Mindblown: a blog about philosophy.
-
Modern security software is not necessarily powerless against threats like WannaCry
We have become used to the idea of cybersecurity stories sometimes making the mainstream news, but the UK’s newspapers across the spectrum, from broadsheets to tabloids, all opening with the same cybersecurity story – as they did on Saturday – is unprecedented. The reason for such a heightened level of interest was the crippling of the…
-
Throwback Thursday: CARO: A personal view
This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts which, this year, is themed “Going Back to the Root”. When CARO (the Computer Antivirus Research Organization) was formed on 10 December 1990, there were fewer than ten members. Membership increased slowly…
-
Throwback Thursday: CARO: A personal view
This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts which, this year, is themed “Going Back to the Root”. When CARO (the Computer Antivirus Research Organization) was formed on 10 December 1990, there were fewer than ten members. Membership increased slowly…
-
VB2016 paper: Uncovering the secrets of malvertising
In his VB2014 paper , Bromium researcher Vadim Kotov sketched the possibilities for malicious actors to use web ads to spread exploit kits. Unsurprisingly, malicious actors also spotted those possibilities, and the advertisement ecosystem has become such a big attack surface that many security experts advise the running of ad-blockers to enhance security. Today, we…
-
VB2016 paper: Uncovering the secrets of malvertising
In his VB2014 paper , Bromium researcher Vadim Kotov sketched the possibilities for malicious actors to use web ads to spread exploit kits. Unsurprisingly, malicious actors also spotted those possibilities, and the advertisement ecosystem has become such a big attack surface that many security experts advise the running of ad-blockers to enhance security. Today, we…
-
Throwback Thursday: Tools of the DDoS Trade
According to a recent report by analytics firm Neustar (summarized in a Threatpost blog post here ), DDoS attacks are on the increase, are taking longer to detect, and are costing firms more to fix – with an average loss per attack of roughly $2.5 million among those companies surveyed . Back in 2000, DDoS attacks…
-
VB2016 paper: Building a local passiveDNS capability for malware incident response
Anyone who has ever investigated a malware or phishing attack will know the feeling: “if only I could find out what IP address this domain pointed to when the attack took place”. If you’re tasked with performing incident response in your organisation, collecting passive DNS data is probably a good idea. One way to do this…
-
Throwback Thursday: Tools of the DDoS Trade
According to a recent report by analytics firm Neustar (summarized in a Threatpost blog post here ), DDoS attacks are on the increase, are taking longer to detect, and are costing firms more to fix – with an average loss per attack of roughly $2.5 million among those companies surveyed . Back in 2000, DDoS attacks…
-
VB2016 paper: Building a local passiveDNS capability for malware incident response
Anyone who has ever investigated a malware or phishing attack will know the feeling: “if only I could find out what IP address this domain pointed to when the attack took place”. If you’re tasked with performing incident response in your organisation, collecting passive DNS data is probably a good idea. One way to do this…
-
VB2016 video: Last-minute paper: A malicious OS X cocktail served from a tainted bottle
Though nowhere near as exotic as it was a few years ago, malware for OS X continues to attract researchers’ attention. This was certainly the case for the KeyRanger ransomware and the Keydnap credentials-stealer, both of which spread through a compromised server of the legitimate Transmission BitTorrent client. In a VB2016 last-minute presentation, ESET researchers…
Got any book recommendations?