lemmydev2

arXiv:2504.11984v1 Announce Type: new Abstract: Zero Trust Architecture (ZTA) is one of the paradigm changes in cybersecurity, from the traditional perimeter-based model to perimeterless. This article studies the core concepts of ZTA, its beginning, a few use cases and future trends. Emphasising the always verify and least privilege access, some key tenets of ZTA have grown to be integration technologies like Identity Management, Multi-Factor Authentication (MFA) and real-time analytics. ZTA is expected to strengthen cloud environments, education, work environments (including from home) while controlling other risks like lateral movement and insider threats. Despite ZTA's benefits, it comes with challenges in the form of complexity, performance overhead and vulnerabilities in the control plane. These require phased implementation and continuous refinement to keep up with evolving organisational needs and threat landscapes. Emerging technologies, such as Artificial Intelligence (AI) and Machine Learning (ML) will further automate policy enforcement and threat detection in keeping up with dynamic cyber threats.

Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulnerabilities, more products, and more complex ecosystems. But one of the more telling metrics for CISOs is not just how many bugs were found — it’s how dangerous they were. In that regard, the data offers some good news. … More → The post Microsoft vulnerabilities: What’s improved, what’s at risk appeared first on Help Net Security.

Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. [...]

Zoom Communications Inc. said it restored service after an earlier outage affected tens of thousands of users, hobbling a communication system that’s become an essential business tool since the pandemic era.

Firm Failed to Close Outdated User Account, Waited 43 Days to Notify RegulatorsThe U.K. Information Commissioner's Office imposed a fine of 60,000 pounds against Liverpool-based law firm DDP Law for GDPR violations relating to a 2022 ransomware hack and data leak that exposed sensitive information including the details of its clients' cases.

Study reveals 92% of mobile apps use insecure cryptographic methods, exposing millions to data risks

Board Members Announce Launch of 'CVE Foundation' to Secure Program's FutureWarnings are being sounded over the risk to global cybersecurity posed by the imminent disruption or management shutdown of the Common Vulnerabilities and Exposures program. A fix could be forthcoming in the form of a new, stand-alone foundation, although its details and funding remain unclear.

A UK government survey of 2024 data shows phishing remains the top cyber threat, ransomware cases doubled, and fewer boards include cyber experts despite steady attack rates.

A letter from MITRE, dated April 15, 2025, has leaked online claimed to be revealed from a reliable source that the organization’s contract to support the Common Vulnerabilities and Exposures (CVE) program is due to expire today, April 16, 2025, potentially threatening the stability of a critical cybersecurity resource. The letter, addressed to CVE Board […] The post MITRE’s Support for CVE Program Set to Expire! – Internal Letter Leaked Online appeared first on Cyber Security News.

Regulatory compliance and data protection were the biggest cybersecurity challenges cited by UK financial organizations, according to a Bridewell survey

Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix pentest issues 94% of firms view pentesting as essential to their program. This captures the assurance role of pentesting and reflects the reality that‬ most breaches don’t occur because the victim had no defenses. Rather, the defenses they had‬ weren’t as solid as they thought.‬ ‭ It’s … More → The post 94% of firms say pentesting is essential, but few are doing it right appeared first on Help Net Security.