September, 2017

article thumbnail

Tips for Reverse-Engineering Malicious Code

Lenny Zeltser

This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Overview of the Code Analysis Process. Examine static properties of the Windows executable for initial assessment and triage.

article thumbnail

Exposing the inner-workings of the ransomware economy

Elie

This blog post shed light on the inner workings of the ransomsphere economics and exposes which cybercriminal groups are the biggest earners. This is the second blog post in my series about ransomware economics. The first post. is dedicated to the methodology and techniques needed to trace ransomware payments end-to-end. As this post builds on that methodology, I encourage you to read through the first post if you haven’t done so.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Advanced Package Management in Kali Linux

Kali Linux

The Advanced Package Tool (APT) is how programs, libraries, documentation, and even the kernel itself are installed and managed on Kali and other Debian-based derivatives. APT often works so well that many users don’t pay any particular attention to it other than to perhaps search for and install programs and (hopefully) update their system regularly.

article thumbnail

Canada’s Privacy Commissioner Pursues a Stronger Consent Framework and More Proactive Enforcement

Privacy and Cybersecurity Law

On September 21st, 2017, Daniel Therrien, Canada’s Federal Privacy Commissioner, tabled his annual report to Canada’s Parliament today. The report […].

52
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

flare-floss v3.0.1 releases: Automatically extract obfuscated strings from malware

Penetration Testing

FireEye Labs Obfuscated String Solver Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources... The post flare-floss v3.0.1 releases: Automatically extract obfuscated strings from malware appeared first on Penetration Testing.

article thumbnail

Excited to join Dropbox!

Scary Beasts Security

I’m excited to announce that I’ve joined Dropbox as their new Head of Security. Truth be told, I ’ve been here a little while and I’ve been enjoying on-boarding too much to make the announcement. If you were wondering why my blog has been quiet for a while, now you know why! I exited a fun period of semi-retirement to take up this challenge. What attracted me to Dropbox enough to make the switch?

50

LifeWorks

More Trending

article thumbnail

Exposing the inner-workings of the ransomware economy

Elie

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

article thumbnail

Kali Linux 2017.2 Release

Kali Linux

We are happy to announce the release of Kali Linux 2017.2, available now for your downloading pleasure. This release is a roll-up of all updates and fixes since our 2017.1 release in April. In tangible terms, if you were to install Kali from your 2017.1 ISO, after logging in to the desktop and running ‘apt update && apt full-upgrade’, you would be faced with something similiar to this daunting message: 1399 upgraded, 171 newly installed, 16 to remove and 0 not upgraded.

article thumbnail

A Change In Context

The Falcon's View

Today marks the end of my first week in a new job. As of this past Monday, I am now a Manager, Security Engineering, with Pearson. I'll be handling a variety of responsibilities, initially mixed between security architecture and team management. I view this opportunity as a chance to reset my career after the myriad challenges experienced over the past decade.

article thumbnail

Canada’s Privacy Commissioner Pursues a Stronger Consent Framework and More Proactive Enforcement

Privacy and Cybersecurity Law

On September 21 st , 2017, Daniel Therrien, Canada’s Federal Privacy Commissioner, tabled his annual report to Canada’s Parliament today. The report to Parliament includes results and recommendations with respect to the OPC’s study on consent. In addition, the Commissioner requests Parliament overhaul Canada’s federal private sector legislation – the Personal Information Protection and Electronic Documents Act (PIPEDA).

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Quit Talking About "Security Culture" - Fix Org Culture!

The Falcon's View

I have a pet peeve. Ok, I have several, but nonetheless, we're going to talk about one of them today. That pet peeve is security professionals wasting time and energy pushing a "security culture" agenda. This practice of talking about "security culture" has arisen over the past few years. It's largely coming from security awareness circles, though it's not always the case (looking at you anti-phishing vendors intent on selling products without the means and methodology to make them truly useful!

InfoSec 40
article thumbnail

Déjà Vu – Canada’s Breach Reporting and Notification Requirements

Privacy and Cybersecurity Law

On September 2, 2017, the Ministry of Innovation, Science and Economic Development Canada (ISED) published draft Breach of Security Safeguards Regulations. The draft Regulations will be open for comment for 30 days. If the Regulations are not further amended by ISED, they may be registered and republished. ISED has stated that there will be a delay between finalizing the Regulations and their coming into force to permit organizations time to implement any necessary organizational changes.

Risk 40