Cyber security is complex. But effective cyber solutions do not need to be complex and very expensive.Simplifying your security landscape is not simple, it means rethinking your strategy and re prioritizing objectives. The perfect solution to reduce security risks to zero does not exist. But using and creating a security architecture helps with reducing and managing your risks. A good way to really speed up creating your solution architecture is to use this reference architecture as the basis.
1 The Epochalypse Project
Great initiative to solve a real technical vulnerability affecting systems we rely on daily—from hospital equipment to power grids, from banking systems to transportation networks. This vulnerability is embedded in the fundamental architecture of our digital infrastructure. It the Y2K thing but than with far more impact if not solved in time. So solve and prevent this Digital Time Bomb. Join the forces and take action now!
(Link)
2 A Platform for Evaluating the Security of Code GenAI
GenAI is trending. Also privacy and security concerns are rising with the use of AI and LLMs. This scientific paper is worth reading if you want keep up to date with cyber security and AI.
(Link)
3 Build an AI Ransomware Worm
It’s coming. Ransomware is a true nightmare. Created with AI is even more horrifying. Many LLMs should not be trusted by default. It may contain malware. A nice experiment to think about preventive measurements before downloading and using small local FOSS LLMs!
(Link)
4 The First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot
We spent decades dealing with SQL injection attacks. We should not spent decades before we have a solid answer to deal with AI vulnerabilities. The CVE published by MS does not tell the complete story. The risks are always present, but limited when using AI agents from trusted (or not trusted!) companies on your network. The real question is about transparency: How are these kinds of vulnerabilities prevented by design?
(Link)
5 How to Solve Cybersecurity Once and For All
Is developing increasingly better security tools and processes the solution? I advocate for shift left and doing the simple things good. This is a nice read to get your security brain out of the comfort zone. Which should be done minimal once a week. But in the article I miss some emphases on prevention and a search for solutions that are not technical at all. These are most of the time far more effective than another technical solution.
6 IoT Security By Design
Security By Design should be practiced in all domains. So also for the automotive industry. Modern vehicles are becoming increasingly connected and can be viewed as complex electronic devices. This short article of Siemens gives a insight in how they practice Security By Design for the automotive systems. They use the IoTSF Secure Design guide.
(Link)
7 Agentic Misalignment: How LLMs could be insider threats
Great write-up from one of the largest companies in this space. So more reasons not to use agents with autonomous behaviors. I love simple , so 1) Never use AI to think for you 2) Never use AI to do autonomous work
(Link)
8 Why do we need DNSSEC?
This is a fantastic read about DNSsec. If facts, it’s no read but a comic! But if the threat model is BGP hijacking, you should think about if DNSSEC actually the answer? We should do more about the hidden infrastructure that runs the internet nowadays, like Cloudfare, Akamai and other companies that deliver CDN and other “dark-patterns” on large scale to companies to make them more ‘secure’. DNSsec is not the answer to everything of course. But we must do better in 2025 than we do now!
(Link)
9 Websites Are Tracking You Via Browser Fingerprinting
There are still people who think that deleting ‘cookies’ prevents tracing. This was 15 years ago. This research is a must read to be aware again about the massive tracking we face when visiting websites.
(Link)
Our partners:
The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.