Tag: Defending Clients
Many companies and organizations around the world have issued mandatory work-from-home policies due to the COVID-19 pandemic. When companies find themselves in a situation like we are in today, going from a zero percent remote workforce to 100 percent in a matter of days, it can be daunting. What used to be safe, thanks to…
Read MorePredictions are a risky business. If you play it too conservatively, you tell everyone what they already know and just get an eye roll for your trouble. If you go out on a limb and get it wrong, people stop listening to you. That’s why, as we unwisely return to the task of predicting the…
Read MoreThe conflict in Ukraine brings the possibility of increased cyberattacks targeting the public infrastructure of NATO nations and their allies, and could easily extend to corporations and other entities within those countries as well. The US CISA (Cybersecurity and Infrastructure Security Agency) has provided technical guidance and reporting methods at https://www.cisa.gov/shields-up which is an excellent…
Read MoreEven Strong Defenses May Contain Weaknesses One could argue that fraudsters’ tactics are not novel and that investing in specialized products with machine learning and artificial intelligence should solve the issue of fraud. But somehow fraudsters still manage to outsmart security defenses. In a recent discussion that F5 Labs had with the head of the…
Read MoreTo find the correct password, attackers must check word after word until they find one which outputs the same hash value as the one they have stolen. While this sounds tedious, password cracking tool, such as Hashcat, are capable of calculating billions of hashes per second on a single computer. Renting cloud computing services allows…
Read MoreBots are not new. Attackers have used bots to achieve scalability in a variety of attack techniques for decades, and defenders have been fighting bots, to varying degrees of success, for just as long. However, two events in 2022—the prolonged acquisition of Twitter by Elon Musk, with its attendant discussion about exactly how much of…
Read MoreManaging privacy online is a constant balancing act. On the one hand, we need to provide a certain amount of our personal information to authenticate ourselves. In select environments, we also want to provide some additional information to our friends, family, and peers. On the other hand, we want to withhold that information from those…
Read MoreNeutral/Mixed Intentions Many of the actors in this system are neither completely benign nor completely malicious. Some of these practices are bifurcated into legal and illegal practices, such as the rather obvious distinction between criminal and benign payment facilitators. Some of these provide services that can genuinely be used either way, such as reshipping services…
Read MoreIntroduction The first Chief Information Security Officer, or CISO, was named 29 years ago: After Russian hackers infiltrated financial services giant Citicorp (now Citigroup) in 1995 and stole more than $10 million, the Citigroup Board instructed the company’s CEO to recruit a security executive to improve the company’s digital defenses. That person was Steve Katz,…
Read MoreIntroduction Identity is one of those bedrock concepts in security that seems simple and intuitive when we use it in our daily lives (“Hi Bob!”), about ourselves (“I’m a chef!”), and in personal (“You’re my friend!”) and intimate (“I love you!”) contexts. Yet when we build or deploy systems that rely on identity — a…
Read More