In a talk Monday Christofer Hoff stressed that in security and martial arts alike, it’s hard to be a skilled defender if you don’t understand how your adversaries pull off the attacks.
Tag Archives: Web Security
Tracking Malware That Uses DNS for Exfiltration
Attackers have long used distributed denial of service attacks to knock domain-name servers offline but over the last several months malware creators have taken to using DNS requests to tunnel stolen data.
Indexing the Dark Web One Hacking Forum At A Time
Staffan Truve spoke Monday at the Kaspersky Analyst Summit about the efforts his company Recorded Future is taking to index the dark web, or what he called the underbelly.
Encryption and Silence Can be Targets’ Best Assets
CANCUN–Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy and security. Secure communications among researchers who know one another […]
Massive, Decades-Long Cyberespionage Framework Uncovered
CANCUN–Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations.
Don’t Build a Bounty Program; Build an Incentive Program
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.
Kaminsky: DNS Insecurity Isn’t Coincidence, it’s Consequence
Dan Kaminsky insisted that there’s a cost to doing security crypto through DNS at Kaspersky Lab’s 2015 Security Analyst Summit Monday.
Evolution and Adaptation in the Security Jungle
CANCUN–Chris Hoff, vice president and CTO of the security business at Juniper Networks, compares the current enterprise security situation to that of a mixed-martial arts fighter who needs to be proficient in multiple disciplines.
Google Adds Grace Period to Disclosure Policy
Google announced that it was adding a 14-day grace period to its 90-day vulnerability disclosure deadline if the affected vendor says it will have a patch ready inside the extension.
Threatpost News Wrap, February 13, 2015
Dennis Fisher and Mike Mimoso discuss Patch Tuesday, the Facebook ThreatExchange platform, Mozilla’s extension signing plan, plus questions from readers!