil...
CISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture
Today, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management ICAM Reference Architecture to help federal civilian departments and agencies integrate their identity and access management IDAM capabilities into their ICAM architectures. Prior t...
Reducing your attack surface is more effective than playing patch-a-mole
On June 13, 2023 the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive BOD 23-02. BOD 23-02 is titled Mitigating the Risk from Internet-Exposed Management Interfaces, and requires federal civilian agencies to remove specific networked management interfaces...
CISA updates ransomware guidance
The Cybersecurity and Infrastructure Security Agency CISA has updated its StopRansomware guide to account for the fact that ransomware actors have accelerated their tactics and techniques since the original guide was released in September of 2020. The StopRansomware guide is set up as a one-stop...
Learn what an AI-driven future means for cybersecurity at Microsoft Secure
Maintaining security across today’s vast digital ecosystem is a team effort. AI and machine learning have helped to detect threats quickly and respond effectively. Yet we all know that the best defense still requires human wisdom and experience. From a frontline security operations admin to the...
Learn what an AI-driven future means for cybersecurity at Microsoft Secure
Maintaining security across today’s vast digital ecosystem is a team effort. AI and machine learning have helped to detect threats quickly and respond effectively. Yet we all know that the best defense still requires human wisdom and experience. From a frontline security operations admin to the...
Security Turbulence in the Cloud: Survey Says…
Over the past 15 years, the cloud has blown business into a new age of networking, for solid reasons: Small businesses can get online fast, using the same tools as the big companies; large companies can scale up and down to match demand; and organizations of all sizes can quickly react to busines...