Vice President, Cloud Research
[Editors note: For the latest WannaCry information as it relates to Trend Micro products, please read this support article.] The WannaCry ransomware variant of 12-May-2017 has been engineered to take advantage of the most common security challenges facing large organizations today. Starting with one infection system, this variant uses a recent vulnerability (CVE-2017-0144/MS17-010) to spread…
Read More
The ingredients for strong cybersecurity aren’t a secret. In fact, they haven’t changed significantly over the past 20 years—the ingredients are available to almost every organization out there. On the surface, doing security isn’t that hard: Patch quickly and frequently. Use reasonable security controls—intrusion prevention, application control, and anti-malware—and monitor them. Use two-factor…
Read More
Recently there was a significant volume of new phishing emails aimed at capturing access to Google accounts…specifically your email and contacts. You can read more about it at The Verge, Quartz, and Ars Technica. This phish is a great—evil !?!—example of a sophisticated attempt to gain access to a large number of users’ accounts. In…
Read More
It’s easy to get lost in a sea of marketing terms. Recently “Hybrid Cloud” has bubbled up more and more. The good news here is that the term is an accurate and useful way to describe the reality that most organizations are facing…and will continue to face for the foreseeable future. Unless you started your…
Read More
Security startup Cybellum recently announced a new attack that they’re calling “DoubleAgent”. They’ve labelled this a zero day “attack for taking full control over major antiviruses and next-generation antiviruses”. There’s a lot to unpack here. When you’re assessing the risk any issue poses it’s always best to clearly define the issue. Let’s start there. The…
Read More
If you’ve ever bought anything online, checked your bank accounts through the app, or logged on to your favorite social media network, you’ve used a technology called SSL/TLS. The S in HTTPS. SSL/TLS (just to keep it simple, I’ll refer to as SSL) is the technology used to encrypt the communication between your browser and…
Read More
Cybercrime is a business. Professional criminals refine their processes, measure performance, and regularly evaluate the return on their investments. Every move is strategic. We see this time and time again with ransomware campaigns and throughout the underground. Which is why the latest report from Joseph Cox at Motherboard is mind boggling. Joseph brings us the…
Read More
Social media is a tough place for companies. That’s understandable. The idea of connecting people to each other breaks down when one of those people is a major multi-national brand. But there is a place on social for companies and when it’s handled well, it’s amazing. Unfortunately, as much as positive examples show personality and…
Read More
Google’s Next 2017 conference kicks off today with a series of bootcamps. The regular program starts on Wednesday and runs through Friday, highlighting the latest offerings in the Google Cloud. This is the third iteration of the conference and as with the Google Cloud itself, the show is going to be bigger and better than…
Read More
The SHA-1 hash function is broken. This isn’t news. What is news is that a practical attack has been demonstrated Keep in mind that “practical” is used in cryptographers terms and those terms don’t necessarily have an impact on your daily IT use. The news has been making the rounds as IT teams, journalists, and…
Read More
