Security Boulevard

Singapore, Singapore, 29th September 2025, CyberNewsWire

The post ThreatBook Launches Best-of-Breed Advanced Threat Intelligence Solution appeared first on Security Boulevard.

Episode 400! In this special milestone edition of the Shared Security Podcast, we look back at 16 years of conversations on security, privacy, and technology. From our very first episodes in 2009 to today’s AI-driven threats, we cover the topics that defined each era, the surprises along the way, and the lessons that still matter. […]

The post Milestone Episode 400: Reflecting on 16 Years of Shared Security appeared first on Shared Security Podcast.

The post Milestone Episode 400: Reflecting on 16 Years of Shared Security appeared first on Security Boulevard.

What Makes Non-Human Identities Crucial in Cloud Security? How do organizations manage the unique challenges posed by non-human identities? Non-human identities (NHIs) are critical components of robust security strategies. Conceived as virtual entities consisting of encrypted passwords, tokens, or keys—collectively known as “secrets”—NHIs resemble the role of a passport, with permissions acting as visas granted […]

The post Feel Secure: Advanced Techniques in Secrets Vaulting appeared first on Entro.

The post Feel Secure: Advanced Techniques in Secrets Vaulting appeared first on Security Boulevard.

How Can Organizations Adapt Their Security Strategies for Hybrid Cloud Environments? Organizations face unique challenges while managing their hybrid clouds. But how can they efficiently adapt their security strategies to maintain robust protection? Hybrid cloud security has become a crucial component of modern business operations, requiring adaptable strategies that address multifaceted security concerns. One of […]

The post Adapting Your Security Strategy for Hybrid Cloud Environments appeared first on Entro.

The post Adapting Your Security Strategy for Hybrid Cloud Environments appeared first on Security Boulevard.

Why Are Non-Human Identities Crucial for Cybersecurity? How do organizations ensure the security of machine identities? Non-Human Identities (NHIs) provide a compelling answer, offering a structured approach to managing machine identities and secrets securely. NHIs are critical components in cybersecurity, often overlooked due to the complexity they introduce, but they are indispensable, particularly for cloud-based […]

The post Continuous Improvement in Secrets Management appeared first on Entro.

The post Continuous Improvement in Secrets Management appeared first on Security Boulevard.

Creator, Author and Presenter: Phillip Ward, Canva

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: PEPR ’25 – Enterprise-Scale Privacy For AI: How Canva Scaled Customer Control Of Data For AI Training appeared first on Security Boulevard.

From water systems to the electric grid, critical infrastructure has been under threat for decades. But 2025 cyber attacks against airports are different. Here’s why.

The post Cyber Incidents Take Off: Europe’s Airports Join a Growing List appeared first on Security Boulevard.

Why Are Non-Human Identities the Key to Proactive Compliance in Cloud Security? Where data breaches and cyber threats have become a pressing concern, how are organizations safeguarding their digital assets? The answer lies in the strategic management of Non-Human Identities (NHIs) and secrets security management. With the cloud being central to modern business operations, effective […]

The post Proactive Compliance: A New Era in Cloud Security appeared first on Entro.

The post Proactive Compliance: A New Era in Cloud Security appeared first on Security Boulevard.

How Can Scalable Security Transform Your Business? Where businesses rapidly migrate to the cloud, scalability in security is more crucial than ever. Enterprises must adapt their cybersecurity strategies to protect sensitive data and manage machine identities efficiently. Enter the concept of Non-Human Identities (NHIs), a cornerstone in building scalable security solutions for cloud-native environments. Understanding […]

The post Building Scalable Security with Cloud-native NHIs appeared first on Entro.

The post Building Scalable Security with Cloud-native NHIs appeared first on Security Boulevard.

Why Are Non-Human Identities the Unsung Heroes of Asset Security? Where digital transformation drives business innovation, the necessity for robust asset security strategies is paramount. But here’s a question often overlooked: How do organizations manage and protect the vast array of machine identities—commonly referred to as Non-Human Identities (NHIs)—in their cybersecurity architectures? These NHIs are […]

The post Securing Your Assets: Strategies That Work Every Time appeared first on Entro.

The post Securing Your Assets: Strategies That Work Every Time appeared first on Security Boulevard.

Creators, Authors and Presenters: Norman Sadeh And Lorrie Cranor, Carnegie Mellon University

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: PEPR ’25 – UsersFirst: A User-Centric Threat Modeling Framework For Privacy Notice And Choice appeared first on Security Boulevard.

Learn everything about Risk-Based Authentication (RBA): its benefits, implementation, and future trends. Enhance your application security with this comprehensive guide.

The post Complete Guide to Understanding Risk-Based Authentication appeared first on Security Boulevard.

We have witnessed a surge in cloud adoption and data exposures, with a similar trajectory. A cloud security report highlights that 95% of organizations experienced cloud-related breaches in an 18-month period. Among them, 92% of breaches exposed sensitive data. It is important to note that most incidents do not germinate from exploits that fall under […]

The post Cloud Posture for Lending Platforms: Misconfigurations That Leak PII appeared first on Kratikal Blogs.

The post Cloud Posture for Lending Platforms: Misconfigurations That Leak PII appeared first on Security Boulevard.

China has implemented regulations for 1-hour reporting of severe cybersecurity incidents. This would include disruptions that impact over 50% of the people in a province or 10 million people, such as critical infrastructure attacks.

The irony is that China is recognized for its advanced and aggressive foreign cyber operations. But there is brilliance in this requirement. China has an excellent perspective in how such attacks can be used to disrupt adversaries and push foreign policy. It doesn’t want to suffer in ways that other nations might and therefore is improving its response and recovery capabilities.

In contrast, when the US SEC required public companies to report material outages within 4 days beginning in 2025, there was upheaval with some cybersecurity leaders, stating that it was impossible or at the very least irresponsible. They lobbied Congress to repeal the requirements. Since the regulation took effect, no major issues have arisen from the 4-day requirement.

The vast majority of US critical infrastructure is operated by private industry and concealing cybersecurity compromises only benefits the attackers.

The Cybersecurity and Infrastructure Security Agency (CISA) is also looking to update rules specifically for US critical infrastructure, mandating a 72-hour notification, but the final rule may not be published until mid-2026.

China knows something and realizes the importance of early reporting. Even the most aggressive US reporting proposals falls far short of the 1-hour requirement in China.

I hope my peers will remain calm, realize the necessity, and support early notification in the US.

The post China Prepares for Cyberattacks appeared first on Security Boulevard.

IntroductionOn September 25, 2025, Cisco released a security advisory to patch three security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software, which have been exploited in the wild. These three vulnerabilities are tracked as CVE-2025-20333, CVE-2025-20362, and CVE-2025-20363. The sophisticated state-sponsored campaign has been actively exploiting these critical zero-day vulnerabilities since May 2025. The campaign, attributed to UAT4356/Storm-1849 (linked to China-based threat actors), represents a significant evolution of the ArcaneDoor attack methodology, employing advanced persistence mechanisms that survive device reboots and firmware upgrades. The attack leverages a URL path-normalization flaw that can bypass session verification for protected Clientless SSL VPN (WebVPN) endpoints, as well as a heap buffer overflow in the WebVPN file-upload handler, which can result in information disclosure.Of the three vulnerabilities, CVE-2025-20363 and CVE-2025-20362 do not require authentication, while CVE-2025-20333 does require authentication. All three vulnerabilities operate over HTTP(S), targeting the web services running on vulnerable devices.The Cybersecurity & Infrastructure Security Agency (CISA) released an emergency directive outlining urgent requirements and mitigation steps for organizations: ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices.Affected VersionsThe following Cisco ASA 5500-X Series models, running Cisco ASA Software Release 9.12 or 9.14 with VPN web services enabled and without Secure Boot and Trust Anchor technologies, are susceptible to attacks:5512-X and 5515-X5525-X, 5545-X, and 5555-X5585-XRecommendationsFor CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363Identify all Cisco ASA/FTD devices: Compile a complete inventory of all ASA and FTD devices deployed in your organization’s infrastructure.Apply the patch: Cisco released a patch to address these vulnerabilities on all ASA, ASAv, and FTD devices.Perform threat hunting: Follow CISA’s Core Dump and Hunt Instructions Parts 1–3 for public-facing ASA devices and federal agencies are instructed to submit core dump results via the Malware Next Gen Portal by 11:59 PM EDT on September 26, 2025. Although CISA mandates this guidance for federal agencies, it strongly recommends that all organizations follow the outlined steps.If compromise is detected, immediately disconnect the device from the network (do not power off) and report the incident to CISA. In cases of suspected or confirmed compromise on any Cisco ASA device, Cisco recommends that all configurations – especially local passwords, certificates, and keys – be replaced after the upgrade to a fixed release. You should reset the device to factory default after the upgrade to a fixed release and then reconfigure the device from scratch with new passwords, and re-generate certificates and keys.If compromise is NOT detected, continue with patching and additional mitigation efforts.Ensure ongoing updates for existing devices: For ASA hardware models with an EoS date after August 31, 2026, as well as ASAv and Firepower FTD appliances, download and apply the latest Cisco-provided software updates by 11:59 PM EDT on September 26, 2025, and ensure all subsequent updates are applied within 48 hours of release via Cisco’s download portal.AttributionUAT4356 is a well-resourced, China-aligned threat actor specializing in perimeter device exploitation. The group targeted older Cisco ASA 5500-X appliances such as models 5512-X, 5515-X, 5525-X, 5545-X, 5555-X, and 5585-X, running ASA software versions 9.12 or 9.14 with exposed VPN web services. All targeted devices, nearing or past their September 30, 2025 EoS dates, lacked secure boot protections, which made them vulnerable to firmware manipulation.In 2024, UAT4356 was observed exploiting two ASA/FTD zero-day vulnerabilities (CVE-2024-20353 and CVE-2024-20359) to deploy Line Runner and Line Dancer malware.How it worksAs reported by Cisco, the initial investigation started in May 2025, revealing that attackers exploited multiple zero-day vulnerabilities and employed advanced evasion techniques such as disabling logging, intercepting CLI commands, and intentionally crashing devices to prevent diagnostic analysis. The attackers have been observed delivering the following malware families: RayInitiator: Advanced bootkit targeting Cisco ASA 5500-X devices, providing attackers with persistence through GRUB bootloader modifications and direct manipulation of core system binaries.LINE VIPER: Modular payload system that enables attackers to execute commands, capture network traffic, bypass authentication, suppress logs, and clear traces using encrypted communication via WebVPN sessions and ICMP channels. It includes anti-forensic capabilities, such as forced reboots during core dumps, ensuring stealth and precision targeting.Possible ExecutionReconnaissance: Extensive scanning of internet-facing ASA/FTD devices, particularly WebVPN/HTTPS interfaces, as reported by GreyNoise with two major spikes in late August involving over 25,000 unique IPs.Initial Access: Abuse of CVE-2025-20362 (WebVPN authentication bypass) to access vulnerable execution pathways.Exploitation: Use of CVE-2025-20333 and related bug chains to exploit buffer/heap overflow vulnerabilities, achieving remote or semi-authenticated code execution within the ASA process context.Privilege Escalation and Memory Execution: Deploy Line VIPER shellcode in ASA userland, enabling attackers to execute arbitrary commands and loaders.Persistence: Flash RayInitiator bootkit into ROMMON, allowing attackers to maintain firmware-level persistence that survives reboots and updates.Post-Exploitation: Packet capture, configuration dumps, backdoor account creation, exfiltration of configs/logs, and systematic disabling of logging mechanisms.Command-and-control (C2) Communication: Utilize WebVPN/HTTPS sessions or ICMP channels with victim-specific encryption keys to manage implants.Anti-Forensics: Suppress syslog entries, tamper with diagnostic counters, intercept CLI commands, and crash devices to obstruct forensic analysis.Exploit Chaining: Attackers combine CVE-2025-20362 for login bypass with CVE-2025-20333 for code execution.Targeting EoS Devices: Focus on ASA 5500-X series devices running ASA firmware versions 9.12 or 9.14, which are nearing or past their end-of-support (EoS) dates.Defensive Evasion: Systematic suppression of security logs (specific syslog IDs), forced reboots, and interception of CLI commands to erase traces of activity.No Evidence of Lateral Movement: Intruders appear focused solely on espionage and data extraction from perimeter devices, without leveraging compromised ASAs for further network intrusion.Attack ChainFigure 1: Diagram depicting the attack chain associated with Cisco ASA devices.How Zscaler Can HelpZscaler’s cloud native zero trust network access (ZTNA) solution gives users fast, secure access to private apps for all users, from any location. Reduce your attack surface and the risk of lateral threat movement—no more internet-exposed remote access IP addresses, and secure inside-out brokered connections. Easy to deploy and enforce consistent security policies across campus and remote users.Zscaler Private Access™ (ZPA) allows organizations to secure private app access from anywhere. Connect users to apps, never the network, with AI-powered user-to-app segmentation. Prevent lateral threat movement with inside-out connections.Deploy comprehensive cyberthreat and data protection for private apps with integrated application protection, deception, and data protection.Figure 2: VPN vulnerabilities open doors to cyber threats, protect against these risks with Zero Trust architecture.Zero trust is a fundamentally different architecture than those built upon firewalls and VPNs. It delivers security as a service from the cloud and at the edge, instead of requiring you to backhaul traffic to complex stacks of appliances (whether hardware or virtual). It provides secure any-to-any connectivity in a one-to-one fashion; for example, connecting any user directly to any application. It does not put any entities on the network as a whole, and adheres to the principle of least-privileged access. In other words, with zero trust, security and connectivity are successfully decoupled from the network, allowing you to circumvent the aforementioned challenges of perimeter-based approaches. Zero trust architecture:Minimizes the attack surface by eliminating firewalls, VPNs, and public-facing IP addresses, allowing no inbound connections, and hiding apps behind a zero trust cloud.Stops compromise by leveraging the power of the cloud to inspect all traffic, including encrypted traffic at scale, in order to enforce policies and stop threats in real-time.Prevents lateral threat movement by connecting entities to individual IT resources instead of extending access to the network as a whole.Blocks data loss by enforcing policies across all potential leakage paths (including encrypted traffic), protecting data in motion, data at rest, and data in use.Additionally, zero trust architecture overcomes countless other problems associated with firewalls, VPNs, and perimeter-based architectures by enhancing user experiences, decreasing operational complexity, saving your organization money, and more. Zscaler ThreatLabz recommends our customers implement the following capabilities to safeguard against these type of attacks:Safeguard crown jewel applications by limiting lateral movement using Zscaler Private Access to establish user-to-app segmentation policies based on the principles of least privileged access, including for employees and third-party contractors.Limit the impact from a potential compromise by restricting lateral movement with identity-based microsegmentation.Prevent private exploitation of private applications from compromised users with full in-line inspection of private app traffic with Zscaler Private Access.Use Advanced Cloud Sandbox to prevent unknown malware delivered in second stage payloads.Detect and contain attackers attempting to move laterally or escalate privileges by luring them with decoy servers, applications, directories, and user accounts with Zscaler Deception.Identify and stop malicious activity from compromised systems by routing all server traffic through Zscaler Internet Access.Restrict traffic from critical infrastructure to an “allow” list of known-good destinations.Ensure that you are inspecting all SSL/TLS traffic, even if it comes from trusted sources.Turn on Advanced Threat Protection to block all known command-and-control domains.Extend command-and-control protection to all ports and protocols with the Advanced Cloud Firewall, including emerging C2 destinations.Best PracticesFollow CISA DirectivesTimely compliance with CISA’s Emergency Directive on Cisco Vulnerabilities is critical for minimizing the impact of these vulnerabilities.Implement zero trust architecture Enterprises must rethink traditional approaches to security, replacing vulnerable appliances like VPNs and firewalls. Implementing a true zero trust architecture, fortified by AI/ML models, to block and isolate malicious traffic and threats is a critical foundational step. Prioritize user-to-application segmentation where you are not bringing users on the same network as your applications. This provides an effective way to prevent lateral movement and keep attackers from reaching crown jewel applications. Proactive Measures to Safeguard Your EnvironmentIn light of the recent vulnerabilities affecting CISCO, it is imperative to employ the following best practices to fortify your organization against potential exploits.Minimize the attack surface: Make apps (and vulnerable VPNs) invisible to the internet, and impossible to compromise, ensuring an attacker can’t gain initial access.Prevent initial compromise: Inspect all traffic in-line to automatically stop zero-day exploits, malware, or other sophisticated threats.Enforce least privileged access: Restrict permissions for users, traffic, systems, and applications using identity and context, ensuring only authorized users can access named resources.Block unauthorized access: Use strong multi-factor authentication (MFA) to validate user access requests.Eliminate lateral movement: Connect users directly to apps, not the network, to limit the blast radius of a potential incident.Shutdown compromised users and insider threats: Enable inline inspection and monitoring to detect compromised users with access to your network, private applications, and data.Stop data loss: Inspect data in motion and data at rest to stop active data theft during an attack.Deploy active defenses: Leverage deception technology with decoys and perform daily threat hunting to derail and capture attacks in real-time.Cultivate a security culture: Many breaches begin with compromising a single user account via a phishing attack. Prioritizing regular cybersecurity awareness training can help reduce this risk and protect your employees from compromise.Test your security posture: Get regular third-party risk assessments and conduct purple team activities to identify and harden the gaps in your security program. Request that your service providers and technology partners do the same and share the results of these reports with your security team.ConclusionCisco Firewall and VPN devices continue to face severe security threats due to multiple zero-day vulnerabilities exploited by state-backed bad actors, as seen in the past. While the initial disclosure was limited to two CVEs, another CVE was added during the analysis, and as seen in other high-profile zero-day attack campaigns, there may be more.It is critical for organizations to act quickly on the mitigation steps and ideally prioritize Zero Trust architecture, as we will continue to see large-scale exploitation attempts of these internet-exposed legacy devices (VPNs & Firewalls).

The post Cisco Firewall and VPN Zero Day Attacks: CVE-2025-20333 and CVE-2025-20362 appeared first on Security Boulevard.

We’ve known it’s been coming, but it’s finally here: CMMC is no longer optional. Approval to issue the new Final Rule was fast-tracked, and the deadline is looming. In Brief: What is CMMC? CMMC is the Cybersecurity Maturity Model Certification. The first version was released all the way back in 2020, as a way to […]

The post CMMC Compliance Becomes Mandatory for Defense Contractors appeared first on Security Boulevard.

Why Are Non-Human Identities Crucial in Cybersecurity? How often do we consider machine identities when contemplating cybersecurity measures? It’s clear that non-human identities (NHIs) are essential players in maintaining robust security frameworks. These identities, often overlooked, are vital in fortifying enterprises, particularly across industries such as healthcare, financial services, and beyond. Machine identities, while lacking […]

The post Are Your Secrets Management Practices Up to Par? appeared first on Entro.

The post Are Your Secrets Management Practices Up to Par? appeared first on Security Boulevard.

Are You Prepared for the Next Cybersecurity Threat? Where cyber threats evolve faster than yesterday’s news, staying ahead requires a multi-faceted approach. One significant area of focus is the management of Non-Human Identities (NHIs), crucial components. But what precisely makes NHIs so significant, and how can organizations across various industries leverage them effectively? Understanding Non-Human […]

The post Staying Ahead of Cyber Threats with Proactive NHIs appeared first on Entro.

The post Staying Ahead of Cyber Threats with Proactive NHIs appeared first on Security Boulevard.

Creators, Authors and Presenters: Katharina Koerner, Trace3; Nandita Rao Narla, DoorDash

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: Using Privacy Infrastructure To Kickstart AI Governance: NIST AI Risk Management Case Studies appeared first on Security Boulevard.

China’s Belt and Road Initiative (BRI) is well known for funding major infrastructure projects, including new highways, ports and energy plants across more than 150 countries. However, China has also gained a serious foothold when it comes to surveillance infrastructure. This less publicized development has taken off in Latin America in particular, where 35 cities..

The post China is Fueling Surveillance Technology Adoption in Latin America—Who is in Charge of Data Privacy? appeared first on Security Boulevard.