Mobile Security

Related News

Enterprise-Ready Solutions for Physical Security

  • None
  • Published date: 2025-08-30 00:00:00

None

<h1>Enterprise-Ready Solutions for Physical Security</h1><h2>The Evolving Landscape of Physical Security</h2><p>Okay, so physical security isn't just about burly guards and big fences anymore, is it? It's kinda gone all high-tech.</p><ul> <li>Traditional physical security is morphing into a more connected, digital world, blurring the lines between physical and it infrastructures. Think about it, everything from cameras that use ai to smart locks are now connected.</li> <li>iot devices are now vital for physical security, but they also bring new risks. Consider hospitals using smart badges for access, or retail stores using networked cameras to track customer behavior and, prevent theft.</li> <li>This means physical and it security need to work together, something that wasn't always the case.</li> </ul><p>It's kinda like trying to separate peanut butter from jelly, these security forms are becoming harder to distinguish. <a href="https://securithings.com/blog/enterprise-readiness/">SecuriThings.com</a> points out how important this intersection between physical and it is for enterprise readiness.</p><p>This convergence means that vulnerabilities in one area can easily affect the other.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>Looking ahead, we'll see why this new landscape makes being "enterprise-ready" so darn critical.</p><h2>Key Components of Enterprise-Ready Physical Security</h2><p>Okay, so you've got all these fancy physical security gadgets – but how do you keep 'em from becoming a tangled mess? Turns out, being "enterprise-ready" means getting a handle on device management, and like, fixing problems before they blow up.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="59333d7732b85ec81a83c5fd-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="59333d7732b85ec81a83c5fd-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><ul> <li><strong>Centralized management</strong> is key. Imagine trying to control hundreds of security cameras, door sensors, and alarms <em>without</em> a single dashboard. Total nightmare, right? A unified platform lets you see everything, all in one place. Think of it like mission control for your entire physical security setup.</li> <li><strong>Automated updates</strong> are a lifesaver. Keeping firmware and software patched manually? Ain't nobody got time for that. Automation makes sure devices are always running the latest (and safest) versions, reducing vulnerabilities.</li> <li><strong>Remote diagnostics</strong> are a game-changer. Instead of sending someone on-site for every little glitch, you can troubleshoot remotely. This not only saves time and money but also helps resolve issues faster, keeping your security posture strong.</li> </ul><p>Consider a large hospital network. Implementing a system that centralizes management of all security devices – from badge readers to surveillance cameras – can significantly reduce response times to incidents. Plus, automated firmware updates ensure that vulnerabilities are patched quickly, preventing potential breaches. It's all about being proactive, not reactive.</p><pre><code class="language-mermaid">flowchart TD A[Identify Device Issue] --&gt; B{Is Remote Fix Possible?}; B -- Yes --&gt; C[Remotely Update/Patch Device]; B -- No --&gt; D[Dispatch Technician]; C --&gt; E[Issue Resolved]; D --&gt; E; E --&gt; F[System Back Online]; </code></pre><p>Getting all this right means a stronger, more reliable physical security setup. Next up, we'll look at how to beef up your cybersecurity by, get this, hardening those <em>physical</em> security devices. Who'd have thought?</p><h2>Leveraging SSO and CIAM for Enhanced Physical Security</h2><p>Isn't it annoying have to remember <em>different</em> passwords for, like, everything? Well, SSO and ciam can actually help with that in physical security too.</p><ul> <li><strong>Simplifying user authentication</strong> across different systems is a huge win. Think about hospitals, where staff needs access to buildings, medical records, and security systems. One login to rule them all!</li> <li><strong>Reducing password fatigue</strong>? Yes, please! Less stress on employees, and fewer help desk tickets, too. Plus, less chance of someone writing their password on a sticky note.</li> <li><strong>Enforcing mfa</strong> adds a layer of security that's hard to argue with. Even if a password gets compromised, that second factor makes it way harder for unauthorized access.</li> </ul><p>Think about a large corporate campus. Integrating sso and ciam, they can streamline access for employees <em>and</em> contractors, ensuring only authorized personnel can enter secure areas. Next, let's look at how ciam helps manage who gets to see what.</p><h2>Real-World Applications and Benefits</h2><p>Okay, so you've put in the work to make your physical security enterprise-ready, but does it actually, like, <em>do</em> anything? Turns out, yes!</p><ul> <li><strong>Reduced Incidents</strong>: Imagine fewer break-ins and security breaches 'cause your systems are actually talkin' to each other.</li> <li><strong>Cost Savings</strong>: Less downtime, fewer truck rolls, more money in your pocket. It's almost too easy.</li> <li><strong>Better Compliance</strong>: No more sweating over audits. You're covered.</li> </ul><p>Think about retail chains, where a centralized system can cut down losses just by, well, <em>working</em>. It's about makin' things efficient, innit?</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/enterprise-ready-solutions-for-physical-security/" data-a2a-title="Enterprise-Ready Solutions for Physical Security"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fenterprise-ready-solutions-for-physical-security%2F&amp;linkname=Enterprise-Ready%20Solutions%20for%20Physical%20Security" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fenterprise-ready-solutions-for-physical-security%2F&amp;linkname=Enterprise-Ready%20Solutions%20for%20Physical%20Security" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fenterprise-ready-solutions-for-physical-security%2F&amp;linkname=Enterprise-Ready%20Solutions%20for%20Physical%20Security" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fenterprise-ready-solutions-for-physical-security%2F&amp;linkname=Enterprise-Ready%20Solutions%20for%20Physical%20Security" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fenterprise-ready-solutions-for-physical-security%2F&amp;linkname=Enterprise-Ready%20Solutions%20for%20Physical%20Security" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://ssojet.com/blog">SSOJet - Enterprise SSO &amp;amp; Identity Solutions</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by SSOJet - Enterprise SSO &amp; Identity Solutions">SSOJet - Enterprise SSO &amp; Identity Solutions</a>. Read the original post at: <a href="https://ssojet.com/blog/enterprise-ready-solutions-for-physical-security">https://ssojet.com/blog/enterprise-ready-solutions-for-physical-security</a> </p>

Building Adaptable Security in a Dynamic Cloud

  • None
  • Published date: 2025-08-29 00:00:00

None

<h2>How Crucial is Adaptable Security for Dynamic Cloud?</h2><p>Where organizations increasingly shift their operations to the Cloud, the need for robust cybersecurity measures intensifies. But is traditional cybersecurity sufficient for this constantly adapting environment? Does the dynamic nature of the Cloud require an equally adaptable set of security solutions? The short answer is a resounding yes. Let’s explore why.</p><h2>Understanding the Dynamic Cloud’s Unique Challenges</h2><p>The dynamic cloud presents unique challenges quite unlike its traditional, on-premise counterpart. While it offers immense flexibility and scalability, it also carries inherent risks that necessitate innovative solutions. The traditional, hardened perimeter approach to cybersecurity is inadequate, as cloud environments are fluid, often extending beyond a fixed boundary.</p><h2>The Value of Non-Human Identities in this Dynamic Environment</h2><p>Within the Cloud, there exists an ecosystem of non-human identities (NHIs) – machine identities that consist of “secrets” or unique identifiers, permissions, and behaviors. These machine identities, if not properly managed, can present substantial cybersecurity vulnerabilities. Effective NHI management can help organizations significantly curb these risks and enhance their overall <a href="https://entro.security/blog/cybersecurity-predictions-2025/">cybersecurity posture</a>.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><h2>Adapting your Security Approach with NHI Management</h2><p>Managing NHIs involves a holistic approach that addresses every stage of the lifecycle, from discovery and classification to threat detection and remediation. This approach provides valuable insights into NHIs’ ownership, permissions, and usage patterns, enabling context-aware security.</p><h2>Benefits of Adaptable Cybersecurity in the Dynamic Cloud</h2><p>Deploying an adaptable cybersecurity solution that leverages NHI management results in several benefits:</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="9636064fac9e56c43410e125-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="9636064fac9e56c43410e125-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p>– <b>Reduced Risk:</b> With proactive identification and mitigation of security risks, you can substantially decrease the odds of breaches and data leaks.<br> – <b>Improved Compliance:</b> Adherence to regulatory requirements is easier with enhanced policy enforcement and audit trails.<br> – <b>Increased Efficiency:</b> Automation of NHI and secrets management allows security teams to concentrate on strategic tasks.<br> – <b>Enhanced Visibility and Control:</b> A consolidated view for access management and governance is ensured.<br> – <b>Cost Savings:</b> Automated secrets rotation and NHIs decommissioning can lead to operational cost reductions.</p><h2>Adaptable Security: The Way Forward in the Dynamic Cloud</h2><p>In conclusion, organizations navigating dynamic clouds need to adopt adaptable security solutions to thrive. By embracing NHI management, organizations can make great strides in protecting their cloud assets and data. This calls for a shift from traditional, rigid security measures to more flexible, adaptive solutions.</p><h2>Building Adaptable Security and Embracing the Dynamic Cloud</h2><p>The management of NHIs plays an integral role. By understanding and managing NHIs effectively, organizations can reduce risks, streamline operations, and ensure regulatory compliance. The need for such adaptive solutions cannot be understated.</p><p>Embracing dynamic clouds means being prepared to adapt and change. Using NHI management as a key component of an adaptable security strategy paves the way for a holistic, end-to-end protection.</p><p><a href="https://dynamiccampus.com/bi-solution-overview/" rel="noopener">Dynamic Campus</a> offers a detailed insight into why adaptable solutions are the future of cybersecurity. A closer look at their career opportunities reiterates the importance of cultivating a mindset that embraces adaptability. These resources can further assist organizations and cybersecurity professionals in understanding and implementing these adaptable solutions.</p><h2>Investigating the Layers of NHI Management</h2><p>NHI management is no longer an optional nicety; it’s a fundamental necessity with cloud-native architectures and machine identities. Let’s go one step further in understanding the concept.</p><p>The first layer of NHI management consists of discovery and classification. This empowered visibility aids in identifying insecure secrets, such as hard-coded credentials in application configurations or source codes, and classifying them accordingly for precise control.</p><p>The second layer of monitoring NHIs and secrets adds an active element to the management process. It involves tracking the behavior patterns of machine identities, understanding their usage, permissions, and the applications they interact with, providing crucial insights for anomaly detection and in-depth auditing.</p><p>The third layer, threat detection, leverages AI algorithms and machine learning for effective anomaly detection. This allows security teams to detect suspicious activities in real time, thereby facilitating immediate response.</p><p>The final layer is remediation. Once a threat or vulnerability has been identified, the next key step is to take quick, decisive action. This may involve revoking permissions, rotating secrets, or decommissioning NHIs as necessary.</p><h2>The Demand for Advanced Security in the Era of Dynamic Cloud</h2><p>Dynamic cloud presents myriad opportunities and challenges. With the surge in machine to machine communication, machine identities (NHIs) form an integral part of the communication fabric, involved in almost every transaction happening. Thus, they present an attractive target for cyber attackers.</p><p>According to a recent report by Active Cyber, around 70% of cyber attacks are attributed to misuse of valid credentials, which comprises NHIs. While traditional security solutions have been good at protecting human identities, the protection of non-human identities has become an increasing pain point, making it apparent that the need for NHI security is deeply embedded within our dynamic cloud reality.</p><h2>Fostering Trust and Confidence in the Dynamic Cloud</h2><p>Trust and confidence in our digital technologies are extremely important. Establishing trust in the dynamically changing clouds begins with securing machine identities. According to Columbus Global, “Trust comes from knowing that no unauthorized devices, applications, or users have infiltrated your network, and that data encryption and tokenization techniques are in place.” The drive toward this trust has positioned NHI management at the forefront of cybersecurity planning and initiatives.</p><h2>Beyond Automation: The Need for Context Awareness</h2><p>While automation is an important aspect of NHI management—especially for large-scale deployments—context-aware security takes it a step further. This approach provides a deeper understanding of NHI behavior, thus offering nuanced insights into security.</p><p>By making sense of the connections between NHIs and mapping out contextual information such as usual behaviors, privileges, and relationships, context-awareness enriches the efficacy of security frameworks. It offers improved threat detection, customized alerts, and the capability to react proactively to suspicious behavior, subsequently enhancing organizations’ security postures significantly.</p><h2>Empowering the Future of Cybersecurity</h2><p>Adopting a proactive approach to cybersecurity, underpinned by NHI management, accelerates the move towards securing the dynamic cloud. Enhanced visibility into machine activity and context-aware security strategies help reduce the risk profile, facilitate regulatory compliance, improve efficiency, and manage resources more effectively.</p><p>It’s become clear that the rapid evolution of the dynamic cloud necessitates flexible, holistic cybersecurity strategies that are equipped to manage NHIs effectively. Through NHI management, organizations can bolster their cybersecurity preparedness and resilience, thereby optimizing security expenditure while enhancing overall digital trust.</p><p>The emergence of adaptive NHIs management as a crucial aspect of cybersecurity indeed signifies a new era. Where organizations continue to evolve and embrace these advanced security practices, they build a sustainable model for digital trust and resilience.</p><p>Go more in-depth on implementing context-aware security and advanced NHI management strategies with <a href="https://www.business.att.com/content/dam/attbusiness/briefs/att-dynamic-exchange-brochure.pdf" rel="noopener">AT&amp;T’s Dynamic Exchange Brochure.</a></p><p>Expand your understanding of NHI management’s importance by delving into the following <a href="https://entro.security/blog/cybersecurity-risk-mitigation-recommendations-2024/"> Cybersecurity Risk Mitigation Recommendations,</a> the <a href="https://entro.security/blog/use-case-secure-non-human-identities/">Secure Non-Human Identities Use Case, </a>and the <a href="https://entro.security/blog/6-infamous-cybersecurity-leaks-of-2023/"> 6 Infamous Cybersecurity Leaks of 2023.</a></p><p>The post <a href="https://entro.security/building-adaptable-security-in-a-dynamic-cloud/">Building Adaptable Security in a Dynamic Cloud</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/building-adaptable-security-in-a-dynamic-cloud/" data-a2a-title="Building Adaptable Security in a Dynamic Cloud"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fbuilding-adaptable-security-in-a-dynamic-cloud%2F&amp;linkname=Building%20Adaptable%20Security%20in%20a%20Dynamic%20Cloud" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fbuilding-adaptable-security-in-a-dynamic-cloud%2F&amp;linkname=Building%20Adaptable%20Security%20in%20a%20Dynamic%20Cloud" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fbuilding-adaptable-security-in-a-dynamic-cloud%2F&amp;linkname=Building%20Adaptable%20Security%20in%20a%20Dynamic%20Cloud" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fbuilding-adaptable-security-in-a-dynamic-cloud%2F&amp;linkname=Building%20Adaptable%20Security%20in%20a%20Dynamic%20Cloud" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fbuilding-adaptable-security-in-a-dynamic-cloud%2F&amp;linkname=Building%20Adaptable%20Security%20in%20a%20Dynamic%20Cloud" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/building-adaptable-security-in-a-dynamic-cloud/">https://entro.security/building-adaptable-security-in-a-dynamic-cloud/</a> </p>

The Hidden Costs of Fragmented Security Infrastructure

  • Gagan Gulati
  • Published date: 2025-08-29 00:00:00

None

<p class="p1">Cybersecurity conversations often focus on the latest threats, breaches, or AI-powered responses. But beneath the surface of every high-profile attack lies a quieter, more persistent challenge: fragmentation.</p><p class="p1">Disconnected security tools, siloed data, and piecemeal visibility have become the norm—and the cost of that fragmentation is far greater than most organizations realize.</p><h3 class="p1"><b>Fragmentation Is the Enemy of Resilience</b></h3><p class="p1">In a world of hybrid work, multi-cloud environments, and constantly shifting attack surfaces, resilience isn’t just about response speed. It’s about anticipation and prevention. Yet many enterprises are running security stacks that resemble patchwork quilts—stitched together with point solutions deployed at different times for different purposes.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p class="p1">These fragmented environments make it harder to spot anomalies, correlate signals, and enforce consistent policies. Worse, they create blind spots that attackers are increasingly adept at exploiting. When data is siloed and visibility is incomplete, even the most advanced threat detection system is flying partially blind.</p><h3 class="p1"><b>The Toll: Operational, Financial, and Strategic</b></h3><p class="p1">Let’s be clear: fragmentation isn’t just a technical inconvenience—it’s an organizational liability.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="ca3d0ad0cb4cb01379d80605-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="ca3d0ad0cb4cb01379d80605-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><ol class="ol1"><li class="li1">Operational Drag: Security teams waste valuable time managing overlapping tools, reconciling alerts, and responding to false positives. Instead of focusing on strategic risk reduction, they’re stuck in reactive mode.</li><li class="li1">Increased Risk: Gaps between systems often become vectors for lateral movement or privilege escalation. Without unified visibility, attackers can dwell undetected for weeks—or longer.</li><li class="li1">Higher Costs: Maintaining redundant tools, duplicating data, and managing inconsistent policies across environments is expensive. And in the event of a breach, fragmented systems complicate forensic analysis and remediation.</li><li class="li1">Governance Challenges: Data privacy regulations increasingly demand provable control over data access and movement. Fragmentation makes it harder to demonstrate compliance—let alone automate it.</li></ol><h3 class="p1"><b>Consolidation Is the Foundation of Prevention</b></h3><p class="p1">True cyber resilience starts before the threat. It’s built on a native security-first architecture that aligns data protection, access control, and observability.</p><p class="p1">That means embedding data security into the infrastructure itself—not bolting it on after the fact. It means identity and access policies that span applications, clouds, and storage environments. And it means leveraging telemetry from across the entire stack—not just the security tools—to detect anomalous behavior in real time.</p><p class="p1">It’s not about consolidating for the sake of consolidation. It’s about cohesion: ensuring that your data infrastructure allows for a security posture that speaks the same language, shares context, and drives consistent enforcement across your entire data landscape.</p><h3 class="p1"><b>Data Is the New Control Plane</b></h3><p class="p1">As more enterprises adopt data-driven architectures, it’s time to treat data not just as an asset—but as a control plane. This requires an <a href="https://www.netapp.com/intelligent-data-infrastructure/"><span class="s1">intelligent data infrastructure</span></a> that understands where your data is, who’s accessing it, and how it’s moving across environments.</p><p class="p1">The future of cybersecurity won’t be defined by the best point product—it will be defined by how well an organization can observe, govern, and protect its data holistically. Fragmentation holds us back. Integration moves us forward.</p><h3 class="p1"><b>Final Thought</b></h3><p class="p1"><span class="s1"><a href="https://www.netapp.com/blog/empowering-cyber-resilience-digital-age/">Cyber resilience</a></span> is no longer a static goal—it’s a dynamic state.</p><p class="p1">Achieving it requires rethinking the foundations of security architecture, starting with the data layer. Organizations that prioritize integrated, data-centric security will not only reduce risk—they’ll gain the agility and insight needed to stay ahead in a volatile digital landscape.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/the-hidden-costs-of-fragmented-security-infrastructure/" data-a2a-title="The Hidden Costs of Fragmented Security Infrastructure"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fthe-hidden-costs-of-fragmented-security-infrastructure%2F&amp;linkname=The%20Hidden%20Costs%20of%20Fragmented%20Security%20Infrastructure" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fthe-hidden-costs-of-fragmented-security-infrastructure%2F&amp;linkname=The%20Hidden%20Costs%20of%20Fragmented%20Security%20Infrastructure" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fthe-hidden-costs-of-fragmented-security-infrastructure%2F&amp;linkname=The%20Hidden%20Costs%20of%20Fragmented%20Security%20Infrastructure" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fthe-hidden-costs-of-fragmented-security-infrastructure%2F&amp;linkname=The%20Hidden%20Costs%20of%20Fragmented%20Security%20Infrastructure" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fthe-hidden-costs-of-fragmented-security-infrastructure%2F&amp;linkname=The%20Hidden%20Costs%20of%20Fragmented%20Security%20Infrastructure" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

Why OT Security Demands Context, Not Just Controls

  • Alan Shimel
  • Published date: 2025-08-29 00:00:00

None

<div style="padding: 56.25% 0 0 0; position: relative;"><iframe style="position: absolute; top: 0; left: 0; width: 100%; height: 100%;" title="Navigating OT Security: Insights from Rockwell Automation Rick Kaun" src="https://player.vimeo.com/video/1113641404?badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479" frameborder="0"></iframe></div><p><script src="https://player.vimeo.com/api/player.js" type="86be50668b1190fa1ffe5518-text/javascript"></script></p><p data-start="563" data-end="1086">Operational technology (OT) security is no longer a niche concern—it’s front and center in today’s cyber conversations. At Black Hat this year, OT had a real moment, signaling that protecting critical infrastructure has finally caught the broader security community’s attention. Rick Kaun, global director of cybersecurity services at Rockwell Automation, unpacks what makes OT security so different—and why “think global, act local” is more than a catchphrase.</p><p data-start="1088" data-end="1546">Kaun traces his 25-year journey through the evolution of OT security, noting how IT-style controls don’t simply map onto industrial systems. A misconfigured patch or a routine reboot might be an inconvenience in IT, but in OT it can mean multimillion-dollar outages—or worse, safety risks. Unlike IT, OT environments run on decades-old equipment tied directly to physical processes, from pipelines to medical devices, where uptime and safety are paramount.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p data-start="1548" data-end="2049">Security has to be embedded into the very culture of manufacturing, much like safety systems. That means moving past one-off fixes and focusing on contextual data—understanding not just what vulnerabilities exist, but where they sit, how critical the affected assets are, and what protections are already in place. With that lens, organizations can prioritize risks, streamline responses, and build global strategies that adapt to local realities.</p><p data-start="2051" data-end="2315">The payoff is significant. Companies embracing this model are seeing major efficiency gains—turning what once took days of manual effort into hours—while giving boards and insurers the assurance that resiliency isn’t just an aspiration, but a measurable outcome.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="86be50668b1190fa1ffe5518-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="86be50668b1190fa1ffe5518-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p data-start="2317" data-end="2525">For manufacturers and critical infrastructure operators, the message is clear: Cybersecurity isn’t just about defense. It’s about keeping the systems that keep society running safe, reliable, and resilient.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/why-ot-security-demands-context-not-just-controls/" data-a2a-title="Why OT Security Demands Context, Not Just Controls"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fwhy-ot-security-demands-context-not-just-controls%2F&amp;linkname=Why%20OT%20Security%20Demands%20Context%2C%20Not%20Just%20Controls" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fwhy-ot-security-demands-context-not-just-controls%2F&amp;linkname=Why%20OT%20Security%20Demands%20Context%2C%20Not%20Just%20Controls" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fwhy-ot-security-demands-context-not-just-controls%2F&amp;linkname=Why%20OT%20Security%20Demands%20Context%2C%20Not%20Just%20Controls" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fwhy-ot-security-demands-context-not-just-controls%2F&amp;linkname=Why%20OT%20Security%20Demands%20Context%2C%20Not%20Just%20Controls" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fwhy-ot-security-demands-context-not-just-controls%2F&amp;linkname=Why%20OT%20Security%20Demands%20Context%2C%20Not%20Just%20Controls" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

Is Your IAM Solution Truly Scalable?

  • None
  • Published date: 2025-08-28 00:00:00

None

<h2>Is Your Identity and Access Management Approach Up to the Task?</h2><p>Could you be unknowingly compromising your cybersecurity by overlooking the importance of Non-Human Identities (NHIs) and Secrets Security Management? These vital aspects of Identity and Access Management (IAM) are critical in managing access control. Cybersecurity professionals and CISOs need to pay attention to the benefits of a robust and scalable IAM strategy, particularly one that includes robust management of NHIs.</p><h3>Understanding Non-Human Identities (NHIs) in IAM</h3><p>NHIs play a significant role, acting as machine identities. <a href="https://ieeexplore.ieee.org/document/10731084/" rel="noopener">NHIs are created by amalgamating a “Secret”</a>, an encrypted element akin to a passport, and the permissions this secret is granted by a server, akin to the visa based on your passport. The NHI and its secrets are the ‘tourist,’ with the IAM solution acting as the border control, regulating how the identities navigate.</p><h3>Necessity of a Comprehensive NHI Management Approach</h3><p>The introduction of secrets scanners and similar point solutions have demonstrated the need to manage NHIs and their secrets systematically. However, these scanners rarely offer overarching protection and often overlook essential lifecycle stages of NHIs.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>To address this gap, NHI management emphasizes a comprehensive approach, handling all lifecycle stages including discovery, classification, threat detection, and remediation. This approach arms organizations with invaluable insights into ownership, permissions, usage patterns, and potential vulnerabilities, allowing for adaptable, context-aware security.</p><h2>Why Prioritize Scalable IAM Solutions?</h2><p>The significance of scalable IAM can not be overemphasized. <a href="https://entro.security/blog/cybersecurity-predictions-2025/">Sustaining cybersecurity systems</a> that can evolve with growing businesses and ever-increasing data transactions is essential. A scalable IAM solution delivers numerous benefits:</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="0863f7518c82f701f6b933ba-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="0863f7518c82f701f6b933ba-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p>• <b>Reduced Risk</b>: Proactively identifying and alleviating security vulnerabilities, robust NHI management reduces the chances of data leaks and breaches.<br> • <b>Compliance</b>: Aiding organizations in meeting regulatory demands through audit trails and policy enforcement.<br> • <b>Efficiency</b>: Automating NHI and secret management, enabling security teams to concentrate on strategic initiatives.<br> • <b>Visibility and Control</b>: Providing a centralized mechanism for access management and governance.<br> • <b>Cost Savings</b>: Decreasing operational expenditure by automating secrets rotation and NHI decommissioning.</p><h3>Striving for Cloud Scalability</h3><p><a href="https://gajus.medium.com/lessons-learned-scaling-postgresql-database-to-1-2bn-records-month-edc5449b3067" rel="noopener">Cloud scalability has become a prime concern</a> across different industries including healthcare, financial services, travel, and DevOps, and SOC teams. This requirement amplifies the importance of scalable IAM solutions that can scale in tandem with an organization’s cloud resources.</p><h2>Towards a Secure, Scalable Future</h2><p>With businesses increasingly operate within the cloud, scalable IAM, including effective NHI management, is no longer optional but mandatory. Adopting a holistic approach to NHI management ensures that machine identities and their associated secrets are robustly secured yet flexible enough to provide the required access when needed.</p><p>It’s not just about restricting unauthorized access but also about facilitating the seamless operation of authorized entities. Focusing on the scalability of IAM solutions will enable organizations to rapidly adjust to the digital transformation needs of the future, equipping them with robust and resilient cybersecurity systems. Ultimately, for far-reaching control over cloud security, the integration of NHI and Secret management into a comprehensive, scalable IAM strategy is essential.</p><h3>Unpacking the risks surrounding NHIs and Secrets</h3><p>One may wonder, why all the fuss surrounding Non-Human Identities (NHIs) and Secrets? Think of NHIs as digital travelers moving. Like anyone traveling across borders, NHIs carry with them passports (secrets) granted specific access rights. However, not all travelers have benign intentions. It’s easy to overlook these identities, but any compromise to their integrity opens the door to a range of cybersecurity threats. For instance, an attacker that infiltrates an NHI has a prime opportunity to wreak havoc, given the system’s accompanying permissions and access rights.</p><h3>Harnessing data insights for effective NHI management</h3><p>Harnessing data insights is one way of enhancing the management of NHIs. With a growing volume and complexity of NHIs in use, it pays to leverage data science to highlight patterns, predictions, and anomalies. <a href="https://boldlink.io/2021/12/09/eks-oidc-users/" rel="noopener">Machine learning algorithms</a> can help in identifying unusual behavior or access patterns, effectively circumnavigating the limitation of human analysis.</p><h3>Industry adoption of NHI management</h3><p>Relevance and adoption of NHI and Secrets management stretch across various domains. Each industry has its specific needs and contexts, but all gain value in integrating secure and scalable IAM into their cybersecurity strategy. For example, in the financial services sector, a breach can cause a direct monetary loss and damage the company’s reputation. Both can be potentially mitigated or entirely avoided with proficient NHI management. Similarly, in the healthcare sector, protecting sensitive patient data is paramount for legal, ethical, and practical reasons.</p><h2>Secrets management: An essential pillar in NHI management</h2><p>Another crucial aspect of NHI management is the management of secrets. Each NHI carries a “Secret”, serving as a unique identifier equivalent to a passport, granting it specific access rights. Securing these secrets is of prime importance for ensuring system integrity. <a href="https://www.reddit.com/r/reactjs/comments/1dpq7wx/need_advice_redux_toolkit_query_vs_react_query/" rel="noopener">Automated secret rotation</a> as a part of identity lifecycle management can help to mitigate the risk of secrets falling into the wrong hands.</p><h3>NHI management: Demonstrating real value</h3><p>The value and impact of proficient NHI management aren’t merely theoretical. Reviews of <a href="https://entro.security/blog/6-infamous-cybersecurity-leaks-of-2023/">infamous cybersecurity leaks</a> in recent years highlight the vulnerabilities and potential consequences of poorly managed NHIs and secrets. These instances serve as a wakeup call and a stern reminder of the importance of future-proofing cybersecurity systems.</p><h3>The need for an integrated approach</h3><p>The path to effective NHI management must necessarily involve an integrated, systemic approach. This encompasses everything from the initial discovery and classification through to threat detection and remediation. Isolated point solutions or a myopic cybersecurity strategy will only expose organizations to potential security breaches and data leaks. However, an integrated approach addresses these risks proactively and comprehensively, further strengthening an organization’s cybersecurity posture.</p><h2>Getting Ahead of the Game with Optimal NHI Management</h2><p>In conclusion, mastering the management of NHIs and secrets is pivotal. This focus is not just advisable; it’s imperative. Given the escalating complexity of cyber securities, fueled by the surge in data transactions, maintaining control over all types of identities, human and non-human, demands immediacy. Investing resources into robust NHI and secrets management now equates to securing your organization’s future.</p><p>The post <a href="https://entro.security/is-your-iam-solution-truly-scalable/">Is Your IAM Solution Truly Scalable?</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/is-your-iam-solution-truly-scalable/" data-a2a-title="Is Your IAM Solution Truly Scalable?"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fis-your-iam-solution-truly-scalable%2F&amp;linkname=Is%20Your%20IAM%20Solution%20Truly%20Scalable%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fis-your-iam-solution-truly-scalable%2F&amp;linkname=Is%20Your%20IAM%20Solution%20Truly%20Scalable%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fis-your-iam-solution-truly-scalable%2F&amp;linkname=Is%20Your%20IAM%20Solution%20Truly%20Scalable%3F" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fis-your-iam-solution-truly-scalable%2F&amp;linkname=Is%20Your%20IAM%20Solution%20Truly%20Scalable%3F" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fis-your-iam-solution-truly-scalable%2F&amp;linkname=Is%20Your%20IAM%20Solution%20Truly%20Scalable%3F" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/is-your-iam-solution-truly-scalable/">https://entro.security/is-your-iam-solution-truly-scalable/</a> </p>

New York Attorney General Sues Zelle Parent Over Fraud Failures, Raising Stakes for Real-Time Payment Security

  • Teri Robinson
  • Published date: 2025-08-28 00:00:00

None

<p><span data-contrast="none">If Zelle thought it had sidestepped the wrath of the courts over the rampant fraud and a series of scams between 2017-2023, just because the Trump administration dropped a suit filed by the now-severely hobbled Consumer Financial Protection Bureau, then the company was sadly mistaken.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Waiting in the wings to avenge Zelle customers left scrambling, at risk and out over a billion dollars, was New Attorney General Letitia James, who doggedly pursued President Trump and who now has </span><a href="https://ag.ny.gov/press-release/2025/attorney-general-james-sues-company-behind-zelle-enabling-widespread-fraud" target="_blank" rel="noopener"><span data-contrast="none">filed a suit against Zelle’s parent Early Warning Services</span></a><span data-contrast="none">, a conglomerate of big banks, for failing to safeguard customers — accusing the company of poor security measures, chiefly failing to patch old vulnerabilities that they knew existed.  </span><b><span data-contrast="none"> </span></b><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“EWS knew from the beginning that key features of the Zelle network made it uniquely susceptible to fraud, and yet it failed to adopt basic safeguards to address these glaring flaws or enforce any meaningful anti-fraud rules on its partner banks,” the AG’s office said in a release.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p><span data-contrast="none">After the CFPB abandoned its efforts, James is seeking to get restitution and damages for the victims, vowing to get justice for “New Yorkers who suffered because of Zelle’s security failures.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><strong>The lawsuit brought by James against EWS “raises important questions about the responsibilities of real-time payment platforms in protecting consumers from fraud,” says John Anthony Smith, CSO at Fenix24.</strong><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="7789c7ffa6fb08e99139ffb7-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="7789c7ffa6fb08e99139ffb7-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><span data-contrast="none">While the longer-term answers are likely complex and require a dialogue between consumer agencies, regulators, banks, technologists and consumers, the short-term answer is “more than what Zelle did,” which, from previous reports, wasn’t much.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“I think there’s a reasonable argument that EWS could be doing more to meet basic consumer protection standards,” says Smith, though whether that might align with current legal requirements is for the courts to decide.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">And how much to award also lands squarely in the court of the judiciary. Quantifying loss in court can be challenging, but it can also be difficult for companies to assess loss — and associated risk — internally. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none"><strong>While Randolph Barr, CISO at Cequence, says that translating cyber risks into defensible financial terms requires both technical depth and financial fluency, he notes that is “a rare skill set to find in one person.”</strong> </span></p><p><span data-contrast="none">He explains that most companies struggle because “their risk teams are comfortable with qualitative ‘high/medium/low’ scoring, but lack the actuarial, statistical, and financial modeling experience” demanded by Factor Analysis of Information Risk (FAIR).</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“The cleanest way is to anchor it in the company’s risk management program and use FAIR,” which “ties security lapses to actual financial impact — the language boards, regulators, and courts care about — by modeling loss frequency and loss magnitude across direct fraud, legal/settlement costs, remediation, downtime, churn, and reputational impact,” he says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">To get it right, organizations must pull in “security practitioners who understand the threat landscape, risk analysts who can quantify probabilities, and finance/legal experts who can map losses to real-world costs,” says Barr. “Without the right people developing and validating the model, organizations risk producing numbers that look precise but don’t hold up under scrutiny from regulators, auditors, or in court.</span></p><p><span data-contrast="none">Smith doesn’t believe EWS is solely to blame for the proliferation of scams; he notes the platform could and should do more to protect customers.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none"><strong>Trey Ford, chief strategy and trust officer at Bugcrowd, says fraud and abuse losses and primary impacts can be organized and quantified than those caused by cybersecurity incidents.</strong> </span></p><p><span data-contrast="none">Noting that fraud and abuse teams “are battling misuse, abuse, malice, and crime, which requires a massive tranche of data and intelligence that is different from, but complimentary to, cybersecurity research, testing, and work,” he says addressing it “is often more complicated than simply changing a computer configuration, or installing a vendor patch” and “requires significant engineering, product feature planning, and adjustments in business strategy.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Fixing requires “significant engineering, product feature planning and adjustments in business strategy,” says Ford.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Smith called for stronger identity verification at the point of registration that includes names, email addresses, phone numbers and even geolocation data. “If someone claims a U.S. mailing address but is physically located abroad, that should raise a red flag.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Platforms could also include “a short delay, say 8 to 24 hours, for transfers to new recipients” to give users a window for canceling or reporting “suspicious activity before funds are irreversibly moved,” says Smith. “It’s a small friction that could make a big difference.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">For now, all eyes will be on the courts in New York. “Organizations with mature fraud and abuse teams, especially in the B2C space, will be watching this lawsuit closely,” says Ford.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">In the end, though, Barr believes there are no winners. “Some frame this as political, but controls were delayed for years while workable safeguards existed elsewhere,” he says</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">While a win for New York “would likely result in a fine and perhaps some mandated reforms,” says Smith, it remains to be seen “whether that translates into meaningful change for consumers, especially in terms of recovering lost funds.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Barr notes the implications of a NY win could be vast —”stronger requirements for networkwide fraud controls and reimbursement policies, faster adoption of UK-style protections in U.S. real-time payments, and more board accountability to document why known controls weren’t deployed sooner.”</span></p><p><span data-contrast="none">Unlike cybersecurity, the primary impacts and losses associated with fraud and abuse can be easily organized and quantified. Secondary and tertiary losses (loss of trust, brand impact, and, in this case, lawsuits) are hard to quantify and plan for in risk management and investment decisions.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">There is a natural (and correct) tension associated with privacy, and the need to de-anonymize users and usage patterns, to identify fraud and abuse, requiring strong alignment and commitment from the business, engineering and legal.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Addressing fraud and abuse is often more complicated than simply changing a computer configuration or installing a vendor patch. It requires significant engineering, product feature planning, and adjustments in business strategy. Organizations with mature fraud and abuse teams, especially in the B2C space, will be watching this lawsuit closely.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Whether that aligns with current legal requirements is a question for the courts. A win for New York would likely result in a fine and perhaps some mandated reforms. But whether that translates into meaningful change for consumers, especially in terms of recovering lost funds, remains to be seen.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Smith calls for stronger identity verification at the point of registration that includes names, email addresses, phone numbers, and even geolocation data. “If someone claims a U.S. mailing address but is physically located abroad, that should raise a red flag.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Platforms could also include “a short delay, say eight to 24 hours, for transfers to new recipients” to give users a window for canceling or reporting “suspicious activity before funds are irreversibly moved,” says Smith. “It’s a small friction that could make a big difference.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">That said, user education is just as critical. Many scams succeed not because of technical flaws, but because users are unaware of the risks. Platforms like Zelle should invest more in proactive education and in-app warnings to help users recognize and avoid scams.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">As for the lawsuit itself, I think there’s a reasonable argument that EWS could be doing more to meet basic <a href="https://securityboulevard.com/2024/05/ai-regulation-in-finance-steering-the-future-with-consumer-protection-at-the-helm/" target="_blank" rel="noopener">consumer protection standards</a>. Whether that aligns with current legal requirements is a question for the courts. A win for New York would likely result in a fine and perhaps some mandated reforms. But whether that translates into meaningful change for consumers, especially in terms of recovering lost funds, remains to be seen.</span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/new-york-attorney-general-sues-zelle-parent-over-fraud-failures-raising-stakes-for-real-time-payment-security/" data-a2a-title="New York Attorney General Sues Zelle Parent Over Fraud Failures, Raising Stakes for Real-Time Payment Security"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fnew-york-attorney-general-sues-zelle-parent-over-fraud-failures-raising-stakes-for-real-time-payment-security%2F&amp;linkname=New%20York%20Attorney%20General%20Sues%20Zelle%20Parent%20Over%20Fraud%20Failures%2C%20Raising%20Stakes%20for%20Real-Time%20Payment%20Security" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fnew-york-attorney-general-sues-zelle-parent-over-fraud-failures-raising-stakes-for-real-time-payment-security%2F&amp;linkname=New%20York%20Attorney%20General%20Sues%20Zelle%20Parent%20Over%20Fraud%20Failures%2C%20Raising%20Stakes%20for%20Real-Time%20Payment%20Security" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fnew-york-attorney-general-sues-zelle-parent-over-fraud-failures-raising-stakes-for-real-time-payment-security%2F&amp;linkname=New%20York%20Attorney%20General%20Sues%20Zelle%20Parent%20Over%20Fraud%20Failures%2C%20Raising%20Stakes%20for%20Real-Time%20Payment%20Security" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fnew-york-attorney-general-sues-zelle-parent-over-fraud-failures-raising-stakes-for-real-time-payment-security%2F&amp;linkname=New%20York%20Attorney%20General%20Sues%20Zelle%20Parent%20Over%20Fraud%20Failures%2C%20Raising%20Stakes%20for%20Real-Time%20Payment%20Security" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fnew-york-attorney-general-sues-zelle-parent-over-fraud-failures-raising-stakes-for-real-time-payment-security%2F&amp;linkname=New%20York%20Attorney%20General%20Sues%20Zelle%20Parent%20Over%20Fraud%20Failures%2C%20Raising%20Stakes%20for%20Real-Time%20Payment%20Security" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

AI, Malware, and the Rise of Software Development Infiltration

  • None
  • Published date: 2025-08-27 00:00:00

None

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/ai-malware-and-the-rise-of-software-development-infiltration" title="" class="hs-featured-image-link"> <img decoding="async" src="https://www.sonatype.com/hubfs/blog_cubical_network.png" alt="AI, Malware, and the Rise of Software Development Infiltration" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div><p>For years, security teams focused on defending against malicious code injected into open source projects and package repositories. At Sonatype, we’ve tracked <a href="https://www.sonatype.com/blog/sonatype-uncovers-global-espionage-campaign-in-open-source-ecosystems"><span>espionage campaigns</span></a>, <a href="https://www.sonatype.com/blog/shadow-downloads-how-developers-have-become-the-new-perimeter"><span>shadow downloads</span></a>, and <a href="https://www.sonatype.com/blog/open-source-malware-index-q2-2025"><span>targeted malware</span></a> designed to compromise development environments.</p><p><img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=1958393&amp;k=14&amp;r=https%3A%2F%2Fwww.sonatype.com%2Fblog%2Fai-malware-and-the-rise-of-software-development-infiltration&amp;bu=https%253A%252F%252Fwww.sonatype.com%252Fblog&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/ai-malware-and-the-rise-of-software-development-infiltration/" data-a2a-title="AI, Malware, and the Rise of Software Development Infiltration"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fai-malware-and-the-rise-of-software-development-infiltration%2F&amp;linkname=AI%2C%20Malware%2C%20and%20the%20Rise%20of%20Software%20Development%20Infiltration" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fai-malware-and-the-rise-of-software-development-infiltration%2F&amp;linkname=AI%2C%20Malware%2C%20and%20the%20Rise%20of%20Software%20Development%20Infiltration" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fai-malware-and-the-rise-of-software-development-infiltration%2F&amp;linkname=AI%2C%20Malware%2C%20and%20the%20Rise%20of%20Software%20Development%20Infiltration" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fai-malware-and-the-rise-of-software-development-infiltration%2F&amp;linkname=AI%2C%20Malware%2C%20and%20the%20Rise%20of%20Software%20Development%20Infiltration" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fai-malware-and-the-rise-of-software-development-infiltration%2F&amp;linkname=AI%2C%20Malware%2C%20and%20the%20Rise%20of%20Software%20Development%20Infiltration" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Aaron Linskens">Aaron Linskens</a>. Read the original post at: <a href="https://www.sonatype.com/blog/ai-malware-and-the-rise-of-software-development-infiltration">https://www.sonatype.com/blog/ai-malware-and-the-rise-of-software-development-infiltration</a> </p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div>

DigiCert Discloses Details of Two Massive DDoS Attacks

  • Michael Vizard
  • Published date: 2025-08-27 00:00:00

None

<p>DigiCert revealed today that over the last month it has <a href="https://www.digicert.com/blog/how-ultraddos-protect-stands-up-to-multi-terabit-attacks">thwarted two separate distributed denial of service (DDoS) attacks</a> that peaked at more than 2.4 and 3.7 terabits per second (Tbps).</p><p>Carlos Morales, senior vice president and general manager for DDoS and application security at DigiCert, said both attacks were thwarted by UltraDDoS Protect network but it’s also now a matter of time before these attacks might one day peak at 20-Tbps or higher.</p><p>The first 2.4-Tbps attack was aimed at an organization based in the Europe and Middle East (EMEA) region and had an impact of 553 Million packets per second (Mpps). The second 3.721-Tbps attack was aimed at an organization in the U.S. that had a 336 Mpps attack, with peak traffic rates lasting more than two minutes.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>The attack sources were widely distributed with the United States, Mexico, Canada, Japan, Israel and Taiwan being the sources of most of the traffic, with approximately 3 Gbps per aimed at the IP destination by the 3.7-Tbps attack.</p><p>There were also multiple smaller follow-on attacks after the initial surge, and all traffic was destined to port 443 which is the default for most web traffic, so it could not be simply filtered at the network border.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="4ca1dfd1a441b66e547da39b-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="4ca1dfd1a441b66e547da39b-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p>The DigiCert UltraDDoS Protect provides more than 15-Tbps of dedicated DDoS bandwidth to thwart these types of attacks, but it’s probable DDoS networks will need to scale higher to thwart DDoS attacks that are only going to increase in volume as cybercriminals continue to harness insecure infrastructure in the Internet of Things (IoT) era to launch carpet bombing types of attacks, said Morales.</p><p>In fact, with the rise of various illicit bot services it’s never been easier for cybercriminals to launch a DDoS attack, noted Morales. More troubling still, cybercriminals will also soon be using artificial intelligence (AI) to discover even more insecure devices to compromise, which will help fuel even larger attacks, he added.</p><p>Ultimately, any company that is relying on the Internet to drive revenue is at risk of a DDoS attack that could cripple their operations. It’s not clear how many organizations are not relying on some type of DDoS protection service to thwart these attacks, but as the volume and frequency of these attacks increases it is all too apparent that cybercriminals are enjoying enough success to warrant the effort, especially as the cost of launching these attacks continues to decline. In effect, these attacks are reaching a level of intensity that is going to be beyond the ability of any enterprise to thwart themselves, said Morales.</p><p>Hopefully, there will come a day when law enforcement officials working in collaboration across jurisdictions will be able to take down the botnets that are used to launch these attacks. In the meantime, however, cybersecurity teams at this point should assume it’s not only a matter of time before their organization is targeted. The issue then becomes determining how much protection will be needed based on the actual risk to the business a specific DDoS attack might represent.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/digicert-discloses-details-of-two-massive-ddos-attacks/" data-a2a-title="DigiCert Discloses Details of Two Massive DDoS Attacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdigicert-discloses-details-of-two-massive-ddos-attacks%2F&amp;linkname=DigiCert%20Discloses%20Details%20of%20Two%20Massive%20DDoS%20Attacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdigicert-discloses-details-of-two-massive-ddos-attacks%2F&amp;linkname=DigiCert%20Discloses%20Details%20of%20Two%20Massive%20DDoS%20Attacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdigicert-discloses-details-of-two-massive-ddos-attacks%2F&amp;linkname=DigiCert%20Discloses%20Details%20of%20Two%20Massive%20DDoS%20Attacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdigicert-discloses-details-of-two-massive-ddos-attacks%2F&amp;linkname=DigiCert%20Discloses%20Details%20of%20Two%20Massive%20DDoS%20Attacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdigicert-discloses-details-of-two-massive-ddos-attacks%2F&amp;linkname=DigiCert%20Discloses%20Details%20of%20Two%20Massive%20DDoS%20Attacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

Microsoft’s New AI Risk Assessment Framework – A Step Forward

  • None
  • Published date: 2025-08-26 00:00:00

None

<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUhWRi_X4xgp9R2Cu-2qWA0DcJp6b6gps601s9z9r_VIur3OAz8w6PNy_q9cQYTrf18r6_7RejA6VPHT-8hbN2Xlkn1WsdFVF6SMHbge46-S1W6J4-6dKKKucBkvbnRXPHfhTmdNb01rkAHyA6GYKA1ih2SlSrJdRbY7aHEYxSkezIEph-QqOYJxqCQJrZ/s707/Microsoft%20AI%20Security%20Risk%20Assessment.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img fetchpriority="high" decoding="async" border="0" data-original-height="613" data-original-width="707" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUhWRi_X4xgp9R2Cu-2qWA0DcJp6b6gps601s9z9r_VIur3OAz8w6PNy_q9cQYTrf18r6_7RejA6VPHT-8hbN2Xlkn1WsdFVF6SMHbge46-S1W6J4-6dKKKucBkvbnRXPHfhTmdNb01rkAHyA6GYKA1ih2SlSrJdRbY7aHEYxSkezIEph-QqOYJxqCQJrZ/s320/Microsoft%20AI%20Security%20Risk%20Assessment.png" width="320"></a></div><p class="graf graf--p" name="315f">Microsoft recently introduced a new framework designed to assess the security of AI models. It’s always encouraging to see developers weaving cybersecurity considerations into the design and deployment of emerging, disruptive technologies. Stronger security reduces the potential for harmful outcomes — and that’s a win for everyone.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p class="graf graf--p" name="594c">It is wonderful to see that Microsoft leveraged its expertise to publish a clear framework for anyone to use.</p><p class="graf graf--p" name="81d7">While this framework provides a reasonable foundation for securing Large Language Model (LLM) AI deployments, it falls short when applied to more advanced AI systems — especially those with agentic capabilities. This limitation in applicability highlights a persistent problem in cybersecurity: tools and practices are often outdated or under-scaled, even before the industry has a chance to implement them.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="994177f6d300c2a39a130e55-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="994177f6d300c2a39a130e55-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p class="graf graf--p" name="0ea1">AI is evolving at a breathtaking pace, and security adaptation consistently lags several steps behind. The release of this framework is a valuable step forward, but it’s critical to recognize that it’s just a step on a very long journey. The ongoing challenge is not to declare “mission accomplished,” but to treat security as a continuously adaptive process — always be looking to embrace the next best practices.</p><p class="graf graf--p" name="0087">Risk governance for AI requires ongoing investment, flexibility, and willingness to evolve. Even then, the best we may achieve is keeping pace with evolving risks, maintaining as few steps behind as possible.</p><p class="graf graf--p" name="5afc">Paper Download: <a class="markup--anchor markup--p-anchor" data-href="https://github.com/Azure/AI-Security-Risk-Assessment/blob/main/AI_Risk_Assessment_v4.1.4.pdf" href="https://github.com/Azure/AI-Security-Risk-Assessment/blob/main/AI_Risk_Assessment_v4.1.4.pdf" rel="noopener">https://github.com/Azure/AI-Security-Risk-Assessment/blob/main/AI_Risk_Assessment_v4.1.4.pdf</a></p><p class="graf graf--p" name="5afc"></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/microsofts-new-ai-risk-assessment-framework-a-step-forward/" data-a2a-title="Microsoft’s New AI Risk Assessment Framework – A Step Forward"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fmicrosofts-new-ai-risk-assessment-framework-a-step-forward%2F&amp;linkname=Microsoft%E2%80%99s%20New%20AI%20Risk%20Assessment%20Framework%20%E2%80%93%20A%20Step%20Forward" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fmicrosofts-new-ai-risk-assessment-framework-a-step-forward%2F&amp;linkname=Microsoft%E2%80%99s%20New%20AI%20Risk%20Assessment%20Framework%20%E2%80%93%20A%20Step%20Forward" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fmicrosofts-new-ai-risk-assessment-framework-a-step-forward%2F&amp;linkname=Microsoft%E2%80%99s%20New%20AI%20Risk%20Assessment%20Framework%20%E2%80%93%20A%20Step%20Forward" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fmicrosofts-new-ai-risk-assessment-framework-a-step-forward%2F&amp;linkname=Microsoft%E2%80%99s%20New%20AI%20Risk%20Assessment%20Framework%20%E2%80%93%20A%20Step%20Forward" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fmicrosofts-new-ai-risk-assessment-framework-a-step-forward%2F&amp;linkname=Microsoft%E2%80%99s%20New%20AI%20Risk%20Assessment%20Framework%20%E2%80%93%20A%20Step%20Forward" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://infosecstrategy.blogspot.com/">Information Security Strategy</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Matthew Rosenquist">Matthew Rosenquist</a>. Read the original post at: <a href="https://infosecstrategy.blogspot.com/2025/08/microsofts-new-ai-risk-assessment.html">https://infosecstrategy.blogspot.com/2025/08/microsofts-new-ai-risk-assessment.html</a> </p>

Developer Sentenced to Four Years for Sabotaging Employer’s Systems

  • Jeffrey Burt
  • Published date: 2025-08-25 00:00:00

None

<p>A former software developer for power management company Eaton Corporation who sabotaged the company’s IT systems will now spend four years in prison.</p><p>Davis Lu after a six-day trial in March was found guilty of creating malicious code that created “infinite loops” that caused system crashes within Eaton’s environment, deleted employee data and prevented people from logging in. He was <a href="https://www.justice.gov/opa/pr/texas-man-convicted-sabotaging-his-employers-computer-systems-and-deleting-data" target="_blank" rel="noopener">sentenced to prison</a> late last week.</p><p>Lu also developed a “kill switch” that he could trigger if he was ever fired that would lock out Easton workers from the company’s software. The kill switch was automatically deployed when he was fired in September 2019.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>Lu, a Chinese national who was living in Houston, worked for Eaton from 2007 to 2019, and became disgruntled in 2018 when the company – which is based in Beachwood, Ohio – when a corporate reorganization reduced his responsibilities and limiting his access to IT systems. He began writing the malicious code that year, according to prosecutors.</p><p>The infinite loop was “designed to exhaust Java threads by repeatedly creating new threads without proper termination and resulting in server crashes or hangs,” Justice Department (DOJ) prosecutors wrote after Lu was convicted.</p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="f15ec69420facafaeac69a9e-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="f15ec69420facafaeac69a9e-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p>According to a report compiled by Eaton investigators, the malicious code deployed by Lu resulted in more than $360,000 in losses for the company, which also noted that it took more than a year to remove Lu’s code from the systems.</p><h3>Damaging Protected Computers</h3><p>A federal jury in Ohio convicted Lu of causing intentional damage to protected computers, and he faced 10 years in prison. Instead, U.S. District Judge Pamela Barker sent him to prison for four years, followed by three years of supervised release.</p><p>“The extreme chaos caused by just one person who used his creative mind and technical talents to thwart his employer’s business operations was not only disruptive – it was criminal,” U.S. Attorney David Toepfer <a href="https://www.justice.gov/usao-ndoh/pr/chinese-national-sentenced-prison-deploying-destructive-computer-code-ohio-based" target="_blank" rel="noopener">said in a statement</a> after the sentencing.</p><p>According to The New York Times, Lu’s attorney, Peter Zeidenberg, said his client was <a href="https://www.nytimes.com/2025/08/22/business/eaton-corporation-hack-prison-sentence.html?fbclid=IwQ0xDSwMYc1ZleHRuA2FlbQIxMQABHhh2tQdiJWse_tdvnPmkYKzOE07oaC9wLfuLt9N_NZQW3cnwf_T-mGV5GwFM_aem_vejwUhzJpTRLFERt14tmoA&amp;sfnsn=mo" target="_blank" rel="noopener">disappointed by the jury verdict</a> in March and continues to say he’s innocent. Lu is “weighing his appeal options,” Zeidenberg said, according to the news organization.</p><p>The lawyer reportedly asked for a two-year sentence for Lu. Prosecutors asked for more than five.</p><h3>Naming the Malware</h3><p>FBI Special Agent Greg Nelsen said in after the sentencing that “Davis Lu was intent on inflicting widescale damage to his employer with reckless disregard.”</p><p>According to prosecutors, Lu named the kill switch he created “IsDLEnabledinAD,” which is short for “Is Davis Lu enabled in Active Directory.”</p><p>In addition, he gave names to other malware, including calling one program “Hakai,” a Japanese word for “destruction,” and another “HunShui,” a Chinese word meaning “sleep” or “lethargy.”</p><p>They also said that on the day he was told to turn in his company laptop, Lu deleted a range of encrypted data and ran a command aimed at making it impossible to use forensic software to recover the data.</p><p>Investigators also noted that his internet search history showed that Lu had studied ways to escalate privileges, hide processes, and rapidly delete files, which they said indicated “an intent to obstruct efforts of his co-workers to resolve the system disruptions.”</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/developer-sentenced-to-four-years-for-sabotaging-employers-systems/" data-a2a-title="Developer Sentenced to Four Years for Sabotaging Employer’s Systems"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdeveloper-sentenced-to-four-years-for-sabotaging-employers-systems%2F&amp;linkname=Developer%20Sentenced%20to%20Four%20Years%20for%20Sabotaging%20Employer%E2%80%99s%20Systems" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdeveloper-sentenced-to-four-years-for-sabotaging-employers-systems%2F&amp;linkname=Developer%20Sentenced%20to%20Four%20Years%20for%20Sabotaging%20Employer%E2%80%99s%20Systems" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdeveloper-sentenced-to-four-years-for-sabotaging-employers-systems%2F&amp;linkname=Developer%20Sentenced%20to%20Four%20Years%20for%20Sabotaging%20Employer%E2%80%99s%20Systems" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdeveloper-sentenced-to-four-years-for-sabotaging-employers-systems%2F&amp;linkname=Developer%20Sentenced%20to%20Four%20Years%20for%20Sabotaging%20Employer%E2%80%99s%20Systems" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fdeveloper-sentenced-to-four-years-for-sabotaging-employers-systems%2F&amp;linkname=Developer%20Sentenced%20to%20Four%20Years%20for%20Sabotaging%20Employer%E2%80%99s%20Systems" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

Public Wi-Fi Myths: Why You’re Probably Safer Than You Think

  • None
  • Published date: 2025-08-25 00:00:00

None

<p>Public Wi-Fi has a bad reputation — but in 2025, the “you’ll get hacked instantly” fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We’ll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might <span class="notion-enable-hover" data-token-index="1">actually</span> want to use a VPN.<!-- notionvc: 4c1a02aa-8323-49fc-bb7d-23c49d2ce2fd --></p><p><strong>** Links mentioned on the show **</strong></p><p>No links mentioned in this episode.</p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p><!-- notionvc: 17d9bc6d-8c44-4a36-9db1-17fde342d397 --></p><p><!-- notionvc: e3de0f66-e26f-4a06-b2a7-4816aa9d48a3 --></p><div class="code-block code-block-15" style="margin: 8px 0; clear: both;"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2091799172090865" crossorigin="anonymous" type="41fbc753a928a66b9bd1eab4-text/javascript"></script> <!-- SB In Article Ad 1 --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2091799172090865" data-ad-slot="8723094367" data-ad-format="auto" data-full-width-responsive="true"></ins> <script type="41fbc753a928a66b9bd1eab4-text/javascript"> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div><p><!-- notionvc: 91530a67-bb76-4ae0-bc72-6f9fa0abe6bd --></p><p><!-- notionvc: fc12dc07-4fad-4bf7-af27-608e52408c03 --></p><p><!-- notionvc: acf4c416-cc6b-426a-b4cd-4c9f66df6cb6 --></p><p><!-- notionvc: 88a160a5-1f28-444a-aacb-c577fab234c7 --><!-- notionvc: 4c797aac-e61c-4709-bfde-9b44b7533e21 --></p><p><!-- notionvc: 9c5c40e5-5031-4e60-8b50-66bc37374346 --></p><p><!-- notionvc: f403c979-1a0d-4041-9f6c-1d9d477f473e --></p><p><strong>** Watch this episode on YouTube **</strong></p><p><strong>** Become a Shared Security Supporter **</strong></p><p>Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! <a href="https://patreon.com/SharedSecurity">https://patreon.com/SharedSecurity</a></p><p><strong>** Thank you to our sponsors! **</strong></p><p><strong>SLNT</strong></p><p>Visit <a href="https://www.avantlink.com/click.php?tt=cl&amp;merchant_id=364b46a6-e620-4c44-bb24-6b4d59b0af40&amp;website_id=430328bd-a1b1-499e-a241-f5aa426345c2&amp;url=https%3A%2F%2Fslnt.com">slnt.com</a> to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.</p><p><strong>Click Armor</strong></p><p>To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: <a href="https://clickarmor.ca/sharedsecurity">https://clickarmor.ca/sharedsecurity</a></p><p><strong>** Subscribe and follow the podcast **</strong></p><p>Subscribe on YouTube: <a href="https://www.youtube.com/c/SharedSecurityPodcast">https://www.youtube.com/c/SharedSecurityPodcast</a></p><p>Follow us on Bluesky: <a href="https://bsky.app/profile/sharedsecurity.bsky.social">https://bsky.app/profile/sharedsecurity.bsky.social</a></p><p>Follow us on Mastodon: <a href="https://infosec.exchange/@sharedsecurity">https://infosec.exchange/@sharedsecurity</a></p><p>Join us on Reddit: <a href="https://www.reddit.com/r/SharedSecurityShow/">https://www.reddit.com/r/SharedSecurityShow/</a></p><p>Visit our website: <a href="https://sharedsecurity.net/">https://sharedsecurity.net</a></p><p>Subscribe on your favorite podcast app: <a href="https://sharedsecurity.net/subscribe">https://sharedsecurity.net/subscribe</a></p><p>Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: <a href="https://shared-security.beehiiv.com/subscribe">https://shared-security.beehiiv.com/subscribe</a></p><p>Leave us a rating and review: <a href="https://ratethispodcast.com/sharedsecurity">https://ratethispodcast.com/sharedsecurity</a></p><p>Contact us: <a href="https://sharedsecurity.net/contact">https://sharedsecurity.net/contact</a></p><p>The post <a href="https://sharedsecurity.net/2025/08/25/public-wi-fi-myths-why-youre-probably-safer-than-you-think/">Public Wi-Fi Myths: Why You’re Probably Safer Than You Think</a> appeared first on <a href="https://sharedsecurity.net/">Shared Security Podcast</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/08/public-wi-fi-myths-why-youre-probably-safer-than-you-think/" data-a2a-title="Public Wi-Fi Myths: Why You’re Probably Safer Than You Think"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fpublic-wi-fi-myths-why-youre-probably-safer-than-you-think%2F&amp;linkname=Public%20Wi-Fi%20Myths%3A%20Why%20You%E2%80%99re%20Probably%20Safer%20Than%20You%20Think" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fpublic-wi-fi-myths-why-youre-probably-safer-than-you-think%2F&amp;linkname=Public%20Wi-Fi%20Myths%3A%20Why%20You%E2%80%99re%20Probably%20Safer%20Than%20You%20Think" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fpublic-wi-fi-myths-why-youre-probably-safer-than-you-think%2F&amp;linkname=Public%20Wi-Fi%20Myths%3A%20Why%20You%E2%80%99re%20Probably%20Safer%20Than%20You%20Think" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fpublic-wi-fi-myths-why-youre-probably-safer-than-you-think%2F&amp;linkname=Public%20Wi-Fi%20Myths%3A%20Why%20You%E2%80%99re%20Probably%20Safer%20Than%20You%20Think" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F08%2Fpublic-wi-fi-myths-why-youre-probably-safer-than-you-think%2F&amp;linkname=Public%20Wi-Fi%20Myths%3A%20Why%20You%E2%80%99re%20Probably%20Safer%20Than%20You%20Think" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://sharedsecurity.net/">Shared Security Podcast</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Tom Eston">Tom Eston</a>. Read the original post at: <a href="https://sharedsecurity.net/2025/08/25/public-wi-fi-myths-why-youre-probably-safer-than-you-think/">https://sharedsecurity.net/2025/08/25/public-wi-fi-myths-why-youre-probably-safer-than-you-think/</a> </p>

War for Ukraine Day 1,277: Ukrainian Independence Day

  • Adam L Silverman
  • Published date: 2025-08-24 23:21:37

(Image by NEIVANMADE) Today is Ukrainian Independence Day. For Ukrainians, independence is not a gift — it is a fierce struggle, carried through generations and won by the courage and sacrifice of our best. Glory to Ukraine! Glory to the Heroes! [image or emb…

(Image by NEIVANMADE) Today is Ukrainian Independence Day. For Ukrainians, independence is not a gift it is a fierce struggle, carried through generations and won by the courage and sacrifice of ou… [+29741 chars]

25 Best-in-Class Colleges

  • Rob Wolfe, Nate Weisberg, Gillen Tener Martin and Jamaal Abdul-Alim
  • Published date: 2025-08-24 21:45:27

A selection of stand-out institutions from the Washington Monthly’s college rankings. The post 25 Best-in-Class Colleges appeared first on Washington Monthly.

Every fall, a familiar set of college rankings tell the same tired story. The wealthiest, most exclusive schools dominate the top. That leaves the vast majority of prospective studentswhose SAT score… [+81330 chars]

America’s Best Colleges for Research

  • Nate Weisberg
  • Published date: 2025-08-24 21:28:41

For the past two decades, the Washington Monthly has included in its annual college rankings measures of a university’s research prowess—its record of producing the new scholarship and scholars that drive economic growth and human flourishing. This year, we’v…

For the past two decades, the Washington Monthly has included in its annual college rankings measures of a universitys research prowessits record of producing the new scholarship and scholars that dr… [+12375 chars]

Lantronix Solution Powers U.S. Army-Approved Teal Drones, a Red Cat Holdings Co., Unlocking Secure Edge AI Growth Opportunity

  • Eric G
  • Published date: 2025-08-24 20:00:00

Lantronix Enables TAA- and NDAA-Compliant Edge AI Solution, Supporting Sensitive U.S. Government Missions and Expanding Long-Term Defense Market Positioning IRVINE, Calif., Aug. 18, 2025 – Lantronix Inc.(NASDAQ: LTRX), a global leader in compute and connectiv…

Lantronix Enables TAA- and NDAA-Compliant Edge AI Solution, Supporting Sensitive U.S. Government Missions and Expanding Long-Term Defense Market Positioning  IRVINE, Calif., Aug. 18, 2025 Lantronix … [+3094 chars]

How Congress Can Implement President Trump’s Election Reform Movement and Usher in Hand-marked, Hand-counted Paper Ballots at the Precinct Level

  • Brian Lupo
  • Published date: 2025-08-24 18:45:36

Last week, President Trump declared that he is leading “a movement to get rid of mail-in ballots” and “highly ‘inaccurate,’ very expensive, and seriously controversial voting machines,” claiming that they cost ten times more than “accurate and sophisticated w…

Screenshot: The White House Last week, President Trump declared that he is leading “a movement to get rid of mail-in ballots” and “highly ‘inaccurate,’ very expensive, and seriously controversial vo… [+11935 chars]

How Does a Firewall Work Step by Step

  • thehacknews
  • Published date: 2025-08-24 18:32:43

Understand what a firewall is, how it works step by step, and why it is essential for protecting your network. Learn about firewall types, packet filtering, stateful inspection, and modern security features in simple terms.

Every second, millions of data packets travel across the internet. These packets carry everything from emails and website data to confidential business transactions. Unfortunately, not all of this tr… [+5911 chars]

NVDA Earnings, PCE and Other Key Things to Watch this Week

  • Gavin McMaster
  • Published date: 2025-08-24 17:00:02

Markets enter a defining week following Friday's dramatic turnaround that saw the S&P 500 ($SPX) (SPY) and Dow hit new highs after Fed Chair Jerome Powell's ...

Markets enter a defining week following Friday's dramatic turnaround that saw the S&amp;P 500 ($SPX) (SPY) and Dow hit new highs after Fed Chair Jerome Powell's game-changing Jackson Hole speech decl… [+6216 chars]

Analysts detail 3 defense stock plays under the Trump administration

  • finance.yahoo.com
  • Published date: 2025-08-24 16:22:58

President Trump's push to enhance the military is creating opportunities for defense contractors. A provision in the One Big Beautiful Bill Act, signed in July, earmarked over $150 billion to invest in defense initiatives like AI systems, missile defense, and…

President Trump's push to enhance the military is creating opportunities for defense contractors.A provision in the One Big Beautiful Bill Act, signed in July, earmarked over $150 billion to invest i… [+147 chars]

BSSN, South Sulawesi partner to secure government data

  • Primayanti
  • Published date: 2025-08-24 16:19:03

The South Sulawesi Provincial Government (Pemprov Sulsel) together with the National Cyber and Crypto Agency (BSSN) continues to strengthen cooperation in ...

Makassar (ANTARA) - The South Sulawesi Provincial Government (Pemprov Sulsel) together with the National Cyber and Crypto Agency (BSSN) continues to strengthen cooperation in safeguarding cybersecuri… [+2364 chars]

South Korea Marketing Campaign Management Software Market: Growth

  • Optimark Digital Solution
  • Published date: 2025-08-24 15:24:48

South Korea Marketing Campaign Management Software Market size was valued at USD xx Billion in 2024 and is forecasted to grow at a CAGR of xx% from 2026 to 2033, reaching USD xx Billion by 2033. South Korea Marketing Campaign Management Software Market: Key H…

South Korea Marketing Campaign Management Software Market: Key Highlights <ul><li>Segment Insights &amp; Market Penetration: The South Korean market exhibits a strong preference for integrated marke… [+10424 chars]

DRDO successfully tests indigenous air defence system, advancing ‘Mission Sudarshan Chakra’ goals for 2035

  • Amrita Nayak Dutta
  • Published date: 2025-08-24 14:45:49

Answering the Prime Minister’s call on Independence Day, India takes its first decisive step toward a self-reliant, multi-domain defence shield

The Defence Research and Development Organisation (DRDO) successfully conducted maiden flight tests of the Integrated Air Defence Weapon System (IADWS), off the Odisha coast around 12.30 pm Sunday.Th… [+3268 chars]

AI Attack Blueprint : Are AI Systems Leaving Us Vulnerable?

  • Julian Horsey
  • Published date: 2025-08-24 14:01:51

What if the very tools designed to transform industries could also dismantle them? As artificial intelligence (AI) rapidly integrates into enterprise systems, it’s not just transforming workflows, it’s creating an entirely new battlefield. From prompt injecti…

What if the very tools designed to transform industries could also dismantle them? As artificial intelligence (AI) rapidly integrates into enterprise systems, its not just transforming workflows, its… [+8919 chars]

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. "On the first successful login, the package sends the t…

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its crea… [+2701 chars]

Want To Retire in 10 Years? Invest in These 2 Stocks

  • Heather Altamirano
  • Published date: 2025-08-24 13:26:09

If you’re planning to retire in 10 years but want to boost your nest egg, there’s still time. Having a solid plan and making the right investments can help

If youre planning to retire in 10 years but want to boost your nest egg, theres still time. Having a solid plan and making the right investments can help secure your financial future. While high-yiel… [+4764 chars]