cybersecurity – Noise

Voices of the Experts: What to Expect from Our Predictions Webinar

Rapid7 — Fri, 05 Dec 2025 14:02:10 +0000

Every year, Rapid7 brings together some of the most experienced minds in cybersecurity to pause, zoom out, and take stock of where the threat landscape is heading. Last year's predictions webinar sparked lively debate among practitioners, leaders, and ...

The State of Security Today: Setting the Stage for 2026

Rapid7 — Tue, 18 Nov 2025 16:07:34 +0000

As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, th...

More Prompt||GTFO

Bruce Schneier — Mon, 17 Nov 2025 12:05:07 +0000

The next three in this series on online events highlighting interesting uses of AI in cybersecurity are online: #4, #5, and #6. Well worth watching.

2025 Cybersecurity Predictions: How did we do?

Rapid7 — Wed, 05 Nov 2025 14:00:00 +0000

Every industry has their it’s-that-time-of-year-again rituals, and the cybersecurity industry is no different. The spring ushers in RSA, August is Hacker Summer Camp, October brings with it Cybersecurity Awareness Month — and, before we know it, it’s t...

A Cybersecurity Merit Badge

Bruce Schneier — Tue, 21 Oct 2025 11:07:34 +0000

Scouting America (formerly known as Boy Scouts) has a new badge in cybersecurity. There’s an image in the article; it looks good. I want one.

Apple’s New Memory Integrity Enforcement

Bruce Schneier — Tue, 23 Sep 2025 11:07:17 +0000

Apple has introduced a new hardware/software security feature in the iPhone 17: “Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired:

In recent years, a movement has been steadily growing across the global tech industry to address a ubiquitous and insidious type of bugs known as memory-safety vulnerabilities. A computer’s memory is a shared resource among all programs, and memory safety issues crop up when software can pull data that should be off limits from a computer’s memory or manipulate data in memory that shouldn’t be accessible to the program. When developers—even experienced and security-conscious developers—write software in ubiquitous, historic programming languages, like C and C++, it’s easy to make mistakes that lead to memory safety vulnerabilities. That’s why proactive tools like ...

I’m Spending the Year at the Munk School

Bruce Schneier — Fri, 22 Aug 2025 19:00:37 +0000

This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. (It’s not a real sabbatical—I’m just an adjunct—but it’s the same idea.) I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto.

I will be organizing a reading group on AI security in the fall. I will be teaching my cybersecurity policy class in the Spring. I will be working with Citizen Lab, the Law School, and the Schwartz Reisman Institute. And I will be enjoying all the multicultural offerings of Toronto...

AI Applications in Cybersecurity

Bruce Schneier — Wed, 13 Aug 2025 16:28:35 +0000

There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here’s where to register to attend, or participate, in the fourth. Some really ...

How UP Tombou Digitally Transformed with Nebosystems (Presented at InfoSec SEE 2025)

Dora — Mon, 14 Jul 2025 17:07:36 +0000

Discover how UP Tombou transformed its legacy IT systems with Nebosystems, achieving ISO 27001 compliance, enhanced security and operational resilience - featured at InfoSec SEE 2025.

White House Bans WhatsApp

Bruce Schneier — Thu, 26 Jun 2025 11:00:49 +0000

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of ...

Many voices, one community: Three themes from RSA Conference 2025

Anne Grahn — Thu, 05 Jun 2025 20:09:13 +0000

RSA Conference (RSAC) 2025 drew 730 speakers, 650 exhibitors, and 44,000 attendees from across the globe to the Moscone Center in San Francisco, California from April 28 through May 1. The keynote lineup was eclectic, with 37 presentations featuring speakers ranging from NBA Hall of Famer Earvin “Magic” Johnson to public and private-sector luminaries such as former […]

Introducing new regional implementations of Landing Zone Accelerator on AWS to support digital sovereignty

Max Peterson — Tue, 27 May 2025 22:00:05 +0000

Customers often tell me that they want a simpler path to meet the compliance and industry regulatory mandates they have in their geographic regions. In our deep engagements with partners and customers, we have learned that one of the greatest challenges for customers is the translation of security and compliance requirements into distinct technical controls. […]

Google’s Advanced Protection Now on Android

Bruce Schneier — Wed, 14 May 2025 11:03:40 +0000

Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users. Wired article, behind a paywall.

AWS expands Spain’s ENS High certification across 174 services

Daniel Fuertes — Thu, 08 May 2025 19:05:16 +0000

Amazon Web Services (AWS) has successfully renewed its Esquema Nacional de Seguridad (ENS) High certification under the latest framework established by Royal Decree 311/2022. This achievement demonstrates the continued dedication of AWS to meeting the stringent security requirements essential for serving Spanish government entities and public organizations. The ENS framework serves as the cornerstone of […]

Introducing the AWS Zero Trust Accelerator for Government

Derek Doerr — Tue, 06 May 2025 17:15:11 +0000

Government agencies face an unprecedented challenge when designing security against unauthorized access to IT infrastructure and data. Traditional perimeter-based security models—which rely on the assumption of trust within an organization’s network boundaries—are no longer sufficient. The wide adoption of bring-your-own-device (BYOD) and cloud-based resources requires adopting additional security measures beyond the traditional perimeter-based models. High-profile […]

AWS empowers global security culture at Wicked6 Cyber Games

Anne Grahn — Tue, 22 Apr 2025 16:31:17 +0000

Wicked6 Cyber Games 2025 brought hundreds of women together worldwide from March 28–30. This dynamic virtual competition, sponsored by Amazon Web Services (AWS), helped attendees tackle real-world cybersecurity challenges through e-sports experiences. With 72 hours of women talking about cybersecurity, 11 cybersecurity games, and an attack and defense tournament streamed live, the weekend-long event highlighted […]

Android Improves Its Security

Bruce Schneier — Tue, 22 Apr 2025 16:03:17 +0000

Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones.

CVE Program Almost Unfunded

Bruce Schneier — Wed, 16 Apr 2025 15:19:30 +0000

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute.

This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now...

Arguing Against CALEA

Bruce Schneier — Tue, 08 Apr 2025 11:08:13 +0000

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:

In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the “attack surface” that must be defended to prevent unauthorized wiretaps, especially at scale. The job of the illegal eavesdropper has gotten significantly easier, with many more options and opportunities for them to exploit. Compromising our telecommunications infrastructure is now little different from performing any other kind of computer intrusion or data breach, a well-known and endemic cybersecurity problem. To put it bluntly, something like Salt Typhoon was inevitable, and will likely happen again unless significant changes are made...

AWS completes the 2025 Cyber Essentials Plus certification

Tariro Dongo — Mon, 07 Apr 2025 22:00:50 +0000

Amazon Web Services (AWS) is pleased to announce the successful renewal of the United Kingdom Cyber Essentials Plus certification. The Cyber Essentials Plus certificate is valid for one year until March 21, 2026. Cyber Essentials Plus is a UK Government-backed, industry-supported certification scheme intended to help organizations demonstrate organizational cybersecurity against common cybersecurity threats. An […]