According to Verizon’s 2014 Data Breach Investigations Report,1 “Web applications remain the proverbial punching bag of the Internet.”2 Things haven’t improved much since then. What is it about web applications that makes them so precarious? There are three primary answers. First, since most web applications are configured or coded specifically for the organizations they serve,…
Read MoreFigure 5. 60 seconds C&C polling interval However, although the malware is still evolving, it has good market differentiation in its HTTP functionality. Being based on Android’s WebView class, the thingbot is better equipped with browser-like functionality, making it more resistant to various bot challenges, such as cookie support, redirects, and JavaScript, which are…
Read MoreImage by Eva Rinaldi / License Creative Commons 3. The Nation State One of the supposed benefits of bitcoin and other cryptocurrencies is that they aren’t tied to any particular nation state. This prevents bitcoin assets from being frozen by the state, and gives consumers the freedom to do anything they want with their money.10 State sponsorship of…
Read MoreThere’s a lot of hype surrounding cryptocurrencies, but what’s good for currency traders may not be great for security-minded professionals. Source link lol
Read MoreOrganizations often overlook the many ways in which their own systems put useful information right into the hands of attackers building cyber scams. Source link lol
Read MoreSeveral surveys talk about CISO salaries and job prospects, but we felt that the industry as a whole needed to fully understand what goes into the day-to-day job of a CISO. F5 and research firm Ponemon teamed to survey CISOs to draw as complete a picture as we could on the modern security executive. In…
Read MoreLast week, our esteemed colleague David Holmes answered the board’s question “Are we doing anything with bitcoin?” by slamming the door on a technological trend that is not only underway but is rapidly expanding. (Heck, bitcoin itself is “old news” now.) Still, it should be on every CISO’s brain. Even if CISOs don’t need to talk to…
Read MoreTrickbot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies
Figure 13: Top TrickBot C&C hosting networks by ASN owner, geo, and count Conclusion The analyzed configurations initially saw TrickBot shift away from the Nordic countries and into France, Spain, the US, and the UK; it appeared for a time that the targeting of this malware was becoming more focused on fewer countries and more…
Read MoreIf you missed parts 1, 2, 3, and 4 of this blog series, it’s probably worth visiting these links to understand why phishing scams are becoming so rampant. Information about individuals and corporations is readily available and easy to find on the Internet, making it easy for attackers to pull phishing schemes together—and with great success. None of the bits…
Read MoreCybercrime in general—and most recently, crime perpetrated using IoT devices—has become a serious problem. Legislatures around the world have struggled to write laws to rein things in. The problem has been that governments have issued cybersecurity laws that are either too burdensome or ineffective. We’ve seen various breach disclosure acts designed to “name and shame”…
Read More