SonicWall acts after backup breach as state actors target cloud files
SonicWall has concluded an investigation into a security incident involving the unauthorised access of backup firewall configuration files…
#NewsBeep #News #Headlines #APISecurity #ChiefInformationOfficer(CIO) #DisasterRecovery(DR) #Firewalls #Latvia #LV #Mandiant #NetworkSecurity #Ransomware #SecurebyDesign #SecurityOperations #SonicWALL #Threatactors
https://www.newsbeep.com/262939/
"[SUNBURST] pushed us to think even more deeply about newer, emerging threats, resulting in Secure by Design, our pledge to set a new standard for trustworthy and secure software development across the industry."
#SudhakarRamakrishna, CEO, SolarWinds, 2025
This isn't an impressive or comforting as Ramakrishna seems to think. He's admitting their software wasn't secure by design from day 1. Nor in any of the years between 1999 and when they launched this #SecureByDesign reputation laundering.
🦃 Thanksgiving is coming up in the US. 🦃 What are you thankful for in software security? I wrote about the welcome progress on memory safety defects. What other areas are moving in the right direction? #SecureByDesign
I've been experimenting with implementing tactical Domain Driven Design patterns over the last few years. I have started documenting my experiences. This blog post is about a pattern I found in the book Secure by Design that I have been using since then: Domain Primitives.
https://katharina.damschen.net/post/2025-11-10-domain-primitives/
#ddd #domaindrivendesign #SecureByDesign #programming #softwaredevelopment #softwareengineering
About a year ago I attended a workshop held by Dan Bergh Johnsson and Daniel Deogun, authors of the book Secure By Design. They presented the topics of their book and on three additional occasions we met in smaller groups and had guided discussions on the topics. I like the mix of Domain Driven Design and cybersecurity a lot, it gave me a whole new perspective (and justification!) on why to apply Domain Driven Design. One concept I have been using extensively since I read the book is Domain Primitives and I want to share how I utilize it.
💚 Happy 2nd Birthday, Cryptomator Hub!
Two years of protecting data, empowering teams, and redefining secure collaboration.
See what’s new and what’s ahead in our anniversary blog post: https://cryptomator.org/blog/2025/11/02/hub-anniversary/?utm_source=mastodon&utm_medium=email&utm_campaign=hub-anniversary-2025
#Cryptomator #CryptomatorHub #Anniversary #DataSecurity #PrivacyMatters #TeamWork #CloudEncryption #OpenSourceCommunity #SecureByDesign
🤣
What's your most funniest #CybersecurityAwareness story?!
In honor of #CybersecurityAwarenessMonth we're offering 15% off your entire order with code NCSAM15 (min. $30).
Because your good security habits deserve it!!
Valid until Nov 1.
Shop here: https://buff.ly/L9VgUXq
#AppSecVillage #CyberSecurity #PhishingAwareness #SecureByDesign
During #CybersecurityAwarenessMonth, this one hits hard 👇
Flax Typhoon turned ArcGIS — a trusted geo-mapping app into a stealth backdoor that lived for a year.
No malware, no exploit. Just weak creds + blind trust.
#SecureByDesign isn’t a slogan. It’s survival!
Article via Dark Reading🔗 https://www.darkreading.com/application-security/chinas-flax-typhoon-geo-mapping-server-backdoor
I'm joining @cheri_alliance@cheri_alliance@infosec.exchange as an ambassador, working to transform cybersecurity at its foundation.
Memory safety bugs cause 70% of cyber vulnerabilities, leading to disasters like OpenSSL Heartbleed and the 2024 CrowdStrike outage ($5.4 billion in losses). CHERI technology, developed over 15 years by Cambridge University and SRI International, prevents these attacks through hardware-enforced memory protection rather than endless software patches.
The momentum is extraordinary. The UK government invested £80 million alongside £200 million from industry, with backing from DSIT, NCSC/GCHQ, DSTL, and DARPA. Industry giants Google, Microsoft, and Arm have joined alongside BT Group and Siemens, recognizing that hardware-level security is no longer optional.
I'm particularly excited about our working groups porting critical operating systems to CHERI. FreeBSD, FreeRTOS, Zephyr, and seL4 have all been ported to run on CHERI hardware, with teams actively developing and maintaining these implementations. This ecosystem work ensures CHERI can protect everything from embedded IoT devices to enterprise servers, making memory safety accessible across the entire computing stack.
Microsoft found CHERI would have prevented two-thirds of their 2019 vulnerabilities. The technology is practical too – existing software often needs less than 0.03% code changes to become memory-safe. As we deploy AI and connect critical infrastructure, we can't afford to keep patching symptoms. CHERI addresses the root cause.
Join us in building secure-by-design systems. The Alliance welcomes all who share this vision. Let's stop playing defense and fundamentally solve memory safety.
We’re honored to have Adam Shostack delivering a keynote at OWASP Global AppSec US 2025!
📅 November 3–7, 2025 in Washington, D.C.
💻 Training: Nov 3–5 | Conference: Nov 6–7
👉 Register to attend today: https://owasp.glueup.com/event/131624/register/
Adam is one of the world’s leading experts on threat modeling and secure by design.
His keynote is a must-see for anyone serious about building more secure systems.
#OWASP #AppSec #Cybersecurity #Infosec #WashingtonDC #ThreatModeling #SecurebyDesign
File transfer used to be simple fun - fire up your favourite FTP client, log in to a glFTPd site, and you were done. Fast forward to 2025, and the same act requires a procurement team, a web interface, and a vendor proudly waving their Secure by Design pledge. Ever
News Beep
Strypey
Bob Lord 🔐 
Katharina Damschen
Cryptomator
App Sec Village
Minsoo Choo 
OWASP Foundation
N-gated Hacker News