Author update: July 2016 — My lifelong fascination with cryptography inspired this story, which I had the pleasure of writing two years ago. That’s a long time in “Internet” years, yet the story is still as relevant today as it was then. The data I’ve continued to collect since 2014 indicates a strong preference for…
Read MoreRisk is a calculated measurement involving a number of factors including likelihood of occurrence and the impact if exploited. We all know that we could be hit by a bus and suffer dire consequences while crossing the road today, but the likelihood of that occurring is so low that most of us consider it a…
Read MoreIn May 2016, we detected a generic form grabber and IBAN (International Bank Account Number) swap script injection targeting financial institutions across the world. IBAN swapping is a technique fraudsters use to first obtain access to an account, then exchange a legitimate account number with the attacker’s destination mule account number before a funds transfer…
Read MoreSome of you may remember a time when national security was a question of police officers protecting individuals from crime on the street, or the Army’s defence against international threats. Today, that picture looks very different. If anything, it is more volatile, uncertain and complex than it was in the past because it is now…
Read MoreThe encapsulated IP packet header uses the same parameters as the encapsulating IP header. The Transport Layer protocol for the encapsulated IP packet is UDP. Most public routers will pass along the GRE packet because it’s a widely used protocol for generating VPN connections. We speculate that GRE might be the protocol of choice due to…
Read MoreThe latest evolution of cyber weaponry is brought to you by the default passwords in Internet of Things (IoT) devices. That includes just about every conceivable modern electronic device—from home thermostats, lighting systems, refrigerators, cars, and water meters, to personal fitness devices, toasters, bicycle helmets, toys, and even shoes and clothing. Today, the number…
Read MoreLike many of my peers, I marvel at the amazing ways the cloud has changed our lives and how we work. At the same time, I’ve lost untold hours of sleep worrying about the security risks this transformation creates. As a CISO, I spend a big chunk of every day planning for, evaluating, and…
Read MoreAccording to the Defense Advanced Research Projects Agency (DARPA), it takes an average of 312 days for security pros to discover software vulnerabilities such as viruses, malware, and other attacks. In hacker time, that’s a virtual eternity in which bad actors can wreak havoc within infected systems and steal information, all without being noticed. DARPA…
Read MoreDissatisfaction, burnout, and their consequences for CISOs The State of the CISO 2023-2024 Report, from IANS Research and Artico Search, found that CISO job satisfaction sits at 64%, down from 74% in 2022 and 69% in 2021. The percentage of CISOs open to changing jobs is 75%. The 2023 Voice of the CISO report, from…
Read MoreRecently there have been several reports of a financial malware named TrickBot; this malware's code looks similar to Dyre. Source link lol
Read More