Just like the floppy disk during its heydays, the USB drive, commonly called the thumb drive or flash disk, is the preferred removable storage media due to its portability and data storage capacity. However, its popularity may prove to be useful for attackers as a propagation vector for malware and as a tool for breaching…Read More
Early last month a new vulnerability was found in how TLS 1.2 was implemented. Researchers from the French Institute for Research in Computer Science and Automation (INRIA) called this new attack SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes). An attacker with man-in-the-middle capabilities could use SLOTH to attack encrypted traffic in the following ways: decrypt…Read More
A total of 6.1 million devices – smart phones, routers, smart TVs – are currently at risk to remote code execution attacks due to vulnerabilities that have been fixed since 2012.
The vulnerability exists in the Portable SDK for UPnP™ Devices, also called libupnp. This particular library is used to implement media playback (DLNA) or NAT traversal (UPnP IGD). Apps on a smartphone can use these features to play media files or connect to other devices within a user’s home network.Read More
In late September I published my research paper titled Follow the Data: Dissecting Data Breaches and Debunking the Myths that delved deep into the causes behind data breaches. The goal of the paper was to provide a thorough analysis of data breaches so businesses and organizations could better understand the problem and learn how to defend…Read More
Whenever people think of APTs and targeted attacks, people ask: who did it? What did they want? While those questions may well be of some interest, we think it is much more important to ask: what information about the attacker can help organizations protect themselves better?
Let’s look at things from the perspective of a network administrator trying to defend their organization. If someone wants to determine who was behind an attack on their organization, maybe the first thing they’ll do use IP address locations to try and determine the location of an attacker. However, say an attack was traced to a web server in Korea. What’s not to say that whoever was responsible for the attack also compromised that server? What makes you think that site’s owner will cooperate with your investigation?Read More