PacketNut; Confessions of an Enterprise Information Security Architect

A blog for Security Architects, CISOs and anyone else responsible for protecting their organisation's information assets

Useful Info

  • Home
  • Companies that interest me

Thursday, 26 December 2019

12 Threat Modelling Techniques

https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html

Posted by Tony Brown at 07:39 2 comments:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

Friday, 20 December 2019

Zero Trust

https://www.ncsc.gov.uk/blog-post/zero-trust-architecture-design-principles

Posted by Tony Brown at 06:19 No comments:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Security News

  • Latest news and stories from BleepingComputer.com
    New critical Exim mailer flaw allows remote code execution
    4 hours ago
  • The Register - Security
    Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs
    4 hours ago
  • Cisco Blog
    Our Path Forward
    4 hours ago
  • The Hacker News
    Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
    11 hours ago
  • Security Boulevard
    EU AI Act Compliance Starts With AI Governance | Kovrr
    11 hours ago
  • Schneier on Security
    OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
    14 hours ago
  • Krebs on Security
    Patch Tuesday, May 2026 Edition
    1 day ago
  • Troy Hunt
    Welcoming the Bangladesh Government to Have I Been Pwned
    2 days ago
  • Latest topics for ZDNet in Security
    I stopped using a smart plug with these 5 common household devices - here's why
    2 days ago
  • Techdirt.
    This Week In Techdirt History: May 3rd – 9th
    4 days ago
  • IBTimes.co.uk : Technology
    Will Charlie Cox' Daredevil Be in 'Spider-Man: Brand New Day'? Fans Speculate After Season 2 Finale
    4 days ago
  • Cybercrime | The Guardian
    Cyber-attack on system widely used in US education disrupts final exams
    5 days ago
  • Graham Cluley
    One in eight UK workers has sold their company passwords, and bosses think it’s fine
    5 days ago
  • SecurityWeek RSS Feed
    In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
    5 days ago
  • Cybercrime Magazine
    Why The CISO Role Is Becoming More Demanding In 2026
    5 days ago
  • IT SECURITY GURU
    Pentest-Tools.com Releases Free Scanner for CVE-2026-41940 as cPanel Authentication Bypass Enters Its Third Week of Active Exploitation
    5 days ago
  • ComputerWeekly: IT security
    A new frontier: Identity stack evolves for agentic systems
    5 days ago
  • Risky Business
    Mythos smythos! How to find 0day with lesser models
    5 days ago
  • SearchSecurity: Security Wire Daily News
    How cyber insurance helped with breach recovery -- or not
    1 week ago
  • Daniel Miessler
    Most Companies Aren't Anywhere Near Ready for AI
    1 week ago
  • Google Online Security Blog
    AI threats in the wild: The current state of prompt injections on the web
    2 weeks ago
  • EFF Press Releases
    EFF Sues DHS and ICE For Records on Subpoenas Seeking to Unmask Online Critics
    3 weeks ago
  • NCSC Site
    Provisioning and managing certificates in the Web PKI
    5 months ago
  • Cybersecurity Zen
    How to Choose a Philly Trucking Job: Bridges & Tolls, Tight Docks, Warehouse Hotspots
    7 months ago
  • Hacker Combat - Cyber Security and Hacking News | HackerCombat
    Snowflake Data Breach: What Happened and How to Prevent It
    9 months ago
  • Cybersecurity Insiders
    Catfishing via ChatGPT: A Deep Cybersecurity Concern
    11 months ago
  • Security Intelligence
    How to craft a comprehensive data cleanliness policy
    1 year ago
  • Cybersecurity
    We're buying the recent dips on 2 stocks in the most oversold market in over a year
    1 year ago
  • Motherboard US - Hacking US
    The Teenager Who Lived a Secret Double Life as a Millionaire Crypto Bandit
    1 year ago
  • Latest Security Articles from ComputerworldUK
    Kill meetings (before meetings kill your company)
    2 years ago
  • Errata Security
    C can be memory safe, part 2
    2 years ago
  • Dark Reading:
    The Role of the CISO in Digital Transformation
    2 years ago
  • Light Reading:
    Energy- and Space-Efficient Security in Telco Networks
    2 years ago
  • News – SC Media
    New AI phishing tool FraudGPT tied to same group behind WormGPT
    2 years ago
  • CSO Online
    Most popular generative AI projects on GitHub are the least secure
    2 years ago
  • Softpedia News / Security
    Google Expands End-to-End Encryption for Gmail on the Web
    3 years ago
  • Threatpost | The first stop for security news
    Student Loan Breach Exposes 2.5M Records
    3 years ago
  • DDoS Attacks
    Link11 Discovers Record Number of DDoS Attacks in First Half of 2021
    4 years ago
  • Feedspot Blog
    Top 5 Ayurveda Forums, Discussions, Message Boards To Follow in 2021
    4 years ago
  • Computer Business Review
    Network transformation: The foundation for digital business
    5 years ago
  • RSA Conference Blog
    A WORD OF CAUTION: AVOID SCAMMERS CLAIMING TO HAVE THE RSAC ATTENDEE LIST
    5 years ago
  • Bad Packets Report
    Over 3,000 F5 BIG-IP endpoints vulnerable to CVE-2020-5902
    5 years ago
  • Ars Technica » Risk Assessment
    What the newly released Checkra1n jailbreak means for iDevice security
    6 years ago
  • US-CERT Tips
    Privacy and Mobile Device Apps
    6 years ago
  • Infosecurity Europe Blog
    Infosecurity Magazine takes over Infosecurity North America 2018
    7 years ago
  • CRN
    WATCH: Digital Guardian Exec On How Its Move To The Cloud Benefits Partners
    7 years ago
  • SecurityRoundTable.org
    Why A ‘Cloud Architect’ Should Be on Your Hiring Agenda
    8 years ago
  • WIRED » Threat Level
    Feds Charge NSA Contractor Accused of Exposing Russian Hacking
    8 years ago
  • Security | The Silicon Review
    Is it true that internet has penetrated only to handful of the Indian population?!
    9 years ago
  • Latest articles from SC Magazine UK
    400% increase in POS malware variants across US Thanksgiving weekend
    9 years ago
  • Forbes - Security
    Slice Offers On-Demand Insurance To Cover Home Sharing Hell
    9 years ago
  • Blog - devsecops
    Securing the Continuous Integration Continuous Deployment (CICD) Pipeline
    9 years ago
  • AlienVault Blogs
Show 10 Show All

Vendors

  • Palo Alto Networks Blog
    Beyond the Frontier — Expanding the Ecosystem for Autonomous Defense
    6 hours ago
  • Rapid7 Blog
    Metasploit Wrap-Up 05/08/2026
    5 days ago
  • Varonis Blog
    Canvas Attackers Compromise 275M Students, Teachers, and Staff
    5 days ago
  • Tenable Blog
    Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain
    5 days ago
  • SentinelOne
    The Good, the Bad and the Ugly in Cybersecurity – Week 19
    5 days ago
  • Malwarebytes Unpacked
    Microsoft says Edge’s plaintext password behavior is “by design”
    5 days ago
  • Centrify Cloud Service Status - Incident History
    Secret Server Cloud Patch - CA, UK, US
    5 days ago
  • Recorded Future
    A Complete History of Cybersecurity: From Early Viruses to AI-Powered Threats
    6 days ago
  • CloudFlare
    Building for the future
    6 days ago
  • AWS Security Blog
    ICYMI: April 2026 @AWS Security
    6 days ago
  • We Live Security » Languages » English
    Fake call logs, real payments: How CallPhantom tricks Android users
    6 days ago
  • Imperva Cyber Security Blog
    Your Redis Server Looks Fine. That’s the Problem.
    1 week ago
  • The Akamai Blog
    Akamai Cloud Is Built for What Cloud Has Become (Updated May 2026)
    1 week ago
  • Cisco Blog » Security
    Security Insights: A Threat-First View for the Platform That Enforces Access
    1 week ago
  • Heimdal Security Blog
    Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment
    3 weeks ago
  • Arbor Networks Threat Intelligence
    The Winter Games Effect: When Gold Meets DDoS
    5 weeks ago
  • Packet Pushers - Briefings In Brief
    Tech Bytes: Build Your Automation Foundation on Infrahub’s Data Management Platform (Sponsored)
    1 month ago
  • TaoSecurity
    Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days
    1 month ago
  • CyberArk
    Identity governance gaps: How AI profiles move security beyond the label
    2 months ago
  • ThreatConnect | Enterprise Threat Intelligence Platform
    Iranian Conflict Intelligence Dashboard Immediately Available for ThreatConnect
    2 months ago
  • ClearSky Cybersecurity
    Exposing a Russian Campaign Targeting Ukraine Using New Malware Duo: BadPaw and MeowMeow
    2 months ago
  • Check Point Blog
    AI Has Become the New Enterprise Perimeter — and Gemini 3 Pro Just Proved It
    5 months ago
  • Darktrace Blog
    Darktrace Recognized as the Only Visionary in the 2025 Gartner® Magic Quadrant™ for CPS Protection Platforms
    1 year ago
  • Darktrace Blog
    Darktrace Recognized as the Only Visionary in the 2025 Gartner® Magic Quadrant™ for CPS Protection Platforms
    1 year ago
  • Fooling the Interpreter
    Bypassing Whitelists With XSS Payloads in Attributes
    1 year ago
  • Liquidmatrix Security Digest
    Liquidmatrix Security Digest Podcast – Episode 7E
    1 year ago
  • Postmodern Security
    Let’s Stop the Security Shaming
    1 year ago
  • Errata Security
    C can be memory safe, part 2
    2 years ago
  • Naked Security
    Update on Naked Security
    2 years ago
  • Anomali Blog
    Anomali Cyber Watch: Cadet Blizzard - New GRU APT, ChamelDoH Hard-to-Detect Linux RAT, Stealthy DoubleFinger Targets Cryptocurrency
    2 years ago
  • Securosis Highlights
    The THIRTEENTH Annual Disaster Recovery Breakfast: Changing of the Guard
    3 years ago
  • blog.trendmicro.co.uk
    Delivering visibility, control and simplified security to Bathgate Group
    4 years ago
  • TrendLabs Security Intelligence Blog
    Finest Free Torrenting VPNs
    4 years ago
  • AlienVault Blogs
    This feed has moved and will be deleted soon. Please update your subscription now.
    4 years ago
  • Carbon Black
    VMware Carbon Black Delivers High-Fidelity Insight at Every Step of MITRE Engenuity ATT&CK® Evaluation
    5 years ago
  • CipherCloud
    CipherCloud and Lookout Blaze a New Path Together – Redefining Security from Endpoint to Cloud
    5 years ago
  • Inside The Threat Blog by Lancope
    This feed has moved and will be deleted soon. Please update your subscription now.
    5 years ago
  • Skybox Security Blog – Cybersecurity from The Skybox View
    Salt Vulnerabilities Exploited with Targeted Cryptomining Attack on DigiCert
    5 years ago
  • Zscaler Research
    Frenchy – Shellcode in the Wild
    6 years ago
  • Cisco Blog » Threat Research
    C2 With It All: From Ransomware To Carding
    6 years ago
  • Preempt Blog
    Why Insider Threat Denial is Everyone’s Problem
    6 years ago
  • Network Security Blog
    Lucky Break
    7 years ago
  • Threat Research
    BIOS Boots What? Finding Evil in Boot Code at Scale!
    7 years ago
  • Threat Intelligence
    Lojack Becomes a Double-Agent
    8 years ago
  • Fortinet Blog
    Securing the Network: What Three Key Verticals Require
    8 years ago
  • Cyphort
    Equifax Breach: The News We All Dreaded to Hear.
    8 years ago
  • Speaking of Security - The RSA Blog and Podcast
    A Security Decision – Build or Buy
    8 years ago
  • Metasploit
    Metasploit Wrapup
    8 years ago
  • Threat Geek
    Reducing Detection from Months to Minutes: Detecting Credentials in the Clear
    9 years ago
  • Lockheed Martin Cybersecurity Blog
    How Threat Intelligence Can Increase an Organization’s Cybersecurity Maturity
    9 years ago
  • iSIGHT Partners
    ThreatScape Media Highlights Update – Week Of June 8th
    9 years ago
  • LogRhythm: The Dialog - The Security Intelligence Company
    Getting Started with Threat Intelligence
    10 years ago
  • IBM Internet Security Systems Internet Threat Information
    Multiple Adobe Flash Player code execution vulnerabilities
    11 years ago
  • Cylance Blog
  • Farsight Security Blog
  • Our Blog | Core Security
  • Comments on: The Top 10 AlgoSec Blog Posts From 2018
  • Trustwave Newsroom
Show 10 Show All

Blog Archive

  • ►  2020 (2)
    • ►  May (2)
  • ▼  2019 (35)
    • ▼  December (2)
      • 12 Threat Modelling Techniques
      • Zero Trust
    • ►  November (2)
    • ►  October (6)
    • ►  September (5)
    • ►  August (1)
    • ►  June (1)
    • ►  February (4)
    • ►  January (14)
  • ►  2018 (4)
    • ►  December (2)
    • ►  September (1)
    • ►  April (1)
  • ►  2017 (6)
    • ►  August (5)
    • ►  July (1)
  • ►  2016 (1)
    • ►  January (1)
  • ►  2015 (4)
    • ►  September (4)
  • ►  2013 (3)
    • ►  April (1)
    • ►  March (1)
    • ►  February (1)

About Me

Tony Brown
Enterprise Security Solutions Architect at global service provider. CCIE #8767. CISSP. Chartered Engineer. MSc. in Information Security. CCDE 2011:6 Chartered IT Professional. Member of the Institute of Information Security Professionals. Blah blah blah
View my complete profile
Awesome Inc. theme. Powered by Blogger.