Month: April 2024
It seems earthshaking vulnerabilities are released weekly that leave vendors and system administrators scrambling to remediate. So, where are all these vulnerabilities coming from? A simple search on the National Vulnerability Database shows over 3,300 new vulnerabilities released in just the past 3 months.1 Granted that many of these vulnerabilities are esoteric and limited to…
Read MoreObserve that “standard security,” which is AES-128, corresponds to RSA 3072 (“3K”). The next level of security that’s most often used is P-384 (current Suite B) / AES-192 or AES-256 / Ed448-Goldilocks,2 and it corresponds to 7.6K – 15K RSA keys. The RSA key length does not scale linearly with security strength. It’s incorrect to…
Read MoreOn the shoulders of manufacturers lies the responsibility to address vulnerabilities, because the next generation of thingbots is taking advantage of known vulnerabilities to gain control of devices. Persirai is an adaptation of Mirai that shares code as well as command and control servers, but targets all models of IP cameras from a single Chinese…
Read MoreInternal and external threat landscapes are made up of the same system components. Differentials are based on implementation and technology choices. Hosting Resources The way a solution is deployed, the type of cloud service, and the tenant model make up an organization’s hosting resources and provide the basis for the threat landscape. Why? This…
Read MoreGranted, some of this information can be misleading because IP addresses can trace back to the ISP rather than the actual organization. But, sometimes attackers get lucky. Most of the time, they can uncover where sites are being hosted and gain some basic information about the company’s network configuration. In addition to the IP…
Read MoreCyber crooks use several common URL disguising techniques to trick users into thinking their sham sites are legitimate. Source link lol
Read MoreAccording to Verizon’s 2014 Data Breach Investigations Report,1 “Web applications remain the proverbial punching bag of the Internet.”2 Things haven’t improved much since then. What is it about web applications that makes them so precarious? There are three primary answers. First, since most web applications are configured or coded specifically for the organizations they serve,…
Read MoreFigure 5. 60 seconds C&C polling interval However, although the malware is still evolving, it has good market differentiation in its HTTP functionality. Being based on Android’s WebView class, the thingbot is better equipped with browser-like functionality, making it more resistant to various bot challenges, such as cookie support, redirects, and JavaScript, which are…
Read MoreImage by Eva Rinaldi / License Creative Commons 3. The Nation State One of the supposed benefits of bitcoin and other cryptocurrencies is that they aren’t tied to any particular nation state. This prevents bitcoin assets from being frozen by the state, and gives consumers the freedom to do anything they want with their money.10 State sponsorship of…
Read MoreThere’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals. Source link lol
Read More