Resources

Blog

DEF CON 23 Preview: Confessions of a Professional Cyber Stalker

I am honored to be presenting at DEF CON 23 this August in Las Vegas where I will be presenting a session titled “Confessions of a Professional Cyber Stalker." In my talk, I will be discussing various technologies and methods I developed and used to track criminals leading to at least two dozen convictions. Many times in the process of recovering...
Blog

Escalation of Commitment Part 2: Three Possible Scenarios

Following from a recent post on ‘Escalation of Commitment’, a topic studied by both Economists and Psychologist, I could not resist writing a follow-up to explore the consequences for third parties that do not have the preparation and/or resources of the parties involved in scenarios of escalation of commitment in the IT security field. In the...
Blog

Ashley Madison Hack Threatens to Expose 37 Million Adulterers

Source: Krebs on Security A recent hack at Ashley Madison, an online cheating website, could expose the personal information of 37 million users. According to Brian Krebs, who broke the story on his blog, a group of hackers known as The Impact Team have all ready released some sensitive internal data...
Blog

Infosec Influencers: An Interview with Bruce Schneier

This week, as part of our new "Infosec Influencer" series, I had the pleasure of sitting down with Bruce Schneier, an internationally renowned security technologist and one of The State of Security's Top Influencers in Security You Should Be Following in 2015. He has written 12 books, including Liars and Outliers: Enabling the Trust Society Needs to...
Blog

MiniDionis: Where a Voicemail Can Lead to a Malware Attack

For just over a week, government departments, research institutes and other high-value targets have been on the sharp end of a sophisticated attack, where fake voicemails are being used to create a diversion while malware infects computer systems. As security researchers at Palo Alto Networks's Unit 42 division detail, it is believed the attack is...
Blog

Attack Exploits Weaknesses in RC4 Algorithm to Reveal Encrypted Data

Two Belgian security researchers have developed a method that allows an attacker to exploit weaknesses found in the RC4 encryption algorithm and subsequently expose information that was once thought to be encrypted. According to a blog post written by Mathy Vanhoef and and Frank Piessens of the University of Leuven, their RC4 NOMORE attack...
Blog

Automating Email Phishing with SPF

Due to the increased number of reported high-profile attacks, it is likely that you have heard of "phishing". What exactly is phishing? At its core, phishing is the sending of an email to a target with the intent of having the target perform some action that will lead to the attacker gaining some new piece of information or access. While the...
Blog

VERT Threat Alert: July 2015 Patch Tuesday Analysis

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-623 on Wednesday, July 15th. MS15-058 SQL Server Elevation of Privilege Vulnerability CVE-2015-1761 SQL Server Remote Code Execution...
Blog

Microservices, SSL Everywhere, and Your Sanity

It is always the case that changes – particularly radical changes – to application architectures have a ripple effect across the data center. And ripples turn into waves as they travel away from the epicenter, in this case leaving security professionals swamped. And like a bad “B-side” disaster flick, the danger isn’t coming from just one side; it’s...
Blog

Click-Fraud Attacks Being Used to Deliver More Sinister Threats

Click-fraud is traditionally thought of as a widespread but low-impact online risk. Using this method of attack, criminals steal money away from pay-per-click (PPC) online advertisers by commanding another person or bot to click on an ad for the purposes of generating a charge per click. No actual interest is generated by these fake clicks, and the...
Blog

Darknet Cybercriminal Reflections: They're So Clever!

I’ve spent a copious amount of time on the Darknet this year in a quest to gain more understanding on how cybercriminals think. I’ve been studying their communities, how they operate in the Darknetmarkets (such as Silk Road), perusing their forums, analyzing their marketing techniques, and contemplating how they justify their criminal activities. It...
Blog

Searching the Enterprise for Known Indicators of Breach

Given the recent high-profile breaches, a key challenge facing government agencies and other security-minded organizations is rooting out malware that has already become embedded on key assets. Multiple vendors are offering cloud-based sandbox analytics services, and/or on-premises appliances, that can analyze new binaries to determine if they have...
Blog

DDoS Attack Against Telegram's Asian Pacific Server Enters Fourth Day

A DDoS attack continues to affect the Asian Pacific servers of messenger app Telegram as of Monday morning. The attack was first revealed by the company on Twitter early Friday morning. Four hours after its initial announcement, Telegram posted again, stating that the attack had become global and was now affecting users' access worldwide. ...