Veracode Security

NOVEMBER 16, 2020

In 2017, we started a blog series talking about how to securely implement a crypto-system in java. Generic to entire Java Cryptography Architecture (JCA). Looking at what we discussed in How to Get Started Using Java Cryptography Securely post, the central theme of Java Cryptography Architecture (JCA) [11] ??defining

Encryption 82

Encryption Authentication Architecture Engineering 82

Thales Cloud Protection & Licensing

NOVEMBER 7, 2017

They are often delivered with default admin credentials that do not have to be changed, offer limited or no authentication support and may not have the means to update firmware – a critical need if a vulnerability is discovered that needs to be patched. Public key infrastructure (PKI) helps to address many of these concerns.

IoT 98

IoT Cybersecurity Manufacturing Digital transformation 98

Security Affairs

AUGUST 5, 2021

In this blog, we will detail the usage of MSR to disable the hardware prefetcher in the cryptomining malwares. MSR registers in processor architecture are used to toggle certain CPU features and computer performance monitoring. By manipulating the MSR registers, hardware prefetchers can be disabled. Figure 5: /etc/hosts modification.

Malware 104

Malware Architecture Firewall Cryptocurrency 104

Duo's Security Blog

APRIL 29, 2022

When I joined Duo’s creative team back in 2017 as a junior designer, I recall the dim panic of feeling completely out of my element and fearing that I would end up getting the boot once my colleagues realized I had no idea what I was doing. This was a way of strategically and authentically engaging the audiences that we needed to reach.

Marketing 81

Marketing InfoSec Architecture Authentication 81

Security Affairs

APRIL 30, 2020

The threat actors leverage perfectly orchestrated social engineering technique by “persuading” people holding significant corporate positions to open a non-malicious PDF email attachment coming from an authentic address in their contacts. The page resembles an authentic Microsoft Office 365 file sharing page.

Phishing 90

Phishing Accountability Financial Services Cloud Migration 90

Thales Cloud Protection & Licensing

JANUARY 23, 2018

billion in 2017. Multi-tenancy is an architecture in which a single instance of software serves multiple customers, or tenants. This can be realized with a commitment to protecting data-at-rest; adequately isolating security; authenticating, authorizing and differentiating access to the data; and enforcing it with encryption.

Cloud Migration 82

Cloud Migration System Administration Architecture Firewall 82

Thales Cloud Protection & Licensing

JANUARY 22, 2020

According to the TechTarget Network , HSMs are used to provision cryptographic keys for critical functions such as encryption, decryption and authentication for the use of applications, identities and databases (taken from whatis). Use Cases of Hardware Security Modules. To find out more, sign up for DPoD cloud HSM services.

Encryption 144

Encryption Marketing Software Architecture 144

McAfee

AUGUST 24, 2021

CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2). For a brief overview please see our summary blog here. Braun Infusomat system were released in 2017. Figure 2: System Architecture. Table of Contents.

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

Kali Linux

MAY 29, 2023

Some background information: PipeWire is a “server for handling audio, video streams, and hardware on Linux” It was initially released in 2017, is actively developed, and is poised to become the de-facto sound server in pretty much every Linux distribution out there, therefore replacing PulseAudio. " VERSION_ID="2023.2"

Firmware 52

Firmware Phishing Architecture Authentication 52

Security Affairs

FEBRUARY 16, 2021

Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. Figure 12: Legitimate injector from Avira – digitally signed, authentic, and trusted during the injection process allowing to bypass security engines such as AV and EDR.

Antivirus 113

Antivirus Malware Banking Internet 113

Cisco Security

MAY 27, 2022

In part one of our Black Hat Asia 2022 NOC blog , we discussed building the network with Meraki: . Since 2017 (starting in Black Hat USA – Las Vegas), Cisco Umbrella has provided DNS security to the Black Hat attendee network, added layers of traffic visibility previously not seen. In this part two, we will discuss: .

Malware 72

Malware Accountability DNS Technology 72

Cisco Security

AUGUST 28, 2023

Like last year, analysis started with understanding how the network architecture is laid out, and what kind of data access is granted to NOC from various partners contributing to the event. All these protocols can be easily subverted by man-in-the-middle (MitM) attacks, allowing an adversary to authenticate against services such as email.

Wireless 60

Wireless DNS Mobile Technology 60

Fox IT

MAY 4, 2021

In 2017, yet another new version was detected in the wild with a number of major modifications compared to the previous main variant: Rebranded RM loader (called RM3 ) Used exotic PE file format exclusively designed for this banking malware Modular architecture Network communication reworked New modules. Architecture.

Banking 98

Banking Malware Encryption Architecture 98

Spinone

JULY 8, 2020

While it has stopped doing this circa 2017, there is nothing to prevent Google from doing this again in the future with a free G Suite plan. Enable two-factor authentication Enabling two-factor authentication is one of the best ways to drastically increase the security of your G Suite environment.

Encryption 52

Encryption Backups Accountability Ransomware 52