Author: nlqip
Malware that steals banking credentials is still one of today’s most lucrative cybercrime schemes. It’s not unusual for a banking Trojan to evolve over the years, and Ramnit is a perfect example. It was active for several years until it was disrupted in early 2015 by Europol working with several tech companies. It resurfaced in…
Read MoreThe CISO can use these techniques to adjust the appropriate subsystems to move and maintain interactions to the desired level. Let’s unpack an example of doing this. Here’s a common security problem: applications and data are spread around everywhere—on the local networks, on laptops at home, on personal machines, on mobile devices, and in…
Read MoreIf Shakespeare were alive today (and blogging), he might have written about the latest vulnerability to sweep the Internet by pointing out: Hath not the cloud interfaces, code, logic, data? Accessed with the same protocols, exploited with the same weapons, subject to the same vulnerabilities, mitigated by the same solutions, patched by the same methods…
Read MoreBut that’s not the worst news coming out of this survey. No, not by any stretch of the imagination is that the bad news. Sit down and strap in, because it gets much worse. In spite of pushing vulnerable applications into production (and into the hands of consumers), a staggering 44% admitted they aren’t doing anything to…
Read MoreRecapping RSA 2017: Endpoint Protection, Threat Hunting, and Talent Searching Abound! Source link lol
Read More“Managing” vulnerabilities is an endless effort that is only truly noticed when it fails. More often than not, the constant debate over which vulnerabilities get prioritized for remediation is decided based on likelihood of exploit, followed by impact, and level of effort to fix. The typical result is that low- and medium-grade vulnerabilities get de-prioritized—in…
Read MoreUnfortunately, the term “fake news” is now an everyday expression, especially in the political arena. However, accusations of fake news have been around for at least half a century, notably rising in prominence in tabloids. For decades, there has been a vigorous niche of print magazines specializing in embellished and often exaggerated articles and misleading…
Read MoreThis year at RSA, I saw many vendors offering “deceptive defense” solutions. Whether folks were buying them is another matter. The concept of using deception in warfare goes back to the dawn of time. Thousands of years ago, Sun Tzu wrote that “all warfare is based on deception.”1 IT deception as a hacking defense has…
Read MoreNo matter how application-savvy you are, it should be fairly obvious that this is not a typical Content-Type header for an HTTP request. According to the RFC, Content-Type is usually of the form “type/subtype”7. This leviathan contains a valid Content-Type header in the very first line—multipart/form-data—but even a rudimentary BNF parser would flag this as a…
Read MoreThird parties such as outsourced service providers and SaaS vendors are a fact of life in the IT world. It’s the nature of a hyper-connected world where hundreds (if not thousands) of applications are required to run even a modestly sized organization. There is no alternative but to trust a third party with access to…
Read More