Elie

SEPTEMBER 8, 2017

This blog post shed light on the inner workings of the ransomsphere economics and exposes which cybercriminal groups are the biggest earners. This is the second blog post in my series about ransomware economics. The first post. is dedicated to the methodology and techniques needed to trace ransomware payments end-to-end. As this post builds on that methodology, I encourage you to read through the first post if you haven’t done so.

Ransomware 110

Ransomware Marketing Backups Encryption 110

Lenny Zeltser

SEPTEMBER 7, 2017

This cheat sheet outlines tips for reversing malicious Windows executables via static and dynamic code analysis with the help of a debugger and a disassembler. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs. Overview of the Code Analysis Process. Examine static properties of the Windows executable for initial assessment and triage.

Engineering 111

Engineering Malware Software Information Security 111

Kali Linux

SEPTEMBER 25, 2017

The Advanced Package Tool (APT) is how programs, libraries, documentation, and even the kernel itself are installed and managed on Kali and other Debian-based derivatives. APT often works so well that many users don’t pay any particular attention to it other than to perhaps search for and install programs and (hopefully) update their system regularly.

Software 52

Software Hacking 52

Penetration Testing

SEPTEMBER 16, 2017

FireEye Labs Obfuscated String Solver Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an executable. Often, these portions are strings and resources... The post flare-floss v3.0.1 releases: Automatically extract obfuscated strings from malware appeared first on Penetration Testing.

Penetration Testing 52

Penetration Testing Malware 52

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Scary Beasts Security

SEPTEMBER 19, 2017

I’m excited to announce that I’ve joined Dropbox as their new Head of Security. Truth be told, I ’ve been here a little while and I’ve been enjoying on-boarding too much to make the announcement. If you were wondering why my blog has been quiet for a while, now you know why! I exited a fun period of semi-retirement to take up this challenge. What attracted me to Dropbox enough to make the switch?

50

50

Privacy and Cybersecurity Law

SEPTEMBER 21, 2017

On September 21st, 2017, Daniel Therrien, Canada’s Federal Privacy Commissioner, tabled his annual report to Canada’s Parliament today. The report […].

52

52

The Falcon's View

SEPTEMBER 22, 2017

Today marks the end of my first week in a new job. As of this past Monday, I am now a Manager, Security Engineering, with Pearson. I'll be handling a variety of responsibilities, initially mixed between security architecture and team management. I view this opportunity as a chance to reset my career after the myriad challenges experienced over the past decade.

Architecture 40

Architecture Engineering 40

Kali Linux

SEPTEMBER 19, 2017

We are happy to announce the release of Kali Linux 2017.2, available now for your downloading pleasure. This release is a roll-up of all updates and fixes since our 2017.1 release in April. In tangible terms, if you were to install Kali from your 2017.1 ISO, after logging in to the desktop and running ‘apt update && apt full-upgrade’, you would be faced with something similiar to this daunting message: 1399 upgraded, 171 newly installed, 16 to remove and 0 not upgraded.

Penetration Testing 52

Penetration Testing Encryption Phishing 52

Andrew Hay

SEPTEMBER 25, 2017

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security. I speak at a lot of conferences around the world. As a result, people often ask me how I manage the vast number of abstracts and security call for papers (CFPs) submissions. So I thought I’d create a blog post to explain my process. For lack of a better name, let’s call it the Hay CFP Management Method.

40

40

Privacy and Cybersecurity Law

SEPTEMBER 21, 2017

On September 21 st , 2017, Daniel Therrien, Canada’s Federal Privacy Commissioner, tabled his annual report to Canada’s Parliament today. The report to Parliament includes results and recommendations with respect to the OPC’s study on consent. In addition, the Commissioner requests Parliament overhaul Canada’s federal private sector legislation – the Personal Information Protection and Electronic Documents Act (PIPEDA).

Big data 40

Big data Technology Risk Mobile 40

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Falcon's View

SEPTEMBER 6, 2017

I have a pet peeve. Ok, I have several, but nonetheless, we're going to talk about one of them today. That pet peeve is security professionals wasting time and energy pushing a "security culture" agenda. This practice of talking about "security culture" has arisen over the past few years. It's largely coming from security awareness circles, though it's not always the case (looking at you anti-phishing vendors intent on selling products without the means and methodology to make them truly useful!

InfoSec 40

InfoSec Security Awareness Banking Phishing 40

Privacy and Cybersecurity Law

SEPTEMBER 5, 2017

On September 2, 2017, the Ministry of Innovation, Science and Economic Development Canada (ISED) published draft Breach of Security Safeguards Regulations. The draft Regulations will be open for comment for 30 days. If the Regulations are not further amended by ISED, they may be registered and republished. ISED has stated that there will be a delay between finalizing the Regulations and their coming into force to permit organizations time to implement any necessary organizational changes.

Risk 40

Risk Advertising Data breaches 40