Tag: vulnerability
-
There is no evidence in-the-wild malware is using Meltdown or Spectre
Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…
-
There is no evidence in-the-wild malware is using Meltdown or Spectre
Almost a month after the Meltdown and Spectre attacks against various CPUs were discovered and revealed to the public, there have been reports of the existence of malware that appears to be using the published proof-of-concept code. The source of these reports is a Google Plus post from testing organization AV-Test , which lists the…
-
Vulnerability disclosure and botnet takedown not to be hindered by Wassenaar Arrangement
I have never been too keen on making comparisons between (advanced) cyber attacks and conventional war, as such comparisons tend to ignore the enormous human cost that comes with wars. That said, digital weapons do play an important role in global conflicts, military or otherwise, and thus it makes sense for them to be covered…
-
Vulnerability disclosure and botnet takedown not to be hindered by Wassenaar Arrangement
I have never been too keen on making comparisons between (advanced) cyber attacks and conventional war, as such comparisons tend to ignore the enormous human cost that comes with wars. That said, digital weapons do play an important role in global conflicts, military or otherwise, and thus it makes sense for them to be covered…
-
Tizi Android malware highlights the importance of security patches for high-risk users
A well-known security researcher once said : “if you purposely choose Android you are either Poor, Cheap, or really hate Apple.” Android has a bad reputation in security circles, though these days that is less because of a lack of effort on Google ‘s part and more because of the prevalence of many older devices…
-
Tizi Android malware highlights the importance of security patches for high-risk users
A well-known security researcher once said : “if you purposely choose Android you are either Poor, Cheap, or really hate Apple.” Android has a bad reputation in security circles, though these days that is less because of a lack of effort on Google ‘s part and more because of the prevalence of many older devices…
-
Vulnerabilities play only a tiny role in the security risks that come with mobile phones
Last week saw yet another successful edition of Mobile Pwn2Own , the contest in which participants are challenged to attack fully patched mobile devices using previously unknown vulnerabilities. Contests like these, and their desktop equivalents, serve two purposes: device manufacturers have vulnerabilities responsibly disclosed to them, while offensive security researchers are able to show off…
-
Vulnerabilities play only a tiny role in the security risks that come with mobile phones
Last week saw yet another successful edition of Mobile Pwn2Own , the contest in which participants are challenged to attack fully patched mobile devices using previously unknown vulnerabilities. Contests like these, and their desktop equivalents, serve two purposes: device manufacturers have vulnerabilities responsibly disclosed to them, while offensive security researchers are able to show off…
-
Patching is important even when it only shows the maturity of your security process
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process, sure. But it aint getting ya no shell. — Metlstorm (@Metlstorm) September 4, 2017 This Tweet by Adam Boileau (best known outside New Zealand as the co-host of the…
-
Patching is important even when it only shows the maturity of your security process
Sometimes a Tweet says more than a 50-minute conference presentation: Bad TLS as an externally measurable metric for whether an organisation has a mature security process, sure. But it aint getting ya no shell. — Metlstorm (@Metlstorm) September 4, 2017 This Tweet by Adam Boileau (best known outside New Zealand as the co-host of the…